Security of firmware update mechanisms within SOHO routers

Security of firmware update mechanisms within SOHO routers

Purpose of this thesis was to analyze the state of firmware update security within SOHO (Small Office/Home Office) routers as anecdotal claims of insecure routers are common and firmware updates are critical to the overall device security. A case study was performed, where 12 devices were analyzed u...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Kolehmainen, Santtu
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2019
Aiheet:
firmware updates
embedded systems
firmware analysis
Tietotekniikka
Mathematical Information Technology
602
sulautettu tietotekniikka
takaisinmallinnus
turvallisuusanalyysi
ubiquitous computing
reverse engineering
security analysis
Linkit: https://jyx.jyu.fi/handle/123456789/64101
_version_ 1828193081058394112
author Kolehmainen, Santtu
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Kolehmainen, Santtu Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Kolehmainen, Santtu Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Kolehmainen, Santtu
datasource_str_mv jyx
description Purpose of this thesis was to analyze the state of firmware update security within SOHO (Small Office/Home Office) routers as anecdotal claims of insecure routers are common and firmware updates are critical to the overall device security. A case study was performed, where 12 devices were analyzed using network and firmware level analysis. Analyzed devices were found to have trivial vulnerabilities where Man-In-The-Middle attacker could deny further updates or install malicious firmware through the network update mechanism. Results highlight the need for large-scale security analysis of similar devices and more secure development practices.
first_indexed 2019-09-20T09:13:21Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Costin, Andrei", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Kolehmainen, Santtu", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-05-22T08:11:10Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-05-22T08:11:10Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/64101", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Purpose of this thesis was to analyze the state of firmware update security within SOHO (Small Office/Home Office) routers as anecdotal claims of insecure routers are common and firmware updates are critical to the overall device security. A case study was performed, where 12 devices were analyzed using network and firmware level analysis. Analyzed devices were found to have trivial vulnerabilities where Man-In-The-Middle attacker could deny further updates or install malicious firmware through the network update mechanism. Results highlight the need for large-scale security analysis of similar devices and more secure development practices.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2019-05-22T08:11:10Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-05-22T08:11:10Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "66", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "firmware updates", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "embedded systems", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "firmware analysis", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Security of firmware update mechanisms within SOHO routers", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201905222704", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sulautettu tietotekniikka", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "takaisinmallinnus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "turvallisuusanalyysi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ubiquitous computing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "reverse engineering", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "security analysis", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_64101
language eng
last_indexed 2025-03-31T20:01:27Z
main_date 2019-01-01T00:00:00Z
main_date_str 2019
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/b4ab9784-629f-44d1-8656-c03cc5c05464\/download","text":"URN:NBN:fi:jyu-201905222704.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2019
record_format qdc
source_str_mv jyx
spellingShingle Kolehmainen, Santtu Security of firmware update mechanisms within SOHO routers firmware updates embedded systems firmware analysis Tietotekniikka Mathematical Information Technology 602 sulautettu tietotekniikka takaisinmallinnus turvallisuusanalyysi ubiquitous computing reverse engineering security analysis
title Security of firmware update mechanisms within SOHO routers
title_full Security of firmware update mechanisms within SOHO routers
title_fullStr Security of firmware update mechanisms within SOHO routers Security of firmware update mechanisms within SOHO routers
title_full_unstemmed Security of firmware update mechanisms within SOHO routers Security of firmware update mechanisms within SOHO routers
title_short Security of firmware update mechanisms within SOHO routers
title_sort security of firmware update mechanisms within soho routers
title_txtP Security of firmware update mechanisms within SOHO routers
topic firmware updates embedded systems firmware analysis Tietotekniikka Mathematical Information Technology 602 sulautettu tietotekniikka takaisinmallinnus turvallisuusanalyysi ubiquitous computing reverse engineering security analysis
topic_facet 602 Mathematical Information Technology Tietotekniikka embedded systems firmware analysis firmware updates reverse engineering security analysis sulautettu tietotekniikka takaisinmallinnus turvallisuusanalyysi ubiquitous computing
url https://jyx.jyu.fi/handle/123456789/64101 http://www.urn.fi/URN:NBN:fi:jyu-201905222704
work_keys_str_mv AT kolehmainensanttu securityoffirmwareupdatemechanismswithinsohorouters

Samankaltaisia teoksia