Apostolis Zarras, Assistant Professor, Delft University of Technology
Exploring the Security of Embedded Devices
Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that embedded devices are far from being secure. In this talk, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial-Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovering vulnerabilities in embedded web interfaces regardless of the devices’ vendor, type, or architecture. To reach this goal, we perform a complete system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. The observations we make shed light on an essential aspect of embedded devices that was not previously studied at a large scale.
Apostolis Zarras is an assistant professor at the Delft University of Technology. Previously, he was an assistant professor at Maastricht University and, before that, a postdoctoral researcher at the Technical University of Munich. He received his PhD degree in IT Security from the Ruhr-University Bochum. He also holds a M.Sc. and B.Sc. in Computer Science from the University of Crete. His research interests include systems, network, and web security. His work focuses on developing new security paradigms, architectures, and software for secure and trustworthy ICT and IoT systems.