A Review of IoT Firmware Vulnerabilities and Auditing Techniques.

Sensors (Basel)

Department of Informatics, King's College London, London WC2R 2ND, UK.

Published: January 2024

In recent years, the Internet of Things (IoT) paradigm has been widely applied across a variety of industrial and consumer areas to facilitate greater automation and increase productivity. Higher dependability on connected devices led to a growing range of cyber security threats targeting IoT-enabled platforms, specifically device firmware vulnerabilities, often overlooked during development and deployment. A comprehensive security strategy aiming to mitigate IoT firmware vulnerabilities would entail auditing the IoT device firmware environment, from software components, storage, and configuration, to delivery, maintenance, and updating, as well as understanding the efficacy of tools and techniques available for this purpose. To this effect, this paper reviews the state-of-the-art technology in IoT firmware vulnerability assessment from a holistic perspective. To help with the process, the IoT ecosystem is divided into eight categories: system properties, access controls, hardware and software re-use, network interfacing, image management, user awareness, regulatory compliance, and adversarial vectors. Following the review of individual areas, the paper further investigates the efficiency and scalability of auditing techniques for detecting firmware vulnerabilities. Beyond the technical aspects, state-of-the-art IoT firmware architectures and respective evaluation platforms are also reviewed according to their technical, regulatory, and standardization challenges. The discussion is accompanied also by a review of the existing auditing tools, the vulnerabilities addressed, the analysis method used, and their abilities to scale and detect unknown attacks. The review also proposes a taxonomy of vulnerabilities and maps them with their exploitation vectors and with the auditing tools that could help in identifying them. Given the current interest in analysis automation, the paper explores the feasibility and impact of evolving machine learning and blockchain applications in securing IoT firmware. The paper concludes with a summary of ongoing and future research challenges in IoT firmware to facilitate and support secure IoT development.

Download full-text PDF

Source
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC10821153PMC
http://dx.doi.org/10.3390/s24020708DOI Listing

Publication Analysis

Top Keywords

iot firmware
24
firmware vulnerabilities
16
firmware
9
iot
9
auditing techniques
8
device firmware
8
auditing tools
8
vulnerabilities
6
auditing
5
review
4

Similar Publications

Development of an IoT-Based Device for Data Collection on Sheep and Goat Herding in Silvopastoral Systems.

Sensors (Basel)

August 2024

Universidade Tecnológica Federal do Paraná, Campus Cornélio Procópio, Cornélio Procópio 86300-000, Brazil.

To evaluate the ecosystem services of silvopastoral systems through grazing activities, an advanced Internet of Things (IoT) framework is introduced for capturing extensive data on the spatial dynamics of sheep and goat grazing. The methodology employed an innovative IoT system, integrating a Global Navigation Satellite System (GNSS) tracker and environmental sensors mounted on the animals to accurately monitor the extent, intensity, and frequency of grazing. The experimental results demonstrated the high performance and robustness of the IoT system, with minimal data loss and significant battery efficiency, validating its suitability for long-term field evaluations.

View Article and Find Full Text PDF

A complete low-power, low-cost and wireless solution for bridge structural health monitoring is presented. This work includes monitoring nodes with modular hardware design and low power consumption based on a control and resource management board called CoreBoard, and a specific board for sensorization called SensorBoard is presented. The firmware is presented as a design of FreeRTOS parallelised tasks that carry out the management of the hardware resources and implement the Random Decrement Technique to minimize the amount of data to be transmitted over the NB-IoT network in a secure way.

View Article and Find Full Text PDF

The widespread adoption of Internet of Things (IoT) devices in home, industrial, and business environments has made available the deployment of innovative distributed measurement systems (DMS). This paper takes into account constrained hardware and a security-oriented virtual local area network (VLAN) approach that utilizes local message queuing telemetry transport (MQTT) brokers, transport layer security (TLS) tunnels for local sensor data, and secure socket layer (SSL) tunnels to transmit TLS-encrypted data to a cloud-based central broker. On the other hand, the recent literature has shown a correlated exponential increase in cyber attacks, mainly devoted to destroying critical infrastructure and creating hazards or retrieving sensitive data about individuals, industrial or business companies, and many other entities.

View Article and Find Full Text PDF

Firmware Updates over the Air via LoRa: Unicast and Broadcast Combination for Boosting Update Speed.

Sensors (Basel)

March 2024

Airfal International, C. Río Ésera, 5, Villanueva de Gállego, 50830 Zaragoza, Spain.

The capacity to update firmware is a vital component in the lifecycle of Internet of Things (IoT) devices, even those with restricted hardware resources. This paper explores the best way to wirelessly (Over The Air, OTA) update low-end IoT nodes with difficult access, combining the use of unicast and broadcast communications. The devices under consideration correspond to a recent industrial IoT project that focuses on the installation of intelligent lighting systems within ATEX (potentially explosive atmospheres) zones, connected via LoRa to a gateway.

View Article and Find Full Text PDF

MQTree: Secure OTA Protocol Using MQTT and MerkleTree.

Sensors (Basel)

February 2024

Department of Automobile and IT Convergence, Kookmin University, Seoul 02707, Republic of Korea.

The escalating advancement in Software-Defined Vehicles (SDVs) necessitates a formidable strategy for firmware updates, where traditional methods often fall short of guaranteeing absolute integrity. Although decentralization has been explored in studies for firmware integrity verification using blockchain technology, it lacks comprehensive validation in the context of automotive over-the-air (OTA) updates. By recognizing the limitations of current practices and the partial validation of decentralized approaches, such as blockchain, in the automotive sector, our study introduces a novel mechanism for firmware over-the-air (FOTA) updates.

View Article and Find Full Text PDF

Want AI Summaries of new PubMed Abstracts delivered to your In-box?

Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!