19 research outputs found
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Next Generation Black-Box Web Application Vulnerability Analysis Framework
abstract: Web applications are an incredibly important aspect of our modern lives. Organizations
and developers use automated vulnerability analysis tools, also known as
scanners, to automatically find vulnerabilities in their web applications during development.
Scanners have traditionally fallen into two types of approaches: black-box
and white-box. In the black-box approaches, the scanner does not have access to the
source code of the web application whereas a white-box approach has access to the
source code. Today’s state-of-the-art black-box vulnerability scanners employ various
methods to fuzz and detect vulnerabilities in a web application. However, these
scanners attempt to fuzz the web application with a number of known payloads and
to try to trigger a vulnerability. This technique is simple but does not understand
the web application that it is testing. This thesis, presents a new approach to vulnerability
analysis. The vulnerability analysis module presented uses a novel approach
of Inductive Reverse Engineering (IRE) to understand and model the web application.
IRE first attempts to understand the behavior of the web application by giving
certain number of input/output pairs to the web application. Then, the IRE module
hypothesizes a set of programs (in a limited language specific to web applications,
called AWL) that satisfy the input/output pairs. These hypotheses takes the form of
a directed acyclic graph (DAG). AWL vulnerability analysis module can then attempt
to detect vulnerabilities in this DAG. Further, it generates the payload based on the
DAG, and therefore this payload will be a precise payload to trigger the potential vulnerability
(based on our understanding of the program). It then tests this potential
vulnerability using the generated payload on the actual web application, and creates
a verification procedure to see if the potential vulnerability is actually vulnerable,
based on the web application’s response.Dissertation/ThesisMasters Thesis Computer Science 201
Code Injection Attacks on HTML5-based Mobile Apps
HTML5-based mobile apps become more and more popular, mostly because they are
much easier to be ported across different mobile platforms than native apps.
HTML5-based apps are implemented using the standard web technologies, including
HTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap,
to interact with the underlying OS.
Knowing that JavaScript is subject to code injection attacks, we have
conducted a systematic study on HTML5-based mobile apps, trying to evaluate
whether it is safe to rely on the web technologies for mobile app development.
Our discoveries are quite surprising. We found out that if HTML5-based mobile
apps become popular--it seems to go that direction based on the current
projection--many of the things that we normally do today may become dangerous,
including reading from 2D barcodes, scanning Wi-Fi access points, playing MP4
videos, pairing with Bluetooth devices, etc. This paper describes how
HTML5-based apps can become vulnerable, how attackers can exploit their
vulnerabilities through a variety of channels, and what damage can be achieved
by the attackers. In addition to demonstrating the attacks through example
apps, we have studied 186 PhoneGap plugins, used by apps to achieve a variety
of functionalities, and we found that 11 are vulnerable. We also found two real
HTML5-based apps that are vulnerable to the attacks.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Identifier statiquement des failles XSS Ă l'aide d'apprentissage en profondeur
International audienceCross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. In this work, we explore static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with a well-known static analyzer for PHP code, ProgPilot, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overcome the results of existing tools in all cases.Cross-site Scripting (XSS) est classé au premier rang des 25 faiblesses logicielles les plus dangereuses (2020) de Common Weakness Enumeration (CWE) et place cette vulnérabilité comme la plus dangereuse parmi les erreurs de programmation. Dans ce travail, nous explorons des approches statiques pour détecter les vulnérabilités XSS à l'aide de réseaux de neurones. Nous comparons deux représentations de code différentes basées sur le traitement du langage naturel (NLP) et le traitement du langage de programmation (PLP) et nous expérimentons des modèles basés sur différentes architectures de réseaux neuronaux pour la détection d'analyse statique en PHP et Node.js. Nous formons et évaluons les modèles à l'aide de bases de données synthétiques. En utilisant les bases de données PHP et Node.js générées, nous comparons nos résultats avec un analyseur statique connu pour le code PHP, nommé Progpilot, et le mode statique d'un scanner connu pour Node.js, AppScan. Dans tous les cas, nos analyseurs utilisant des réseaux de neurones surpassent les résultats des outils existants