Embedded Device Vulnerability Analysis Case Study Using Trommel
Madison Oliver, Kyle O’Meara
Researching embedded devices is not always straightforward, as such devices often vastly differ from one another. Such research is difficult to repeat and results are not easily comparable because it is difficult to conceive a standard approach for analysis. This document proposes an initial research methodology for vulnerability analysis that can be applied to any embedded device. This methodology looks beyond preliminary research findings, such as open ports and running services, and takes a holistic, macro-level approach of the embedded device, to include an analysis of the firmware, web application, mobile application, and hardware. In addition, TROMMEL, an open source tool, was created to help researchers during embedded device vulnerability analysis. This document provides security researchers with a repeatable methodology to produce more thorough and actionable results when analyzing embedded devices for vulnerabilities. As a case study, we analyzed a Wi-Fi camera as a class of embedded devices to demonstrate this methodology is more encompassing than standard research. This methodology can be applied to all embedded devices and should be expanded as the landscape of embedded device evolves.
TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities.
The intended use of TROMMEL is to assist researchers during firmware analysis.
TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.