Fuzzware: Automating and Scaling Fuzzing for Firmware
Analyzing firmware is hard: It is custom, highly device-specific pieces of software which run on (oftentimes proprietary) hardware platforms. Devices are plenty, proper documentation is rare, and many products quickly get revised. To keep up as security analysts, we need to test firmware in an automated, scalable fashion.
Wanting to avoid filling factory halls with gadgets, the question becomes: Can we run and test firmware in an emulator automatically, without really knowing its hardware? In this talk we will go into the challenges of taming firmware and present our latest project, Fuzzware, which aims to enable automated fuzz testing for deeply embedded firmware. Fuzzware is a system that allows us to test firmware independent of its hardware via a mix of program analysis and emulation.
Using the system, we discovered multiple vulnerabilities in widely used network stacks for embedded systems and we will highlight our key findings. Fuzzware will be made available as open source software to the community.
Tobias is a PhD student at Ruhr University Bochum. In his research, he is venturing on the quest of finding ways to analyze firmware in a hardware-independent, automated, and scalable manner. Outside his academic activities, he is a hack.lu CTF organizer and CTF player with FluxFingers. He also popped some calcs on industrial control systems products at Pwn2Own Miami 2020, which included breaking the most popular DNP3 library that powers the American energy sector.
Marius is a postdoctoral researcher at Vrije Universiteit Amsterdam. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM. He developed and maintains avatar2, a framework for analyzing embedded systems firmware. In his spare time, Marius captures flags with his CTF team Tasteless.