Leveraging EMBA for Static Firmware Vulnerability Analysis in Physical Security Products

In today’s interconnected world, physical security products such as CCTV cameras, door controllers, and fire alarms are an integral part of our security infrastructure. Ensuring the firmware running these devices is secure from threats is crucial. To aid in this endeavor, we’re employing EMBA, an open-source Embedded Analyzer, to perform static firmware vulnerability analysis.

Unpacking Static Vulnerability Analysis

Static vulnerability analysis involves inspecting code without actually executing it. This approach is particularly effective for detecting potential security vulnerabilities in a non-intrusive way. It can be conducted directly on source code, binary files, or firmware images.

Our static analysis primarily focuses on two techniques:

  1. Pattern Matching: In this technique, we search for known code patterns associated with vulnerabilities. Although it’s a rapid method, it’s also limited to identifying only known vulnerabilities.
  2. Checking CVEs of Used Libraries: This involves examining the Common Vulnerabilities and Exposures (CVEs) related to the libraries used in the firmware. This technique is critical for uncovering supply chain vulnerabilities that may have been introduced through third-party components.

By utilizing these techniques, we offer a robust method for identifying potential vulnerabilities in firmware.

Our Open-Source Initiative with EMBA

EMBA shines in its ability to analyze the Linux-based firmware of physical security devices. It scrutinizes file systems, analyzes binaries, and checks for known vulnerabilities tied to the used libraries, effectively exposing potential supply chain vulnerabilities.

We’ve gone a step further by making our findings transparent and accessible. We’ve created a comprehensive table, listing the results of our static firmware analysis of common physical security products. This includes crucial details like filenames, vendors, types of vulnerabilities (High, Medium, Low CVE Entries), and cryptographic checksums (MD5, SHA256).

The goal of this initiative is not just about assessing firmware for vulnerabilities, but also about providing a resource for the broader security community. By sharing our findings, we aim to raise awareness of potential firmware vulnerabilities and contribute to a more secure ecosystem for physical security products.

In conclusion, static firmware vulnerability analysis is an invaluable tool in the quest for enhanced security. Through the use of EMBA and open-source collaboration, we hope to contribute positively to the global community’s security efforts.

FilenameVendorTypeReportHigh CVE EntriesMedium CVE EntriesLow CVE EntriesShell Script IssuesNotesMD5SHA256
P3375-LV_9_80_34.binAxisCameraClick Here3396403716580f0bb5d94b2ed9a745619c7538a6c1fe193549285fa8b0e7c40dbdfbcdb285d4f25c9aae042b79b1b86d50e566afddcd
v1.0b14d_2019-05-07.zip => fw140.tar.gzEasyIOControllerClick Here3715594298248f5fa6ec85c3d5b37080f55b913669106ca90701b161942a68e2b8b0978b4c79571ea34b6a54dc2f8d319e9d33562a8
wco_cam_4.48.4.418.zip => WCO_CAMERA_V2_4.48.4.418.binWyzeCameraClick Here50489775157874581b319aa392a1f302095c8a64e5d4a028f04efb5c8fb83dcae374346d3434c1fe0db823aadf7e9aec86e42071bb
KT-400-v3.01.16.zip => K5DE301P.kceKantechControllerClick Here3284713320c111d734ed593bfbbb578669cbef7abac99d730e0208496e4180120b739a430c9a9d41ed1ac25390b6fab97e252382de
A1610_10_12_172_1.binAxisControllerClick Here225271161109046299484fe938dd04081ec70602440686af7e4af66dcee093b0cafbd8ca3a3bb8b8a43c713d10955ab30a53dcaae35e
V2Webcam.zip => demo.binWyzeCameraClick Here53896579316fab3279072d057c7f31a09356c425395a7a107671d081840af04af0865bac494e73f2fe5b03a4e083b9e2e7e4b107ba
DUMP.tarDlinkCameraClick Here5859127880732cb48099294ea0b7396cad5d1ef84c86074b47152310d867b084c7f7b4a128621bc101908e6888ed918619a6fe22f5d
A1610_11_6_16_1.binAxisControllerClick Here208268181102
Comments are closed.

Ready to Transform your Property? Let's Talk.