Automated security analysis

The complexity of the IoT threat landscape makes it difficult for IoT developers to stay on top of the latest attack methods and recommended practices for fielding a secure product. New automated IoT security analysis tools that introduce intelligence into the automated analysis process are coming to market.

One such tool is from VDOO, an Israeli security startup. Their firmware security analysis tool identifies security weaknesses and design flaws in IoT firmware, and recommends security controls based on industry-leading best practices.

The author spoke with VDOO representative Leo Dorrendorf about the expanding role that automated security analysis can play in the IoT development process:

1. Why should product manufacturers use automated security analysis tools as a component of their secure development life cycle? 

Automated security analysis tools provide immediate visibility into the state of the product’s security. Running a firmware scan results in a gap analysis report, which architects and engineers can use in the design and implementation stages of the Secure Development Lifecycle (SDL).

Unlike human penetration testing and manual quality assurance, automated tools integrate easily into continuous development, aiding in the verification stage of the SDL. Running hundreds of tests in a short time frame is only possible with automation. In larger companies with a wider product range to cover, automation is a necessity.

1. Which types of weaknesses can be identified using firmware security analysis tools? 

In some cases, they can uncover deep design issues. For example, a simple automated check may find that all software on a device is running as root, indicating that the device is missing authorization controls and security in depth. 

Automated tools commonly identify issues which can lead to takeover by a remote attacker, such as poorly configured authentication or exposed network interfaces. Automated tests also turn up problems that enable hijacking by attackers with local access to the device, like unprotected credentials, missing encryption for data at rest, or exposed physical interfaces. 

Scanning tools can identify outdated software, and combine that information with data from public vulnerability databases, uncovering firmware vulnerabilities introduced into the product by third-party software in the supply chain. 

Finally, automated tools find poor security practices that lead to potential vulnerabilities. Examples include lacking or misconfigured logging and auditing, and common weaknesses such as the use of unsafe function calls and shell commands. 

Unlike human reverse engineering, automated scanners cannot discover new and previously unknown attacks, but excel at detecting known weaknesses – possibly in new locations.

1. Can automated security analysis tools be used as a guide towards a security-by-design approach? 

Analysis tools can do more than scan firmware binaries. When tools are built on a formal security model, the knowledge in that model becomes structured and can be queried. A knowledge base or website interface can be built around the security model.

By using searches and queries, the security model can be tailored to the relevant use cases and threat models. This can provide engineering and security architects with the necessary guidance at the design stage of the SDL.

Integrating automated scanners at the verification stage of the SDL helps ensure that the product's design and implementation are secure, and expose any flaws. The scans can be repeated as necessary, before initial release, and afterwards as the product goes through modifications and updates.