Firmware Slap is a tool that uses concolic analysis and semi-supervised firmware function learning to automate the discovery of exploitable vulnerabilities in firmware.
- Firmware is the weakest link in our devices and demands new methods of finding exploitable vulnerabilities
- Firmware Slap combines concolic analysis and semi-supervised firmware function learning to find exploitable vulnerabilities
- The tool uses under constrained concolic analysis to start from the bottom and work its way up, breaking up each action into separate analysis tasks
- Deidre is a tool released by the NSA that helps understand and model the actions at the bottom level of firmware
The speaker showed a video of finding exploitable bugs in the Almond 3 smart home device using Firmware Slap's concolic analysis tool. The tool was able to represent program states as a set of equations and ask specific questions about those states, such as if a network read or file read could corrupt the program counter or taint a system command. However, the tool failed on larger code bases due to running out of RAM. Under constrained concolic analysis was introduced as a solution to this problem, starting from the bottom and working up to break up each action into separate analysis tasks. The speaker also mentioned the lack of excellent mitigations on the top five most sold routers on Amazon, highlighting the need for tools like Firmware Slap to find and fix vulnerabilities in firmware.