In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution an emulator together with real hardware. We first introduce basic mechanism to forward I/O accesses from device, and then describe several techniques improve system’s performance dynamically optimizing distribution code data between two environments. Finally, evaluate our tool applying it three different security scenarios, including reverse engineering,...

As networked embedded systems are becoming more ubiquitous, their security is critical to our daily life.While manual or automated large scale analysis of those regularly uncover new vulnerabilities, the way analyzed follows often same approaches used on desktop systems.More specifically, traditional testing relies observable crashes a program, and binary instrumentation techniques improve detection faulty states.In this paper, we demonstrate that memory corruptions, common class result in...

Harvard architecture CPU design is common in the embedded world.Examples of Harvard-based devices are Mica family wireless sensors.Mica motes have limited memory and can process only very small packets.Stack-based buffer overflow techniques that inject code into stack then execute it therefore not applicable.It has been a belief injection impossible on architectures.This paper presents remote attack for sensors.We show how to exploit program vulnerabilities permanently any piece an Atmel...

Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware the impossibility to physically access devices be attested, makes embedded devices, applications such as Wireless Sensor Networks, a prominent challenge. Several software-based techniques have been proposed that either rely on tight time constraints or free space store malicious code. This paper investigates shortcomings existing techniques. We first present two generic...

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that embedded far from being secure. Moreover, many systems rely on web interfaces for user interaction or administration. Web security is still difficult therefore the of represent a considerable attack surface.

Modern smartphones that implement permission-based security mechanisms suffer from attacks by colluding applications. Users are not made aware of possible implications application collusion attacks---quite the contrary---on existing platforms, users implicitly led to believe approving installation each independently, they can limit damage an cause.

This paper presents a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. increasingly common type of chip includes the radio transceiver along with digital logic on same integrated circuit. In systems, transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing CPU. The well-known electromagnetic (EM) leakage is inadvertently mixed carrier, which...

Embedded computing devices increasingly permeate many aspects of modern life: from medical to automotive, building and factory automation weapons, critical infrastructures home entertainment. Despite their specialized nature as well limited resources connectivity, these are now becoming an popular attractive target for attacks, especially, malware infections. A number approaches have been suggested detect and/or mitigate such attacks. They vary greatly in terms application generality...

Dynamic binary analysis techniques play a central role to study the security of software systems and detect vulnerabilities in broad range devices applications.Over past decade, variety different have been published, often alongside release prototype tools demonstrate their effectiveness.Unfortunately, most those techniques' implementations are deeply coupled with dynamic frameworks not easy integrate other frameworks.Those designed expose internal state or results components.This prevents...

Compromised websites are often used by attackers to deliver malicious content or host phishing pages designed steal private information from their victims. Unfortunately, most of the targeted managed users with little security background - unable detect this kind threats afford an external professional service.

Symbolic execution is a powerful technique for software analysis and bug detection.Compilation-based symbolic recently proposed flavor that has been shown to improve the performance of significantly when source code available.We demonstrate novel enable compilation-based binaries (i.e., without need code).Our system, SymQEMU, builds on top QEMU, modifying intermediate representation target program before translating it host architecture.This enables SymQEMU compile symbolic-execution...

This paper presents a control flow enforcement technique based on an Instruction Based Memory Access Control (IBMAC) implemented in hardware. It is specifically designed to protect low-cost embedded systems against malicious manipulation of their as well preventing accidental stack overflows. achieved by using simple hardware modification divide the data and (or return stack). Moreover access restricted only call instructions, which prevents manipulation. Previous solutions tackled problem...

Modern workstations and servers implicitly trust hard disks to act as well-behaved block devices. This paper analyzes the catastrophic loss of security that occurs when are not trustworthy. First, we show it is possible compromise firmware a commercial off-the-shelf drive, by resorting only public information reverse engineering. Using such compromised firmware, present stealth rootkit replaces arbitrary blocks from disk while they written, providing data replacement back-door. The measured...

Embedded computing devices increasingly permeate many aspects of modern life: from medical to automotive, building and factory automation weapons, critical infrastructures home entertainment. Despite their specialized nature as well limited resources connectivity, these are now becoming an popular attractive target for attacks, especially, malware infections. A number approaches have been suggested detect and/or mitigate such attacks. They vary greatly in terms application generality...

Wireless sensors network (WSN) security is a major concern and many new protocols are being designed. Most of these rely on cryptography, therefore, require cryptographic pseudo-random number generator (CPRNG). However, designing an efficient secure CPRNG for wireless sensor networks not trivial since most the common source randomness used by standard CPRNGs present node. We TinyRNG, nodes. Our uses received bit errors as one sources randomness. show that transmission very good demonstrate...

Telephone networks first appeared more than a hundred years ago, long before transistors were invented. They, therefore, form the oldest large scale network that has grown to touch over 7 billion people. Telephony is now merging many complex technologies and because numerous services enabled by these can be monetized, telephony attracts lot of fraud. In 2015, telecom fraud association study estimated loss revenue due global was worth 38 US dollars per year. Because convergence with Internet,...

QR codes, a form of 2D barcode, allow easy interaction between mobile devices and websites or printed material by removing the burden manually typing URL contact information. codes are increasingly popular likely to be adopted malware authors cyber-criminals as well. In fact, while link can "look" suspicious, malicious benign cannot distinguished simply looking at them. However, despite public discussions about increasing use for purposes, prevalence kinds threats they pose still unclear....