Sebastian Schrittwieser @ RIOT Summit 2024
At the beginning of September, Sebastian Schrittwieser, key researcher at SBA Research, gave this year’s keynote on Firmware Forensics: Semantic Functionality Identification Through Symbolic Execution and Program Simulation.
© Mathias Tausig
Abstract
The rapid expansion of the Internet of Things (IoT) has connected a wide range of devices, from household items to industrial systems. Despite this growth, the exact functionalities contained in IoT firmware often remain unclear, with hidden features and potential backdoors posing significant security threats.
In the past, symbolic execution has been used to reveal possible paths through programs, uncovering hidden functionalities and backdoors. This talk will cover existing work on symbolic execution and will further introduce a novel approach: identifying known algorithms through program simulation. By observing the input-output behavior of functions during simulated execution, our method can – independently from its actual implementation – identify malicious code, such as domain generation algorithms, within a binary firmware.
About the Summit
The RIOT Summit is an annual gathering focused on the latest advancements and discussions surrounding the RIOT operating system, a leading open-source platform for IoT development. The event brings together developers, researchers, and industry experts to explore cutting-edge innovations in IoT technology, including security, interoperability, and real-world applications. Participants engage in workshops, keynotes, and collaborative sessions aimed at driving the future of IoT through shared knowledge and community contributions. The Summit emphasizes practical insights and hands-on experiences in IoT development and deployment.