Send in your ideas. Deadline October 1, 2024
Theme fund: NGI0 PET
Start: 2019-06
End: 2022-10
More projects like this
Software engineering

Virtualizing device firmware

Creating digital twins for auditing and testing appliances

Recent targets of attacks on infrastructure did not come from powerful computers, but instead from consumer electronics devices. The most widely known example of this is the Mirai botnet, where consumer grade IP cameras were infected, added to a botnet and then used in wide scale attacks in a rather devious way: the original functionality of the device was left untouched, meaning that users either didn’t notice that their device had been taken over, or weren’t bothered by it. This projects aims to provide a way to virtualise such an IoT device and integrate it with an existing honeypot framework to see how the malware is inserted and how botnets operate. The goal is to extract a firmware from an existing device and use that as the base for the virtualisation. The same setup can also be used to systematically check for undocumented behaviour of firmware.

  • The project's own website:

Why does this actually matter to end users?

The impact of cybercrime is increasing and the attacks on individuals, businesses and crucial infrastructure are becoming more advanced and creative. At the same time we use more 'smart' devices in our homes, offices and streets that are connected to the internet while lacking fundamental security. A camera connected to the internet is not just a camera you can control from your phone, it is also a device that, without certain protection measures, can be manipulated to attack specific servers, trying to take down specific servers which can be immensely harmful, let alone dangerous when crucial infrastructures are the target. To bring the pervasive insecurities of the internet of things closer to home, how about a company selling smart home software that uses the same access details for every house, which can simply open the 'smart' front door lock of every user?

As the internet of things grows and connected devices become cheaper and more commonplace, we need to fix vulnerabilities and close back doors as fast as possible. That means developers should learn how to think like a cybercriminal: how can my device be abused, what creative workaround can grant you access that I should fix? One of the ways to do this is to carefully monitor how a device is actually attacked. This project creates technology that can simulate how basic internet of things devices work and how malicious software will try to abuse it to attack servers. Better understanding one of the many security and privacy threats that plague the internet of things is a step forward in ensuring our devices work for us, instead of against us.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

This project is archived. Due to circumstances, the project as planned did not take place. This page is left as a placeholder, for transparency reasons and to perhaps inspire others to take up this work.