IoT Firmware Analysis — Firmwalker

IoT is the next big technology that will change the way we communicate and exchange data. Every day thousands of IoT devices are coming into the market. Most of these devices collect and exchange data over the cloud. Not much effort has been put into securing the IoT devices, thus understanding the security of IoT devices and their communication is of utmost importance.

If one has a close look at any IoT Network, there are many components to be secured. Some of them are listed below –

  1. Web/Cloud Interface
  2. Mobile Application
  3. IoT Communication Protocols
  4. IoT Hardware Interfaces like JTAG, UART, SPI, and I2C.
  5. IoT Device Firmware

Security of all the components mentioned above cannot be covered in a single post. In this post, I will explain how to analyze the firmware of any IoT device since not much resource is available on firmware security.

Firmware is a software program programmed on a hardware device. It provides the necessary instructions on how the device communicates with the other computer hardware.

Have you seen something like shown in the image below?

Now I hope it’s clear what firmware is. Put simply, the software running on any IoT device is termed as Firmware.

Firmware Analysis Methodology – To analyze any firmware, there are two ways to do so – one is manual and other uses a tool. Manual Analysis consumes a lot of time, and due to time constraints often it is not possible to do a manual analysis. Thus, automated analysis of firmware comes in handy.

In this post, we will learn how to use a tool named Firmwalker for analyzing the firmware. The tool was written by Craig and can be found at Please download it for performing firmware analysis practically.

The tool is basically a bash script capable (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nitesh Malviya. Read the original post at: