Microcontroller Based IoT System Firmware Security: Case Studies

The Internet of Things (IoT) has attracted much interest recently from the industry given its flexibility, convenience and smartness. However, security issues and exploits have become amongst the most colossal concerns for IoT. This paper studies the security of Microcontroller (MCU) based IoT firmware. Given the varieties of MCUs and their running environments, we perform case studies to exploit the flaws behind contemporary firmware upgrade models. Specifically, we validate our attacks on a popular air quality sensor from PurpleAir. We also investigate a prototype of a secure firmware upgrade system on an ATmega1284P chip. To demonstrate the attack surface of the implemented countermeasure, we discuss the potential pitfalls identified through our own practice, since these pitfalls may occur during the implementation by other manufacturers.

[1]  Cheng Chang,et al.  A New Firmware Upgrade Mechanism Designed for Software Defined Radio Based System , 2013 .

[2]  Sanjay Jha,et al.  A remote attestation protocol with Trusted Platform Modules (TPMs) in wireless sensor networks , 2015, Secur. Commun. Networks.

[3]  Juan Lopez,et al.  Firmware modification attacks on programmable logic controllers , 2013, Int. J. Crit. Infrastructure Prot..

[4]  Robert H. Deng,et al.  CrowdBC: A Blockchain-Based Decentralized Framework for Crowdsourcing , 2019, IEEE Transactions on Parallel and Distributed Systems.

[5]  Zhen Ling,et al.  An End-to-End View of IoT Security and Privacy , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[6]  Pedro Peris-López,et al.  AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices , 2016, DIMVA.

[7]  Zhiqiang Lin,et al.  IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing , 2018, NDSS.

[8]  Jong-Hyouk Lee,et al.  Blockchain-based secure firmware update for embedded devices in an Internet of Things environment , 2016, The Journal of Supercomputing.

[9]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[10]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[11]  Steve Hanna,et al.  Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices , 2011, HealthSec.

[12]  Yue Zhang,et al.  On Misconception of Hardware and Cost in IoT Security and Privacy , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[13]  Tariq Iqbal,et al.  Design and implementation of a low cost web server using ESP32 for real-time photovoltaic system monitoring , 2017, 2017 IEEE Electrical Power and Energy Conference (EPEC).

[14]  Frank D. Petruzella,et al.  Programmable Logic Controllers , 1989 .

[15]  John Regehr,et al.  Eliminating stack overflow by abstract interpretation , 2003, TECS.

[16]  Claude Castelluccia,et al.  Defending embedded systems against control flow attacks , 2009, SecuCode '09.

[17]  Yu-ichi Hayashi,et al.  Buffer overflow attack with multiple fault injection and a proven countermeasure , 2017, Journal of Cryptographic Engineering.

[18]  WebbReis Programmable Logic Controllers , 2015 .

[19]  Yue Zhang,et al.  On the Security and Data Integrity of Low-Cost Sensor Networks for Air Quality Monitoring , 2018, Sensors.

[20]  Sergio Pastrana,et al.  ArduWorm: A functional malware targeting arduino devices , 2016 .

[21]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[22]  Krzysztof Cabaj,et al.  Compromising an IoT device based on Harvard architecture microcontroller , 2018, Symposium on Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments (WILGA).