Enumeration of operating systems and services in the wireless router's firmware context
Abstract
The widespread adoption of the home office weakens corporate networks, as it extends its perimeter to homes and ineffective security policies designed for different operating environments. In this context, wireless network routers serve as enablers of access to critical services. However, identifying the software artifacts and possible vulnerabilities present on these devices is challenging, and a heuristic for this purpose is to obtain firmware available on the manufacturers' websites. This paper presents the analysis of 5265 firmware images downloaded from 5 vendors' sites, yielding a list of the most common operating systems and services, with the intent of, in a future work, perform security analysis in scale on the obtained firmware images. The exploitation of these components can lead to large-scale attacks, and our results contribute to the vulnerability cataloging process.
Keywords:
cybersecurity, firmware, re-hosting, network, router, enumeration, screen, vulnerability, scraper, qemu, linux
References
Bertino, E. and Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76–79.
Chacos, B. (2016). Major ddos attack on dyn dns knocks spotify, twitter, github, paypal, and more offline. [link]. Published on 21/10/2016; accessed on 03/06/2021.
Chen, D. D., Woo, M., Brumley, D., and Egele, M. (2016). Towards automated dynamic analysis for linux-based embedded firmware. In NDSS, volume 1, pages 1–1.
Clements, A. A., Gustafson, E., Scharnowski, T., Grosen, P., Fritz, D., Kruegel, C., Vigna, G., Bagchi, S., and Payer, M. (2020). Halucinator: Firmware re-hosting through abstraction layer emulation. In 29th USENIX Security Symposium (USENIX Security 20), pages 1201–1218. USENIX Association.
Feng, B., Mera, A., and Lu, L. (2020). P2im: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In 29th USENIX Security Symposium (USENIX Security 20), pages 1237–1254. USENIX Association.
Gustafson, E., Muench, M., Spensky, C., Redini, N., Machiry, A., Fratantonio, Y., Balzarotti, D., Francillon, A., Choe, Y. R., Kruegel, C., and Vigna, G. (2019). Toward the analysis of embedded firmware through automated re-hosting. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pages 135–150, Chaoyang District, Beijing. USENIX Association.
Klint, C. (2021). These are the top risks for business in the post-covid world. [link]. Published on 19/01/2021; accessed on 03/06/2021.
Koscher, K., Kohno, T., and Molnar, D. (2015). SURROGATES: Enabling near-realtime dynamic analyses of embedded systems. In 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C. USENIX Association.
Lobo, S. (2019). Understanding the cost of a cybersecurity attack: The losses organizations face. [link]. Published on 31/03/2019; accessed on 03/06/2021.
McLennan, M. (2021). The global risks report 2021 16th edition. https://www.weforum.org/reports/the-global-risks-report-2021. Published on 19/01/2021; accessed on 10/09/2021.
McMillen, D. (2021). Internet of threats: Iot botnets drive surge in network attacks. [link]. Published on 22/04/2021; accessed on 03/06/2021.
Mudgerikar, A. and Bertino, E. (2021). IoT Attacks and Malware, pages 1–25. Springer Singapore, Singapore.
Muench, M., Nisi, D., Francillon, A., and Balzarotti, D. (2018). Avatar 2: A multi-target orchestration platform. In Proc. Workshop Binary Anal. Res.(Colocated NDSS Symp.), volume 18, pages 1–11.
Scholten, C. (2020). Github repository: scraper. https://github.com/cpbscholten/scraper. Published on 27/11/2020; accessed on 10/09/2021.
Wright, C., Moeglein,W. A., Bagchi, S., Kulkarni, M., and Clements, A. A. (2021). Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv., 54(1).
Özkan, S. Cve details: The ultimate security vulnerability datasource. https://www.cvedetails.com/. Accessed on 13/09/2021.
Chacos, B. (2016). Major ddos attack on dyn dns knocks spotify, twitter, github, paypal, and more offline. [link]. Published on 21/10/2016; accessed on 03/06/2021.
Chen, D. D., Woo, M., Brumley, D., and Egele, M. (2016). Towards automated dynamic analysis for linux-based embedded firmware. In NDSS, volume 1, pages 1–1.
Clements, A. A., Gustafson, E., Scharnowski, T., Grosen, P., Fritz, D., Kruegel, C., Vigna, G., Bagchi, S., and Payer, M. (2020). Halucinator: Firmware re-hosting through abstraction layer emulation. In 29th USENIX Security Symposium (USENIX Security 20), pages 1201–1218. USENIX Association.
Feng, B., Mera, A., and Lu, L. (2020). P2im: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In 29th USENIX Security Symposium (USENIX Security 20), pages 1237–1254. USENIX Association.
Gustafson, E., Muench, M., Spensky, C., Redini, N., Machiry, A., Fratantonio, Y., Balzarotti, D., Francillon, A., Choe, Y. R., Kruegel, C., and Vigna, G. (2019). Toward the analysis of embedded firmware through automated re-hosting. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pages 135–150, Chaoyang District, Beijing. USENIX Association.
Klint, C. (2021). These are the top risks for business in the post-covid world. [link]. Published on 19/01/2021; accessed on 03/06/2021.
Koscher, K., Kohno, T., and Molnar, D. (2015). SURROGATES: Enabling near-realtime dynamic analyses of embedded systems. In 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C. USENIX Association.
Lobo, S. (2019). Understanding the cost of a cybersecurity attack: The losses organizations face. [link]. Published on 31/03/2019; accessed on 03/06/2021.
McLennan, M. (2021). The global risks report 2021 16th edition. https://www.weforum.org/reports/the-global-risks-report-2021. Published on 19/01/2021; accessed on 10/09/2021.
McMillen, D. (2021). Internet of threats: Iot botnets drive surge in network attacks. [link]. Published on 22/04/2021; accessed on 03/06/2021.
Mudgerikar, A. and Bertino, E. (2021). IoT Attacks and Malware, pages 1–25. Springer Singapore, Singapore.
Muench, M., Nisi, D., Francillon, A., and Balzarotti, D. (2018). Avatar 2: A multi-target orchestration platform. In Proc. Workshop Binary Anal. Res.(Colocated NDSS Symp.), volume 18, pages 1–11.
Scholten, C. (2020). Github repository: scraper. https://github.com/cpbscholten/scraper. Published on 27/11/2020; accessed on 10/09/2021.
Wright, C., Moeglein,W. A., Bagchi, S., Kulkarni, M., and Clements, A. A. (2021). Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv., 54(1).
Özkan, S. Cve details: The ultimate security vulnerability datasource. https://www.cvedetails.com/. Accessed on 13/09/2021.
Published
2021-10-04
How to Cite
TOSO, Gianluigi Dal; PEREIRA JÚNIOR, Lourenço Alves.
Enumeration of operating systems and services in the wireless router's firmware context. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 178-191.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17351.
