Detection of the Hardcoded Login Information from Socket Symbols

Abstract

Internet of Things (IoT) for smart homes enhances the convenience of our life; however, it also introduces the risk of leakage of privacy data in the house. A user wants to protect their privacy data from leakage. However, the analysis of IoT devices requires technical knowledge; therefore, it is challenging for the users to detect any vulnerability by themselves. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using static analysis. This method can detect the 1st vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Thus, previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, these studies require time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information, i.e., string search and socket search. In string searching, it finds a function that uses strcmp or strncmp symbol. In socket searching, it finds a function that is referenced by socket symbol. In the experiment, we measured the ability of our method by searching six firmware in the real world that has a backdoor. we ran three methods: string search, socket search, and whole search to compare two methods. As a result, all methods found login information from four of six firmware. Our method reduces an analysis time that when the whole search takes 38mins to complete, our methods finish 4-6min.