Looking forward to seeing what FwAnalyzer is about!!
by Collin Mulliner – Cruise Automation
Modern devices are complex and their firmware often consists of multiple parts that together make up the software stack of the product. Securing firmware is a lot of work and even basic issues can cause a lot of pain in the long run. Firmware changes over time and is built for different purposes such as development, testing, and production. Simple but bad changes can have a huge effect if put into production catching those changes before shipping or even during development can prevent a lot of issues.
This talk is about FwAnalyzer, a tool to analyze filesystem images for security issues. Analysis is based on configurable rules that model things such as file ownership, permissions, and file content. FwAnalyzer further provides a data extraction engine that is used to gather information from a filesystem and make it accessible via its machine readable report. Overall FwAnalyzer is built to be used by experts for security analysis of existing firmware and for integrating it into the build pipeline to provide direct feedback during development. The talk is based on our experience of dealing with firmware for Linux-based devices built in-house and developed by 3rd parties.