With the standardization of the Internet of Things (IoT) label, the public is gradually becoming aware of its wide use in almost all fields. And with this democratization we are confronted with this old and inherent problem: Security. And for good reason, IoT have become in the recent years the cyber-attackers preferred targets. In fact behind this marketing label lies the heart of the concern: Embedded systems.
Embedded systems have invaded all areas: robotics, home automation, industrial systems, toys, heathcare, smartphones, cars etc. Everything! And since we live in an era such devices are interconnected, a simple fraudulent access to a medical equipment will dramatically have serious consequences.
As aforementioned the security poses and will pose a major issue in the coming years. Do not be surprised to see (and it is already started) the old-school penetration tests shifting towards a new generation that focuses on both systems’ hardware and software. This is where the work of Kyle O’Meara, researcher at CERT / CC, kicks in, co-jointly with Madison Oliver also reseacher at the same organisation.
As depicted by the two researchers in their paper, embedded devices have several hardware and software components and each layer may contain exploitable vulnerabilities. Thus, the purpose of their work is to provide a methodology and a new approach to consider the weak points of all components.
Madison and Kyle also take advantage of introducing a new open source tool “Trommel” that makes the process of the embedded devices vulnerabilities assessment extremely simplified.
To my delight, Kyle had contacted me before the release of his tool to share with me his intention to use vFeed CE in this approach. We at vFeed IO are very honored that our engine will contribute to such a great mission : tracking and simplifying the vulnerability assessment of embedded devices.
I let you discover the paper and the open source tool of Kyle O’Meara and Madison Oliver security researchers at CERT/CC