An Ensemble Approach for IoT Firmware Strength Analysis using STRIDE Threat Modeling and Reverse Engineering

Internet of Things (IoT) market is growing exponentially and automated smart solutions are revolutionizing a diverse range of areas with innovative technologies. The most critical and vital part of an IoT system that cannot be overlooked at any cost is its security. The security standards for IoT devices are not mature enough to provide foolproof security and there is still a long journey for manufacturers to incorporate stealth in devices. The most vulnerable component of an IoT system is the firmware which controls all the functionality of the device. If subverted by an attacker, the firmware of the IoT device can prove to be a critical attack surface for obtaining enough information to annihilate an IoT device. In this paper, we propose a twofold strategy to critically analyze the security of an IoT firmware. We will first use the STRIDE threat model to identify the security parameters that attackers could exploit to launch attacks. We will then use reverse engineering to examine and evaluate the security of a wide range of firmware being used in the latest and most commonly used IoT devices based on the identified security parameters. The same parameters can then derive security expectations for a secure IoT firmware. The proposed approach provides a powerful strategy to comprehensively analyze an IoT system's security. Our experimental results show that more than 50 percent of the firmware are exposing critical information that can be used to launch attacks. We believe that our findings will also help establish recommendations for developing secure and resilient firmware.