Unlock instant, AI-driven research and patent intelligence for your innovation.

Vulnerability mining method and device based on Internet of Things firmware, equipment and storage medium

A technology of vulnerability mining and networking equipment, which is applied in the computer field and can solve problems such as security hazards

Pending Publication Date: 2022-01-28
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, recent attacks have shown that while IoT devices bring convenience to our lives, they can also pose security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability mining method and device based on Internet of Things firmware, equipment and storage medium
  • Vulnerability mining method and device based on Internet of Things firmware, equipment and storage medium
  • Vulnerability mining method and device based on Internet of Things firmware, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] see figure 1 , figure 1 It is a schematic flowchart of a method for mining vulnerabilities based on the firmware of the Internet of Things disclosed in the embodiment of the present application. Such as figure 1 As shown, the method of the embodiment of the present application includes the following steps:

[0062] 101. Obtain the binary file of the target IoT device;

[0063] 102. Extracting the firmware of the target IoT device according to the binary file of the target IoT device;

[0064] 103. Analyze the firmware of the target Internet of Things and obtain the symbol information of the firmware;

[0065] 104. Search system functions based on vulnerability search scripts and symbol information and determine the function address of the system function;

[0066] 105. Search for the reference function of the system function based on the vulnerability search script and the function address of the system function, and obtain the function address of the reference fun...

specific Embodiment approach

[0073] In the embodiment of the present application, as an optional implementation manner, regarding step 102, a specific implementation manner of extracting the firmware of the target IoT device according to the binary file of the target IoT device is as follows:

[0074] Use the binwalk tool to extract the firmware of the target IoT device from the binary file of the target IoT device. Among them, the Binwalk tool is a tool for searching a given binary image file to obtain embedded files and codes. Specifically, it is designed to identify the files and codes embedded in the firmware image. Therefore, in this embodiment, the binwalk tool can be used to identify the codes and files of the firmware part in the binary files of the target IoT device, so that based on the recognition results , which extracts the firmware of the target IoT device.

[0075] In the embodiment of the present application, as an optional implementation manner, regarding step 103, a specific implementat...

Embodiment 2

[0113] see Figure 4 , Figure 4 It is a schematic structural diagram of a vulnerability mining device based on the firmware of the Internet of Things disclosed in the embodiment of the present application. Such as Figure 4 As shown, the device of the embodiment of the present application includes the following functional modules:

[0114] Obtaining module 201, configured to obtain the binary file of the target IoT device;

[0115] An extraction module 202, configured to extract the firmware of the target Internet of Things according to the binary file of the target Internet of Things device;

[0116] The analysis module 203 is used to analyze the firmware of the target Internet of Things and obtain the symbolic information of the firmware;

[0117] The first search module 204 is configured to search system functions based on vulnerability search scripts and symbol information and determine function addresses of system functions;

[0118] The second search module 205 is us...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a vulnerability mining method and device based on Internet of Things firmware, equipment and a storage medium. The method comprises the steps of obtaining a binary file of target Internet of Things equipment, extracting firmware of the target Internet of Things according to the binary file of the target Internet of Things equipment, analyzing the firmware of the target Internet of Things, acquiring symbol information of the firmware, searching a system function, and determining a function address of the system function, searching a reference function based on the vulnerability search script and the function address of the system function, and determining code information of the reference function according to the function address of the reference function, and judging whether the reference function has a command injection risk or not according to the code information of the reference function, and if the reference function has the command injection risk, outputting target vulnerability information based on the reference function. According to the method and the device, the vulnerability mining accuracy and efficiency of the Internet of Things can be improved while vulnerability mining is carried out on the Internet of Things firmware.

Description

technical field [0001] The present application relates to the field of computers, in particular, to a method, device, device and storage medium for exploiting vulnerabilities based on the firmware of the Internet of Things. Background technique [0002] With the advancement of the development of Internet of Things technology, various Internet of Things devices have been widely used in administrative, commercial and financial fields. Various IoT devices such as smart cameras, routers, and smart door locks are playing an increasingly important role in daily life. However, recent attacks have shown that while IoT devices bring convenience to our lives, they can also pose security hazards. The current state of security in the IoT ecosystem is worrying. Due to the lack of effective methods to supervise IoT devices with weak security, we are always facing security threats in our daily life. Attackers exploit the vulnerabilities of IoT devices to realize remote control of self-dr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G16Y30/10G16Y40/50
CPCG06F21/577G16Y30/10G16Y40/50G06F2221/033
Inventor 黄晓
Owner BEIJING TOPSEC NETWORK SECURITY TECH