Annual Computer Security Applications Conference (ACSAC) 2021

Full Program »

argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Cortex-M Binaries

Recent high-profile attacks on the Internet of Things (IoT) have brought to the forefront the vulnerabilities in "smart" devices, and have revealed poor device configuration to be the root cause in many cases. This has resulted in IoT technologies and devices being subjected to numerous security analyses. For the most part, automated analyses have been confined to IoT hub or gateway devices, which run more traditional operating systems such as Linux or VxWorks. However, most IoT peripherals, by their very nature of being resource-constrained, lacking traditional operating systems, implementing a wide variety of communication technologies, and (increasingly) featuring the ARM Cortex-M architecture, have only been the subject of smaller-scale analyses, typically confined to a certain class or brand of device. We bridge this gap with argXtract, a framework for performing automated static analysis of stripped Cortex-M peripheral binary files, to enable bulk extraction of security-relevant configuration information. Through a case study of 200+ Bluetooth Low Energy binaries targeting Nordic Semiconductor chipsets, as well as smaller studies against STMicroelectronics BlueNRG binaries and Nordic ANT binaries, argXtract discovers widespread security and privacy issues in IoT, including minimal or no protection for data, fixed pairing passkeys, and potential for device and user tracking.

Pallavi Sivakumaran
Royal Holloway, University of London

Jorge Blasco
Royal Holloway, University of London

Paper (ACM DL)




Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC