Virtualizing device firmware
Creating digital twins for auditing and testing appliances
Recent targets of attacks on infrastructure did not come from powerful computers, but instead from consumer electronics devices. The most widely known example of this is the Mirai botnet, where consumer grade IP cameras were infected, added to a botnet and then used in wide scale attacks in a rather devious way: the original functionality of the device was left untouched, meaning that users either didn’t notice that their device had been taken over, or weren’t bothered by it. This projects aims to provide a way to virtualise such an IoT device and integrate it with an existing honeypot framework to see how the malware is inserted and how botnets operate. The goal is to extract a firmware from an existing device and use that as the base for the virtualisation. The same setup can also be used to systematically check for undocumented behaviour of firmware.
Why does this actually matter to end users?
The impact of cybercrime is increasing and the attacks on individuals, businesses and crucial infrastructure are becoming more advanced and creative. At the same time we use more 'smart' devices in our homes, offices and streets that are connected to the internet while lacking fundamental security. A camera connected to the internet is not just a camera you can control from your phone, it is also a device that, without certain protection measures, can be manipulated to attack specific servers, trying to take down specific servers which can be immensely harmful, let alone dangerous when crucial infrastructures are the target. To bring the pervasive insecurities of the internet of things closer to home, how about a company selling smart home software that uses the same access details for every house, which can simply open the 'smart' front door lock of every user?
As the internet of things grows and connected devices become cheaper and more commonplace, we need to fix vulnerabilities and close back doors as fast as possible. That means developers should learn how to think like a cybercriminal: how can my device be abused, what creative workaround can grant you access that I should fix? One of the ways to do this is to carefully monitor how a device is actually attacked. This project creates technology that can simulate how basic internet of things devices work and how malicious software will try to abuse it to attack servers. Better understanding one of the many security and privacy threats that plague the internet of things is a step forward in ensuring our devices work for us, instead of against us.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.