Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AutoFirm: Automatically Identifying Reused Libraries inside IoT Firmware at Large-Scale

YongLe Chen, Feng Ma, Ying Zhang, YongZhong He, Haining Wang, Qiang Li

TL;DR

AutoFirm tackles the security risk posed by reused libraries in IoT firmware by proposing an automated, large-scale detection approach that relies on library syntax (name and version) rather than binary similarity. It builds a three-component pipeline (firmware collection, library identification, vulnerable library detection) and conducts a large-scale empirical study across 6,901 firmware images, 2,729 CVEs, and 349 libraries. The study reveals widespread reuse of outdated libraries (67.3%) with average remediation times around 1.34 years, and that vulnerabilities can have high CVSS scores affecting millions of devices, per Shodan signals. The results underscore the need for proactive maintenance of software libraries in IoT firmware to mitigate risk across the device ecosystem.

Abstract

The Internet of Things (IoT) has become indispensable to our daily lives and work. Unfortunately, developers often reuse software libraries in the IoT firmware, leading to a major security concern. If vulnerabilities or insecure versions of these libraries go unpatched, a massive number of IoT devices can be impacted. In this paper, we propose the AutoFirm, an automated tool for detecting reused libraries in IoT firmware at a large scale. Specifically, AutoFirm leverages the syntax information (library name and version) to determine whether IoT firmware reuses the libraries. We conduct a large-scale empirical study of reused libraries of IoT firmware, investigating more than 6,900+ firmware and 2,700+ distinct vulnerabilities affecting 11,300+ vulnerable versions from 349 open-source software libraries. Leveraging this diverse information set, we conduct a qualitative assessment of vulnerable library versions to understand security gaps and the misplaced trust of libraries in IoT firmware. Our research reveals that: manufacturers neglected to update outdated libraries for IoT firmware in 67.3\% of cases; on average, outdated libraries persisted for over 1.34 years prior to remediation; vulnerabilities of software libraries have posed server threats to widespread IoT devices.

AutoFirm: Automatically Identifying Reused Libraries inside IoT Firmware at Large-Scale

TL;DR

AutoFirm tackles the security risk posed by reused libraries in IoT firmware by proposing an automated, large-scale detection approach that relies on library syntax (name and version) rather than binary similarity. It builds a three-component pipeline (firmware collection, library identification, vulnerable library detection) and conducts a large-scale empirical study across 6,901 firmware images, 2,729 CVEs, and 349 libraries. The study reveals widespread reuse of outdated libraries (67.3%) with average remediation times around 1.34 years, and that vulnerabilities can have high CVSS scores affecting millions of devices, per Shodan signals. The results underscore the need for proactive maintenance of software libraries in IoT firmware to mitigate risk across the device ecosystem.

Abstract

The Internet of Things (IoT) has become indispensable to our daily lives and work. Unfortunately, developers often reuse software libraries in the IoT firmware, leading to a major security concern. If vulnerabilities or insecure versions of these libraries go unpatched, a massive number of IoT devices can be impacted. In this paper, we propose the AutoFirm, an automated tool for detecting reused libraries in IoT firmware at a large scale. Specifically, AutoFirm leverages the syntax information (library name and version) to determine whether IoT firmware reuses the libraries. We conduct a large-scale empirical study of reused libraries of IoT firmware, investigating more than 6,900+ firmware and 2,700+ distinct vulnerabilities affecting 11,300+ vulnerable versions from 349 open-source software libraries. Leveraging this diverse information set, we conduct a qualitative assessment of vulnerable library versions to understand security gaps and the misplaced trust of libraries in IoT firmware. Our research reveals that: manufacturers neglected to update outdated libraries for IoT firmware in 67.3\% of cases; on average, outdated libraries persisted for over 1.34 years prior to remediation; vulnerabilities of software libraries have posed server threats to widespread IoT devices.
Paper Structure (18 sections, 15 figures, 9 tables)

This paper contains 18 sections, 15 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Design and Implementation
  4. IoT Firmware Collection
  5. Library Identification
  6. Vulnerable Library Detection
  7. Implementation
  8. Large-scale Analysis
  9. Firmware Characteristics
  10. Reused Library Characteristics
  11. Vulnerable Library Characteristics
  12. Findings
  13. RQ1: Reused Library Update
  14. RQ2: Persistence Time
  15. RQ3: Vulnerability Impact
  16. ...and 3 more sections

Figures (15)

  • Figure 1: An example for software library usage in the IoT firmware.
  • Figure 2:
  • Figure 4: An overview of AutoFirm's architecture: (1) IoT firmware collection, (2) Library list identification, and (3) Vulnerable library detection.
  • Figure 5:
  • Figure 7: The distribution of downloading firmware images from the Internet: the red-color curve represents the firmware number, and the blue-color curve indicates the success rate.
  • ...and 10 more figures