Seeing is not always believing: Insights on IoT manufacturing from firmware composition analysis and vendor survey

Abbasi, 2019, Challenges in designing exploit mitigations for deeply embedded systems, 31 Almakhdhub, 2018, μrai: securing embedded systems with return address integrity Anchore Antonakakis, 2017, Understanding the mirai botnet, 1093 Cabé ByteSweep Chen, 2016, Towards automated dynamic analysis for linux-based embedded firmware Chen, 2018, Discovering memory corruptions in iot through app-based fuzzing Chen, 2021, Sharing more and checking less: leveraging common input keywords to detect bugs in embedded systems, 303 Chen, 2020, Automated identification of libraries from vulnerability data, 90 Chen, 2020, A machine learning approach for vulnerability curation, 32 Cloud Security Alliance, 2018 Costin, 2016, Automated dynamic firmware analysis at scale: a case study on embedded web interfaces, 437 Cyber Security Agency of Singapore DATAINTELO Derr, 2017, Keep me updated: an empirical study of third-party library updatability on android, 2187 Duan, 2020, Deepbindiff: learning program-wide code representations for binary diffing Dullien Fasano, 2021, Sok: enabling security analyses of embedded systems via rehosting, 687 Feng, 2016, Scalable graph-based bug search for firmware images, 480 Feng, 2019, Understanding and securing device vulnerabilities through automated bug report analysis, 887 Firmadyne FKIE-CAD Flake, 2004, Structural comparison of executable objects, 161 Free Software Foundation's Licensing and Compliance Lab Grand View Research Gustafson, 2019, Toward the analysis of embedded firmware through automated re-hosting, 135 Hex rays Humayun, 2020, Internet of things and ransomware: Evolution, mitigation and prevention, Egyptian Informatics Journal Hund, 2013, Practical timing side channel attacks against kernel space aslr, 191 IMARC Kim, 2020, Towards large-scale emulation of iot firmware for dynamic analysis, 733 Lauinger, 2017, Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web Li, 2018, Towards fine-grained fingerprinting of firmware in online embedded devices, 2537 Linux Kernel Security Subsystem wiki Market Research Future Market Watch Mordor Intelligence Muench, 2018, What you corrupt is not what you crash: Challenges in fuzzing embedded devices Nakajima, 2019, A pilot study on consumer iot device vulnerability disclosure and patch release in japan and the united states, 485 National Institute of Standards and Technology Ombredanne, 2020, Free and open source software license compliance: Tools for software composition analysis, Computer, 53, 105, 10.1109/MC.2020.3011082 QEMU ReFirmLabs Saito, 2015, Study on diffusion of protection/mitigation against memory corruption attack in linux distributions, 525 Shacham, 2004, On the effectiveness of address-space randomization, 298 Shoshitaishvili, 2015, Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware Sidhpurwala slimm609 Thompson, 2018, Build safety of software in 28 popular home routers Torvalds ubuntu wiki. Security/Features. (Accessed: 2023/06/06). Vignau, 2019, 10 years of iot malware: A feature-based taxonomy, 458 Wermke, 2020, Cloudy with a chance of misconceptions: Exploring users’ perceptions and expectations of security and privacy in cloud office suites, 359 Wright, 2021, Challenges in firmware re-hosting, emulation, and analysis, ACM Comput. Surv., 54, 10.1145/3423167 Yu, 2022, Georgios Portokalidis, and Jun Xu. Building embedded systems like it's 1996 Zaddach, 2014, A framework to support dynamic security analysis of embedded systems' firmwares, 1 Zheng, 2014, Droidray: a security evaluation system for customized android firmwares, 471 Zheng, 2019, Firm-afl: high-throughput greybox fuzzing of iot firmware via augmented process emulation, 1099 Zhou, 2020, Efficient protected shadow stacks for embedded systems, 1219