Embedded and IoT Devices Firmware Security
Corressponding author's email:
doandc@hcmute.edu.vnDOI:
https://doi.org/10.54644/jte.2025.1836Keywords:
Embedded security, Internet of Things (IoT), IoT security, Firmware security, Firmware analysisAbstract
The Internet of Things (IoT) has gone a long way since its inception. However, the standardization process in IoT systems for IoT safety solutions is still in its early stages. Lots of studies have been conducted on its quality evaluation to address threats to IoT across different layers. However, most current works have failed to take into their consideration of the security aspects of the firmware in the IoT ecosystem. The lack of a comprehensive survey on IoT firmware security aims to highlight the important reasons for a firmware insecurity in IoT, list vulnerabilities, and perform an in-depth review of the key analysis techniques. Such rapid development has made IoT and embedded systems become interesting targets for potential attackers, especially the firmware attacks. This Article hereby presents some information related to the device firmware as started by highlighting the importance of the firmware security, classifying the vulnerabilities in IoT, the processes of analyzing the firmware vulnerabilities through some Open source tools, and as illustrated by analyzing some firmwares of the popular devices.
Downloads: 0
References
D. G. Akestoridis, Firmware Analysis of Embedded Systems, Carnegie Mellon University, 2018.
A. Cui, M. Costello, and S. J. Stolfo, “When Firmware Modifications Attack: A Case Study of Embedded Exploitation,” Department of Computer Science, Columbia University, New York, USA, 2013.
I. Nadir, H. Mahmood, and G. Asadullah, “A Taxonomy of IoT Firmware Security and Principal Analysis Techniques,” Elsevier, Feb. 15, 2021. DOI: https://doi.org/10.1016/j.ijcip.2022.100552
F. Boland, Automated Security Analysis of Firmware, KTH Royal Institute of Technology, Stockholm, Sweden, 2022.
Vina Aspire, “More than 80% of Global Businesses are Victims of Firmware Attacks,” [Online]. Available: https://vina-aspire.com/hon-80-doanh-nghiep-toan-cau-la-nan-nhan-cua-cuoc-tan-cong-firmware/
Techpro, “Vietnamese Voice Warning Firmware on Suprema FSF2 and BS3,” [Online]. Available: https://techpro.vn/vi/tin-tuc/firmware-canh-bao-am-thanh-giong-noi-tieng-viet-tren-suprema-fsf2-va-bs3.html
L. Phuong, “Vietnamese Scientists Gradually Master Hardware Security Solutions,” Journal of Information and Communications, 2019.
H. Minh, “Security Camera Equipment Standards to Be Developed,” [Online]. Available: https://baochinhphu.vn/se-xay-dung-cac-tieu-chuan-thiet-bi-camera-an-ninh-102230728164637256.htm, 2023.
A. Bhardwaj, K. Kaushik, S. Bharany, and S. Kim, “Forensic Analysis and Security Assessment of IoT Camera Firmware for Smart Homes,” Egyptian Informatics Journal, vol. 24, no. 4, p. 100409, Dec. 2023. DOI: https://doi.org/10.1016/j.eij.2023.100409
M. Muench, Dynamic Binary Firmware Analysis: Challenges & Solutions, Sorbonne Université, 2021.
X. Zhou, P. Wang, L. Zhou, P. Xun, and K. Lu, “A Survey of the Security Analysis of Embedded Devices,” Sensors, 2023. DOI: https://doi.org/10.3390/s23229221
Prabhankar, “Firmware Analysis Part-1,2,” 2021. [Online]. Available: https://prabhankar.medium.com/firmware-analysis-part-1-cd43a1ad3f38
NSE Hacking Lab, “PenTest Process Planning,” [Online]. Available: https://nse.digital/pages/guides/pentest-process-planning.html
T. Bakhshi, B. Ghita, and I. Kuzminykh, “A Review of IoT Firmware Vulnerabilities and Auditing Techniques,” PMCID: PMC10821153, 2024. DOI: https://doi.org/10.3390/s24020708
R. Lyda, J. Sparta, and B. Hamrock, “Using Entropy Analysis to Find Encrypted and Packed Malware,” IEEE Computer Society, 2007. DOI: https://doi.org/10.1109/MSP.2007.48
Whiteheart0, “Entropy Analysis: A Critical Test for Malware,” [Online]. Available: https://whiteheart0.medium.com/entropy-analysis-a-critical-test-for-malwares-69939f5b8b1
F. Á. Wic, J. M. G. Moreno, and A. V. Blanco, “IoT and Embedded Devices Security Analysis Following OWASP,” [Online]. Available: https://www.tarlogic.com/blog/security-analysis-on-iot-owasp, 2022.
T. C. Clancy, R. Gerdes, Y. Yang, J. Black, P. Schaumont, and D. A. Brown, “Analysis of Firmware Security in Embedded ARM Environments,” Arlington, Virginia, 2019.
S. U. Haq, Y. Singh, A. Sharma, R. Gupta, and D. Gupta, “A Survey on IoT & Embedded Device Firmware Security: Architecture, Extraction Techniques, and Vulnerability Analysis Frameworks,” Springer, 2023. DOI: https://doi.org/10.1007/s43926-023-00045-2
P. Bourmeau, “A Brief Introduction to Firmware Extraction,” 2020.
S. Vasile, D. Oswald, and T. Chothia, “Breaking All the Things – A Systematic Survey of Firmware Extraction Techniques for IoT Devices,” University of Birmingham, 2018. DOI: https://doi.org/10.1007/978-3-030-15462-2_12
J. M. Smith, “Case Analysis of Firmware Vulnerabilities and Exploitation,” 2016.
R. Sharma, “Unveiling Vulnerabilities: A Deep Dive into Firmware Penetration Testing – Part 1,” Sep. 19, 2023. [Online]. Available: https://ravi73079.medium.com/unveiling-vulnerabilities-a-deep-dive-into-firmware-penetration-testing-part-1-904599cd79be
D. de Ruck, V. Goeman, and J. Lapon, “Hands-on Workshop: Hacking and Protecting Embedded Devices,” June 2022.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2025 Journal of Technical Education Science
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright © JTE.
