On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems
This addresses IoT security vulnerabilities for researchers and practitioners, though it is incremental as it builds on existing protocol analysis techniques.
The paper tackles the problem of analyzing IoT security by introducing the first manual reverse engineering framework for discovering communication protocols in Linux-based IoT systems, successfully applying it to reverse engineer protocols like the WeMo smart plug and exposing severe design flaws that allow attackers to control or deny service.
IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this paper, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. As an example, we present a detailed use of the framework reverse-engineering the WeMo smart plug communication protocol by extracting the firmware from the flash, performing static and dynamic analysis of the firmware and analyzing network traffic. The discovered protocol exposes severe design flaws that allow attackers to control or deny the service of victim plugs. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.