Scalable Linux-based firmware vulnerability analysis and verification

Abstract

The proliferation of Internet of Things (IoT) devices has introduced significant security challenges, primarily due to vulnerabilities in Linux-based firmware commonly used in these devices. This thesis investigates scalable vulnerability analysis methods for IoT firmware by reproducing and evaluating three state-of-the-art static taint analysis tools: EmTaint, Mango, and OctopusTaint. These tools were tested on real-world firmware samples, focusing on identifying command injection and stack-based buffer overflow vulnerabilities.

The study highlights each tool's strengths and limitations. EmTaint demonstrated exceptional scalability with low resource consumption but suffered from high false negatives due to its limited analysis scope. Mango achieved superior accuracy in detecting known vulnerabilities but exhibited high memory usage and occasional over-tainting, leading to false positives. OctopusTaint showed promise with advanced sanitization checks but faced reproducibility issues on consumer-grade hardware, limiting its reliability.

Key contributions include the discovery of a previously undocumented stack-based buffer overflow vulnerability, enrichment of CVE-2024-57595 with detailed analysis, and improvements to EmTaint's preprocessing scripts for modern compatibility. Additionally, the thesis enhanced Mango's extensibility by integrating new sources and sinks, reducing false negatives.