Starting Date: Summer 2019
Duration: 10 weeks
Time commitment: 25-30 hours a week
Prerequisites: You should feel confident a programming language, preferably Python. You should also be willing to learn new concepts and techniques for binary analysis. Knowledge of Android is not strictly necessary but would be useful.
Performing security analysis of IoT devices is often expensive as it requires purchasing the IoT device, which is not practical at scale. To avoid this some researchers perform security analysis over the apps used by those IoT devices. Although this analysis can be useful it has some limitations as only one element of the ecosystem is being analysed. To avoid this, the security analysis could also focus on the firmware that is generally available via the Smartphone app, as it is the one in charge of software updates.
The goal of this project will be to develop a tool which is capable of analysing an Android app and downloading the firmware associated with that app from the corresponding support website. The tool will use static analysis to obtain the URLs that are used to download firmware updates for IoT devices. Then, it will use those URLs to download the firmware images, which will be then classified based on a set of features (device architecture, WiFi/BLE capability, etc.).