Cybersecurity in Wi-Fi Routers: automated approach for Firmware Collection and Analysis
Abstract
Wireless routers are ubiquitous in contemporary social life, making them a significant concern for cybersecurity and user privacy. Previous studies have presented methods to create firmware image databases to assess router security. However, these methodologies are outdated, as manufacturers make it increasingly difficult to obtain these images. To overcome this challenge, this article presents an automated methodology that includes the firmware’s downloading, extraction, and static analysis. The initial results include the acquisition of 262 firmware images from 10 manufacturers and the identification of 7,257 and 3,892 vulnerability indicators from the use of Semgrep and CodeQL, respectively.References
Analytics, I. (2023). State of iot 2023: Number of connected iot devices growing 16% to 16.7 billion globally. IoT Analytics. Acessado em 04/07/2024.
Chen, D. D., Woo, M., Brumley, D., and Egele, M. (2016). Towards automated dynamic analysis for linux-based embedded firmware. In NDSS, volume 1, pages 1–1.
Costin, A., Zarras, A., and Francillon, A. (2016). Automated dynamic firmware analysis at scale: A case study on embedded web interfaces. In Proceedings of the 11th ACM Asia CCS.
De Keersmaeker, F., Cao, Y., Ndonda, G. K., and Sadre, R. (2023). A survey of public iot datasets for network security research. IEEE Communications Surveys Tutorials, 25(3):1808–1840.
Freitas, O., Corrêa, F., Santos, A., and Junior, L. P. (2023). Caracterização das vulnerabilidades dos roteadores wi-fi no mercado brasileiro. In Anais do XLI SBRC, PA, RS, Brasil. SBC.
ICP (2024). Post-pandemic: The evolution of remote working. ICP.
Kim, M., Kim, D., Kim, E., Kim, S., Jang, Y., and Kim, Y. (2020). FirmAE: Towards large-scale emulation of iot firmware for dynamic analysis. In ACSAC, Online.
Mudgerikar, A. and Bertino, E. (2021). Iot attacks and malware. Cyber Security Meets Machine Learning, pages 1–25.
Taffarel, F., de Freitas, O. B., and Junior, L. A. P. (2023). Análise de vulnerabilidades em larga escala nos roteadores wi-fi por meio de web-fuzzing. In Anais do XXIII SBSeg. SBC.
Toso, G. and Pereira, L. A. (2021). Enumeração de sistemas operacionais e serviços de firmwares de roteadores sem-fio. In Anais Estendidos do XXI SBSeg, PA, RS, Brasil. SBC.
Wright, C., Moeglein, W. A., Bagchi, S., Kulkarni, M., and Clements, A. A. (2021). Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv., 54(1).
Ye, J. and et. al. (2024). Exposed by default: A security analysis of home router default settings. In Proceedings of the 19th ACM Asia CCS. ACM.
Chen, D. D., Woo, M., Brumley, D., and Egele, M. (2016). Towards automated dynamic analysis for linux-based embedded firmware. In NDSS, volume 1, pages 1–1.
Costin, A., Zarras, A., and Francillon, A. (2016). Automated dynamic firmware analysis at scale: A case study on embedded web interfaces. In Proceedings of the 11th ACM Asia CCS.
De Keersmaeker, F., Cao, Y., Ndonda, G. K., and Sadre, R. (2023). A survey of public iot datasets for network security research. IEEE Communications Surveys Tutorials, 25(3):1808–1840.
Freitas, O., Corrêa, F., Santos, A., and Junior, L. P. (2023). Caracterização das vulnerabilidades dos roteadores wi-fi no mercado brasileiro. In Anais do XLI SBRC, PA, RS, Brasil. SBC.
ICP (2024). Post-pandemic: The evolution of remote working. ICP.
Kim, M., Kim, D., Kim, E., Kim, S., Jang, Y., and Kim, Y. (2020). FirmAE: Towards large-scale emulation of iot firmware for dynamic analysis. In ACSAC, Online.
Mudgerikar, A. and Bertino, E. (2021). Iot attacks and malware. Cyber Security Meets Machine Learning, pages 1–25.
Taffarel, F., de Freitas, O. B., and Junior, L. A. P. (2023). Análise de vulnerabilidades em larga escala nos roteadores wi-fi por meio de web-fuzzing. In Anais do XXIII SBSeg. SBC.
Toso, G. and Pereira, L. A. (2021). Enumeração de sistemas operacionais e serviços de firmwares de roteadores sem-fio. In Anais Estendidos do XXI SBSeg, PA, RS, Brasil. SBC.
Wright, C., Moeglein, W. A., Bagchi, S., Kulkarni, M., and Clements, A. A. (2021). Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv., 54(1).
Ye, J. and et. al. (2024). Exposed by default: A security analysis of home router default settings. In Proceedings of the 19th ACM Asia CCS. ACM.
Published
2024-09-16
How to Cite
BERTOLINO, Guilherme; TAFFAREL, Françoa; PEREIRA JUNIOR, Lourenço Alves.
Cybersecurity in Wi-Fi Routers: automated approach for Firmware Collection and Analysis. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE ONGOING WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 396-400.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.241625.
