1 research outputs found
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
The USB protocol has become ubiquitous, supporting devices from high-powered
computing devices to small embedded devices and control systems. USB's greatest
feature, its openness and expandability, is also its weakness, and attacks such
as BadUSB exploit the unconstrained functionality afforded to these devices as
a vector for compromise. Fundamentally, it is virtually impossible to know
whether a USB device is benign or malicious. This work introduces FirmUSB, a
USB-specific firmware analysis framework that uses domain knowledge of the USB
protocol to examine firmware images and determine the activity that they can
produce. Embedded USB devices use microcontrollers that have not been well
studied by the binary analysis community, and our work demonstrates how lifters
into popular intermediate representations for analysis can be built, as well as
the challenges of doing so. We develop targeting algorithms and use domain
knowledge to speed up these processes by a factor of 7 compared to
unconstrained fully symbolic execution. We also successfully find malicious
activity in embedded 8051 firmwares without the use of source code. Finally, we
provide insights into the challenges of symbolic analysis on embedded
architectures and provide guidance on improving tools to better handle this
important class of devices.Comment: 18 pages, CCS 201