awesome-embedded-and-iot-security/readme.md

Awesome Embedded and IoT Security

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Contents

• Software Tools
  • Analysis Frameworks
  • Analysis Tools
  • Extraction Tools
• Hardware Tools
• Books
• Research Papers
  • Case Studies
• Websites
• Conferences

Software Tools

Software tools for analyzing embedded/IoT firmware.

Analysis Frameworks

• FACT - The Firmware Analysis and Comparison Tool - Full featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
• EXPLIoT - Pentest framework like Metasploit but specialized for IoT.

Analysis Tools

• Binwalk - Searches a binary for "interesting" stuff.
• Firmadyne - Tries to emulate and pentest a firmware.
• firmwalker - Searches extracted firmware images for interesting files and information.
• Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
• Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

• Binwalk - Extracts arbitrary files utilizing a carving approach.
• FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
• Firmware Mod Kit - Extraction tools for several container formats.

Hardware Tools

• Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
• Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
• JTAGULATOR - Detects JTAG Pinouts fast.
• Saleae - Easy to use Logic Analyzer that support many protocols. 💶

Books

• 2019, Aditya Gupta: The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things

Research Papers

• 2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
• 2017, Jacob et al: How to Break Secure Boot on FPGA SoCs through Malicious Hardware
• 2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices
• 2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation
• 2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
• 2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
• 2015, Shoshitaishvili et al:Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
• 2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy
• 2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares
• 2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing
• 2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmware s
• 2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

Case Studies

• Hacking the DSP-W215, Again
• Multiple vulnerabilities found in the Dlink DWR-932B
• Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
• PWN Xerox Printers (...again)

Websites

• OWASP Embedded Application Security
• OWASP Internet of Things Project
• Hacking Printers Wiki
• Router Passwords - Default login credential database sorted by manufacturer.

Conferences

• Hardwear.io

Contribute

Contributions welcome! Read the contribution guidelines first.

License

To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.