Full Program »
argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Cortex-M Binaries
Recent high-profile attacks on the Internet of Things (IoT) have brought to the forefront the vulnerabilities in "smart" devices, and have revealed poor device configuration to be the root cause in many cases. This has resulted in IoT technologies and devices being subjected to numerous security analyses. For the most part, automated analyses have been confined to IoT hub or gateway devices, which run more traditional operating systems such as Linux or VxWorks. However, most IoT peripherals, by their very nature of being resource-constrained, lacking traditional operating systems, implementing a wide variety of communication technologies, and (increasingly) featuring the ARM Cortex-M architecture, have only been the subject of smaller-scale analyses, typically confined to a certain class or brand of device. We bridge this gap with argXtract, a framework for performing automated static analysis of stripped Cortex-M peripheral binary files, to enable bulk extraction of security-relevant configuration information. Through a case study of 200+ Bluetooth Low Energy binaries targeting Nordic Semiconductor chipsets, as well as smaller studies against STMicroelectronics BlueNRG binaries and Nordic ANT binaries, argXtract discovers widespread security and privacy issues in IoT, including minimal or no protection for data, fixed pairing passkeys, and potential for device and user tracking.