Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Embedded Device Vulnerability Analysis Case Study Using Trommel

  • December 2017
  • By Madison Oliver, Kyle O'Meara
  • This document provides security researchers with a repeatable methodology to produce more thorough and actionable results when analyzing embedded devices for vulnerabilities.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
  • Abstract

    Researching embedded devices is not always straightforward, as such devices often vastly differ from one another. Such research is difficult to repeat and results are not easily comparable because it is difficult to conceive a standard approach for analysis. This document proposes an initial research methodology for vulnerability analysis that can be applied to any embedded device. This methodology looks beyond preliminary research findings, such as open ports and running services, and takes a holistic, macro-level approach of the embedded device, to include an analysis of the firmware, web application, mobile application, and hardware. In addition, TROMMEL, an open source tool, was created to help researchers during embedded device vulnerability analysis.

    This document provides security researchers with a repeatable methodology to produce more thorough and actionable results when analyzing embedded devices for vulnerabilities. As a case study, we analyzed a Wi-Fi camera as a class of embedded devices to demonstrate this methodology is more encompassing than standard research. This methodology can be applied to all embedded devices and should be expanded as the landscape of embedded device evolves.

  • Download