Event RPE: The Broken Gear in the Watch
RPE: The Broken Gear in the Watch
Date: TBD, 2019 | Location: DreamPort Facility in Columbia MD
Depending on the brand, there can be 17 or more parts in an automatic wristwatch. While we may sometimes prefer a tablet or laptop here at DreamPort, these watches definitely can catch the eye, sometimes all it takes is for you see the sticker price. SOHO and midrange routers and switches are more our speed. While they also seem to be slowing climbing in price, their firmware images can consist of hundreds of files and executables.
When a gear malfunctions in a wristwatch it can be replaced. What about a vulnerable file in a firmware image? A firmware image can be upgraded, but it requires authors to cross-compile executables and build and compress (and maybe encrypt) the new image. Sometimes the original author may choose not to address vulnerabilities that have been discovered. What are we the user left to do? What if our mission(s) or business depend on that device? What's even worse is that as more and more products are available for same-day delivery, who tests these devices for vulnerabilities during the rush to market?
In this RPE we want to test participant's abilities to find and mitigate vulnerabilities in embedded device firmware such as switches, routers and firewalls. Participants should be prepared to analyze firmware images or live devices running the firmware. These images will either contain known vulnerabilities or will have been modified by DreamPort personnel to include vulnerabilities. Participants must understand how to unpack a firmware image, sort through the files contained in the image (or live copy of the firmware) and identify candidate executables, scripts and configuration files for analysis both automated and manual.
If vulnerabilities are identified, participants must develop a mitigation technique and deploy their technique in a virtual or physical execution environment. Participants may deploy firewall rules, alter configuration files, settings or even deploy new executables into the image to prevent successful exploitation of the vulnerabilities.
Participants will not be asked to analyze copyright protected firmware images. This type of analysis is typically restricted by end user license agreements (EULA).
Participants will be evaluated on their ability to:
- Unpack firmware images for analysis
- Identify vulnerabilities in files found in the firmware images
- Develop mitigations for the vulnerabilities
- Deploy mitigations to withstand exploitation by DreamPort personnel.
- Firmware Analysis
- Linux live analysis
- Vulnerability Scanning
- Reverse Engineering (ELF, ARM, MIPS)
- Virtualization (KVM)
DreamPort is searching for a team who is capable of performing this type of analysis, not a complete tool. Each firmware image or device analyzed may require unique analysis techniques that are next to impossible to build into an automated tool.
The successful team will be able to articulate their analysis and response processes and provide a live demonstration to DreamPort and government personnel if asked.