Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna

Research output: Contribution to conferencePaperpeer-review

47 Downloads (Pure)


Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of users’ lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure. Unfortunately, the software on these systems is hardware-dependent, and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Many of the existing devices implement their functionality through the use of multiple binaries. This multi-binary service implementation renders current static and dynamic analysis techniques either ineffective or inefficient, as they are unable to identify and adequately model the communication between the various executables. In this paper, we present KARONTE, a static analysis approach capable of analyzing embedded-device
firmware by modeling and tracking multi-binary interactions. Our approach propagates taint information between binaries to detect insecure interactions and identify vulnerabilities. We first evaluated KARONTE on 53 firmware samples from various vendors, showing that our prototype tool can successfully track
and constrain multi-binary interactions. This led to the discovery of 46 zero-day bugs. Then, we performed a large-scale experiment on 899 different samples, showing that KARONTE scales well with firmware samples of different size and complexity.
Original languageEnglish
Number of pages18
Publication statusPublished - 1 Apr 2020
EventBlack Hat Asia 2020 - Online, Singapore Time Zone, Singapore
Duration: 29 Sept 20202 Oct 2020


ConferenceBlack Hat Asia 2020
Internet address


  • Cybersecurity


Dive into the research topics of 'Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale'. Together they form a unique fingerprint.

Cite this