Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

Asymptotics of the instantons of Painleve I

The 0-instanton solution of Painlev\'e I is a sequence $(u_{n,0})$ of complex numbers which appears universally in many enumerative problems in algebraic geometry, graph theory, matrix models and 2-dimensional quantum gravity. The asymptotics of the 0-instanton $(u_{n,0})$ for large $n$ were obtained by the third author using the Riemann-Hilbert approach. For $k=0,1,2,...$, the $k$-instanton solution of Painlev\'e I is a doubly-indexed sequence $(u_{n,k})$ of complex numbers that satisfies an explicit quadratic non-linear recursion relation. The goal of the paper is three-fold: (a) to compute the asymptotics of the 1-instanton sequence $(u_{n,1})$ to all orders in $1/n$ by using the Riemann-Hilbert method, (b) to present formulas for the asymptotics of $(u_{n,k})$ for fixed $k$ and to all orders in $1/n$ using resurgent analysis, and (c) to confirm numerically the predictions of resurgent analysis. We point out that the instanton solutions display a new type of Stokes behavior, induced from the tritronqu\'ee Painlev\'e transcendents, and which we call the induced Stokes phenomenon. The asymptotics of the 2-instanton and beyond exhibits new phenomena not seen in 0 and 1-instantons, and their enumerative context is at present unknown.Comment: 29 pages, 8 figure

CCTV-Exposure: An open-source system for measuring user's privacy exposure to mapped CCTV cameras based on geo-location (Extended Version)

In this work, we present CCTV-Exposure -- the first CCTV-aware solution to evaluate potential privacy exposure to closed-circuit television (CCTV) cameras. The objective was to develop a toolset for quantifying human exposure to CCTV cameras from a privacy perspective. Our novel approach is trajectory analysis of the individuals, coupled with a database of geo-location mapped CCTV cameras annotated with minimal yet sufficient meta-information. For this purpose, CCTV-Exposure model based on a Global Positioning System (GPS) tracking was applied to estimate individual privacy exposure in different scenarios. The current investigation provides an application example and validation of the modeling approach. The methodology and toolset developed and implemented in this work provide time-sequence and location-sequence of the exposure events, thus making possible association of the exposure with the individual activities and cameras, and delivers main statistics on individual's exposure to CCTV cameras with high spatio-temporal resolution

Using feldspathic ceramic masses in frontal group restorations

Scop: Scopul acestui studiu a fost de a alege și aplica metoda cea mai optimă de tratament a pacienţilor cu dereglări estetice a grupului frontal de dinţi. Materiale și metode: În studiu au participat 15 pacienţi, dintre care 8 pacienţi de sex F și 7 de sex M , ulterior ei au fost divizaţi în două loturi: — în primul lot au fost incluși 10 pacienţi trataţi cu microproteze fixe (coroane) integral ceramice, în cel de al doilea grup au fost incluși 5 pacienţi trataţi cu ajutorul vinirilor feldspatice. Microprotezele au fost prelucrate cu acid ortofosforic 38% și fixate cu ciment adeziv. Evaluarea clinică a restaurărilor s-a realizat la momentul iniţial și după 3,6 ,12 luni de la tratament. Au fost analizate următoarele criterii: integritatea marginală, sensibilitatea dinţilor, fracturile restaurărilor. Rezultate: Reabilitările funcţionale și estetice au fost realizate cu ajutorul a microprotezelor fixe integral ceramice și vinirelor feldspatice. Integritatea marginală a fost păstrată la pacienţii cu ambele tipuri de restaurări. Pe parcursul timpului evaluat ţesuturile moi nu au prezentat nici o modificare. Apariţia cariilor nu a fost observată, precum și nici o modificare patologică periapicală si nici o sensibilitate. La un pacient tratat cu vinire feldspatice, unghiul incizal distal a fost fracturat. Nu s-au observat modificări semnificative între cele două grupuri de studiu. Concluzie: Satisfacţia pacientului și o bună integrare a restaurărilor indirecte au confirmat succesul acestei reabilitari. Cimentarea în limitele smalţului e mai rezistentă la fracturare decît cimentarea în limitele dentinei. Ambele tipuri de restaurări posedă o capacitate de durabilitate în timp.Purpose: The purpose of this study was to choose and apply optimal method of the treatment in patients with esthetic disorders. Materials and Methods: 15 patients were examined and treated, 8 of them were males and 7 — females. These patients were divided into two groups: — the first group included 10 patients treated with full ceramic crowns, and second group included 5 patients treated by feldspathic veneers. All restorations were etched, silanized and adhesively luted using a self-etching, dual-cure, fluoride-releasing cement. Clinical evaluation of the restorations was performed at baseline and 3,6,12 months after luting, where were analyzed following criteria: marginal integrity, sensitivity of teeth, fractures restorations. Results: Functional and aesthetic rehabilitation were achieved using a full ceramic crowns and feldspathic veneers. Marginal integrity has been preserved in patients with both types of restorations. During evaluated time soft tissues didn’t present any changes. No caries recurrence, no periapical pathology, no sensitivity were observed. In a patient with feldspathic veneers restoration, distal incisal angle was fractured. No significant changes were observed between these two groups of study. Conclusion: The patient satisfaction and good integration of indirect restorations confirmed the success of this rehabilitation. Luting ceramic to enamel provided higher fracture resistance than luting to dentin. Both, and porcelain veneers, and dental crowns are lifelong commitment

dump1030: open-source plug-and-play demodulator/decoder for 1030MHz uplink

Automatic Dependent Surveillance (ADS), Automatic Dependent Surveillance-Broadcast (ADS-B), Secondary Surveillance Radars (SSR), and Mode S are key air surveillance technologies representing a critical component of next-generation air transportation systems. However, compared to 1090MHz demodulators and decoders, which have plenty of implementations, the 1030MHz uplink receivers are, in general, scarcely, if at all, represented. In this paper, we present the development and evaluation of dump1030 - cross-platform plug-and-play open-source implementation for decoding 1030MHz uplink Mode A/C/S interrogations. We demonstrate and detail an agile development process of building dump1030 by adapting a state-of-the-art dump1090 design and implementation. In our repeated experiments, dump1030 achieves a high detection accuracy of 1030MHz interrogation signals based on lab evaluation using synthetically-generated interrogation signals. We also discuss a handful of practical use cases where dump1030 can find immediate application and implementation, both in research and industrial settings

Cybersecurity of COSPAS-SARSAT and EPIRB: threat and attacker models, exploits, future research

COSPAS-SARSAT is an International programme for "Search and Rescue" (SAR) missions based on the "Satellite Aided Tracking" system (SARSAT). It is designed to provide accurate, timely, and reliable distress alert and location data to help SAR authorities of participating countries to assist persons and vessels in distress. Two types of satellite constellations serve COSPAS-SARSAT, low earth orbit search and rescue (LEOSAR) and geostationary orbiting search and rescue (GEOSAR). Despite its nearly-global deployment and critical importance, unfortunately enough, we found that COSPAS-SARSAT protocols and standard 406 MHz transmissions lack essential means of cybersecurity. In this paper, we investigate the cybersecurity aspects of COSPAS-SARSAT space-/satellite-based systems. In particular, we practically and successfully implement and demonstrate the first (to our knowledge) attacks on COSPAS-SARSAT 406 MHz protocols, namely replay, spoofing, and protocol fuzzing on EPIRB protocols. We also identify a set of core research challenges preventing more effective cybersecurity research in the field and outline the main cybersecurity weaknesses and possible mitigations to increase the system's cybersecurity level