Firmware Analysis for IoT Devices [Practical Guide]

With a variety of IoT devices being used by businesses, we cannot ignore questions about analyzing firmware for IoT devices. As the software runs on a hardware device, analyzing the code is a cursor for detecting IoT issues and ensuring your device’s security. 

WebbyLab has massive experience developing smart home automation platforms. Our experts know all ins and outs of IoT devices functioning and demonstrate their expertise in real cases using modern firmware analysis tools. We assisted MyBox, a universal cloud-based ecosystem for EV charging stations management, in analyzing firmware performance and eliminating IoT firmware vulnerabilities. 

In this article, we will cover the logic and necessity of IoT device firmware security analysis, and explain how to manage all  IoT technical challenges you may encounter during IoT solution development. 

Why Need IoT Firmware analysis?

IoT device firmware analysis is an integral element of security research. Controlling the firmware is having complete control over the IoT device. IoT products like smart home devices, connected appliances, wireless routers, wearables, and autonomous cars are often targeted by cyber attackers and have some vulnerabilities that originated in firmware. 

Cyberattackers may not hack the devices themselves but use them as a platform for any other kinds of malicious behavior, including spamming or credit card data theft. People may suffer from money loss and companies from damaged reputations. 

Let’s look at examples of firmware vulnerabilities to protect IoT products from possible risks. These all are the issues WebbyLab often encounters while working on the clients’ projects:

• It’s impossible to update the device securely for some reasons, like insecure distribution, lack of firmware certification, or security alerts caused by updates. Here you can find more tips on how to update IoT devices. 
• Unauthenticated access is a firmware vulnerability allowing hackers to control an IoT device’s data. 
• The firmware is susceptible to password hashes as devices often have weak or hard-coded passwords set by default or available to the public.
• Outdated or insecure software components allow malicious actors to hack the device. 
• Weak firmware authentication can be easily broken by cyber attackers. It’s recommended to avoid single-factor authentication and weak cryptographic algorithms. 
• IoT security problems are inadequate encryption keys that open the door to sensitive data transfer and storage. 
• Open source components make firmware irresistible to hackers.
• Insecure network services allow unauthorized remote control.
• Debugging systems may give hackers inside knowledge of a device.
• Buffer overflows can allow attackers to access devices remotely and cause an IoT firmware security breach. 

It’s possible to avoid and remedy these IoT exploits by upgrading the IoT device firmware, conducting analysis for firmware of IoT device, changing the default passwords, or compiling IoT device inventory. Ensuring strong firmware security in the IoT ecosystem is crucial for protecting devices from vulnerabilities. You may contact the manufacturer to specify if they implement secure coding practices in the firmware.  

IoT Devices Firmware Analysis Process [A Step-by-Step Guide]

It’s essential to understand the process of firmware examination to get the best results. Firmware in IoT devices plays a crucial role in their functionality and security. Here’s the main steps that the WebyLab team utilizes to automate firmware analysis in IoT.  

Getting the Firmware

The first thing to do is to download the IoT firmware from the vendor’s official website. If for some reason, you cannot do it or it doesn’t work, you can search it on Github. At this stage, everything looks simple until you move to the next step. 

Extracting the Firmware 

The next stage of automated IoT firmware analysis is extracting the firmware files that are usually bundled or compressed in bin, zip, gzip, or tar formats. There is a tool for extraction that is called Binwalk. It is already present in Kali Linux.

Here is a detailed guide on extracting the firmware. 

1. You should type the #binwalk IoTGoat-raspberry-pi2.img command. File systems for IoT devices include squashfs, cramfs, JFFS2, yaffs2, and ext2. You will 
2. You will see your firmware in the Squashfs file system. IoTGoat uses the xz compression, but there are also ARJ, Zip, gzip, LZMA, and Zlib methods. 
3. Then you will see the word little endian. It is the way of storing multibyte data types where the last byte of the data representation is stored first.
4. Consider that address is the number of offsets to be extracted. 
5. In order to extract the .img file and then save it as a .bin file, it’s necessary to type the following command: # dd if=IoTGoat-raspberry-pi2.img bs=1 skip=29360128 of=iotgoat.bin. Here “if” means input file, “of” stands for the output file, and “bs” is the block size of these files.
6. Then to find the extracted file under the squashfs-root directory, you should extract iotgoat.bin using unsquashfs, using the command: # unsquashfs iotgoat.bin. 

And now, we can see that firmware extraction is not a piece of cake. This process requires time and effort, and if you need professional assistance, our WebbyLab experts will consult you on the issue and offer effective solutions.

Running IoTGoat 

Once the files are extracted, we need to run IoTGoat from OWASPover it. It will scan all the firmware files to detect the vulnerabilities. Make sure IoTGoat and the extracted firmware file are in the same folder. The tool will generate the output with the list of vulnerabilities after the scanning. Let’s look at how you can do it step by step:

1. Open the extracted directory with the command: # cd _IoTGoat-raspberry-pi2.img.extracted. 
2. Move to the /etc directory to search for sensitive files.
3. Next, check the passwd and shadow files.
4. You should download the IoTGoat-x86.vmdk file from GitHub to run the virtual instance and find the IP of IoTGoat.
5. There is a special command hydra (hydra -V -f -t 4 -l iotgoatuser -P /usr/share/wordlists/mirai_creds.txt ssh://192.168.1.5) or medusa (# medusa –u iotgoatuser –P /usr/share/wordlists/mirai_creds.txt –h 192.168.1.5 -M ssh -f) to crack the password.

This is what the IoT Devices firmware analysis process looks like at WebbyLab. One essential aspect of this process is IoT device firmware monitoring, which helps ensure that devices remain secure and up to date. Keep reading to learn more about the methodology of analyzing IoT devices’ firmware. 

Read also: How to Create an IoT App: Step-by-Step Guide.

Kostiantyn Oliynyk

Head of IoT at Webbylab

Helped dozens of startups create effective IOT products.

Get a Consultation

Ways to Analyze The Firmware of IoT Devices (Methodology)

There are two ways to conduct analysis for IoT firmware: manual and automated. Manual analysis is quite complicated and time-consuming. Therefore, we will talk in detail about the automated firmware analysis for IoT device. It is a fast and easy solution powered by lots of high-quality firmware analysis tools. You can perform the automatic analysis with such open-source programs as Firmwalker, Binwalk, FACT, and Firmware Analysis Toolkit.

During the automatic firmware analysis, you will come across the following points: 

• Etc/shadow and etc/passwd
• List out the etc/ssl directory
• SSL related files such as .pem, .crt, etc
• Configuration files
• Script files
• Other .bin files
• Keywords such as admin, password, remote, etc
• Common web servers used on IoT devices
• Common binaries such as ssh, tftp, dropbear, etc
• URLs, email addresses, and IP addresses
• Experimental support for making calls to the Shodan API using the Shodan CLI

Read Also: How to create CLI and publishing to NPM

How WebbyLab Can Help Analyze IoT Devices Firmware

IoT products cybersecurity is crucial today if you do not want to lose your personal data and money. So having reliable professionals dealing with IoT testing is a must for a secure online presence. If you need a dedicated team to analyze firmware of IoT devices, WebbyLab experts are ready to help round the clock. 

Our company provides comfortable firmware analysis toolkit for audit and monitoring and firmware development services. We offer software and hardware development using cutting-edge technologies. Some of the projects for which we’ve provided IoT firmware analysis assistance include 2smart, Ezlo, and Propuskator.  

Contact us via email, find us on social media, or call us right now. 

Final Thoughts

Now that you know what firmware is, its role, and its methodology. IoT firmware analysis is a challenging task, but it is essential for your devices and data security. With high-quality firmware analysis of your IoT devices, you could avoid common vulnerabilities such as cyberattacks, outdated software components, open source components, buffer overflows, and weak firmware authentication. Implementing RACI components in the firmware analysis process ensures clear assignment of responsibilities and enhances project coordination. Only professionals with niche-relevant experience can conduct a solid firmware analysis. With WebbyLab’s technical competence, you will get a detailed analysis of the firmware’s content and get solutions to strengthen your system. Do not wait to get in touch with our experienced IoT developers and bring your ideas to life.