Spring 2023 - Fire Alarm Report
Aniyah Bussey, Daniel Chou, Manuel Fabregas, Sidney Wright, Drew Petry (Advisor), Garrett Brown (Advisor)
Given the prevalence of large commercial buildings and offices, building management systems have scaled to meet the perpetually increasing requirements. One such example is the fire alarm system. Although traditionally wired, newer developments are migrating to wireless infrastructure to support convenient expansion of sensors and pull stations. However, a byproduct of wireless advancement is the addition of new attack vectors to exploit fire systems. An experienced malicious actor could gain control of a building’s fire alarm through wireless means, and they could remotely spoof and suppress alarms at will, leaving those in the building in a dangerous situation. This ongoing study analyzes the vulnerabilities of Honeywell’s Smart Wireless Integrated Fire Technology (SWIFT) system, which integrates wired and wireless communication by using a gateway communicating with smoke detectors, pull stations, and other addressable fire devices.
Spring 2023 - Wyze Camera Report
Nashad Mohamed, Mahta Tavafoghi, Jake Ashmore (Advisor)
This paper details the the current research found by the Wyze Camera team in the Embedded Systems Cybersecurity VIP. The team is focused on the sensor firmware of the Wyze camera. Our objective is to understand the program and search for vulnerabilities by reverse engineering the main program binary files of the Wyze camera. This team aims to study the Over the Air (OTA) protocol of the Wyze camera which will lay the foundation for a RF fuzzing test bed which is the technique in which malformed, invalid, or unexpected data is fed into computer programs. Monitoring the program’s output while fuzzing helps find crashes, memory leaks, and other issues, which would present a way to discover security flaws in the Wyze Camera.
Spring 2023 - MITRE eCTF 2023 Report
Dinko Dermendzhiev, Katherine Paton-Smith, Adith Devakonda, Levi Doyle, Lindsay Estrella, Veena Gonugondla, Ritvik Verma, John Zhang, Samuel Litchfield (Advisor)
The 2023 MITRE Embedded CTF competition tasks teams with developing two firmware builds: car and fob. This document outlines the design decisions and implementation of this firmware as it relates to a few important security measures. In anticipation of the attack phase part of the competition, Section III details the work completed by the reverse engineering sub-team.
Fall 2022 - Wyze Camera Team's Report
Makiyah Dee, Marshall Yuan, Tegan Kapadia, Andrew Verzino, Jake Ashmore (Advisor)
This paper details the current progress in research into the Wyze Camera by the Embedded Systems Cyber Security VIP team of the Georgia Institute of Technology. This document covers the information the team has discovered regarding the camera’s capabilities, vulnerabilities, and firmware. The goal of the research is to discover the Over the Air protocol used by the Wyze camera so that we can use it as a test case for the development of an RF fuzzing testbed.
Fall 2022 - CSAW ESC 2022: Team mAIday's Report
Sydney Bice, Zelda Lipschutz, Katherine Paton-Smith, Ammar Ratnani, Samuel Litchfield (Advisor)
The authors participated in CSAW ESC 2022, conducting attacks to compromise the machine learning models presented in the challenges. This paper serves to debrief those challenges, covering the team’s analyses of the problems and their attempts to solve them.
Fall 2022 - CSAW ESC 2022: Team Ramblin’ Wrecks' Report
Antonia Nunley, Sheel Shah, Chris Reid, Kayla Kirnon, Allen Stewart (Advisor)
The paper discusses important research, solution, and technical issues that have occurred leading up to the competition. The paper first goes over the technical issues that the team endured, how we overcame some of those issues, and how it effected out process on the challenges. After talking about the setup process, the paper moves into the first challenge 7R0J4N_1. For this challenge, the paper discuss the research that was conducted in order for us to began completing the task. Then it moves into the scope of the challenge and the attack method we used to solve it. Once all of that us discussed, second challenge we discuses is C0DEW0RDS. This section talks about the goal of this challenge, the script that was created, and testing process.The next two challenges we discuss was poison_mushroom andaplaca5_everywhere, respectively. Both of them follow similar format, as the paper discuss the challenge, potential solution, and the research that was conducted. leak_b0ttle and Dumps7er D1VE are both similar challenges in the sense that they are both dealing with images, where as one goes into digital watermarking and the other determining which images were used their network with a proprietary set of images.
Fall 2022 - Fire Alarm Team's Report
Aniyah Bussey, Daniel Chou, Jun Yeop Kim, Siddharth Suman, Sidney Wright, Deniz Keskin (Advisor), Garrett Brown (Advisor)
As wireless fire alarm systems gain popularity due to increased convenience and more control over the various components for building administrators compared to a traditional wired system, they also introduce a new class of vulnerabilities that no wired system has. This ongoing study investigates what those vulnerabilities are, and how they might be exploited, for example, to induce panic in or create a dangerous environment for building occupants. This study specifically focuses on well- known building systems manufacturer Honeywell’s Smart Wireless Integrated Fire Technology (SWIFT) solution, which includes wireless versions of pull stations, smoke detectors, and other common fire alarm system devices, along with a gateway which interfaces these wireless devices with an existing wired system.
Spring 2022 - CSAW Team
Spencer Hua, Ammar Ratnani, Zelda Lipschutz, Chris Reid, Allen Stewart (Advisor)
With the increasing size and complexity of modern software, manually auditing source code for vulnerabilities has become intractable for all but the smallest programs. As a result, automated software techniques like fuzzing have become very popular due to their effectiveness at finding unique crash paths. This paper is a summary of the authors’ attempts at applying modern fuzzing methods to embedded systems. Specifically, it looks at fuzzing malloc implementations, including those provided by musl, uClibc, and AVR Libc. Additionally, the paper examines the authors’ progress in identifying the fundamental bugs found by fuzzing, as well as their efforts to create a functional remote code execution (RCE) exploit.
Spring 2022 - Fire Alarm Team
Garrett Brown, Donald Lawrence, George Kokinda, Daniel Chou, Sidney Wright, Yeonhak Kim, Chris M. Roberts (Advisor)
The market for fire protection systems has been transitioning from traditional wired networks to modern wireless mesh networks that offer superior convenience and management tools for building administrators. However, in addition to convenience, wireless networks expose new opportunities for attack that were not possible on wired systems. Despite the danger that these vulnerabilities can pose for users of a wireless fire system, relatively little research has been conducted in this area. This study investigates and uncovers the vulnerabilities in the well-known building management manufacturer Honeywell’s SWIFT system, specifically with regards to its SLC connection to previously existing wired devices, including pull stations, smoke detectors, and the fire alarm control panel.
Spring 2022 - Wyze Camera Team
Antonia Nunley, Joseph Lucas, Makiyah Dee, Marshall Yuan, Sheel Shah, Siddharth Suman, Jake Ashmore (Advisor)
This paper details the current progress in research into the Wyze Camera by the Embedded Systems Cyber Security VIP team of the Georgia Institute of Technology. This document goes over known and discovered information about the camera, including its capabilities, found vulnerabilities, and aspects of its firmware. The goal of the research is to discover the Over the Air protocol used by the Wyze camera, so that RF Fuzzing can be achieved.
Fall 2021 - CSAW ESC 2021 Final Paper: Team Rackets for Georgia Tech VIP
Spencer Hua, Ammar Ratnani, Suhani Madarapu, Zelda Lipschutz, Allen Stewart (Advisor)
The authors participated in CSAW ESC 2021, conducting many side-channel attacks (SCAs) and fault-injection attacks (FIA) on the presented challenges. This paper serves to debrief those challenges, debriefing the team’s analyses, though processes, and solution attempts.
Fall 2021 - SWIFT Wireless Fire Alarm System Analysis
Donald Lawrence, George Kokinda, Garrett Brown, Andrew Lukman, Yeonhak Kim, Jack Smalligan, Chris M. Roberts (Advisor)
Fire protection systems play a crucial role in the realm of building management. Despite its importance, there’s relatively little literature surrounding this topic in the field of cybersecurity. Over the past decade, building management systems have shifted away from age-old wired systems to more modern wireless systems that offer a higher-level convenience over their older counterparts. Though the benefits are undeniable, the ability to go wireless has opened up building management systems to a new domain of attacks. A malicious actor could assault a wireless fire protection system by triggering false alarms, disabling the system entirely, or partaking in other hostile activities to provoke havoc within a building. This study investigates a product suite from Honeywell (a manufacturer of building management systems) known as the SWIFT system which includes common fire protection components such as an alarm pull station, a smoke detector, a gateway, and more. The purpose of this study is to uncover any vulnerabilities that could lead to attacks on the SWIFT system through RF analysis, serial monitoring, and software/firmware reverse engineering.
Fall 2021 - Wyze Camera Report
Antonia Nunley, Chris Reid, David Wolfson, Joseph Lucas, Makiyah Dee, Kyser Montalvo, Jake Ashmore (Advisor)
This is the final paper for the Wyze research team at the Georgia Institute of Technology’s vertically integrated project on embedded systems and cyber security. This document gives a brief introduction of the camera and its characteristics, followed by information about known vulnerabilities, and the firmware of the camera, dongle, and contact sensor. The goal of the research this semester is to look into the RF protocol used by the Wyze camera and determine characteristics about the transfer of packets.
Fall 2021 - Patching of ESC Challenges via Applied Research and Experimental Verification
Siddhant Singh, Cameron Newman, Siddharth Suman, Sheel Shah, Allen Stewart (Advisor)
This document details the vulnerability mitigation patches that team Mouseion from the Georgia Institute of Technology implemented for all challenges of the CSAW ESC 2021 event as part of the research track. These challenges involved various vulnerabilities to Fault Injection and Side Channel Analysis based attacks which were analysed, mitigated and verified by the team. This involved examining existing research as well as applying generalized mitigation approaches for such vulnerabilities to each challenge program. These mitigation implementations were tested via power traces and fault injection attacks to compare them with the original challenges and empirically verify their effectiveness and efficiency.
Spring 2021 - Fire Alarm Team
Garrett Brown, Donald Lawrence, George Kokinda, Jaewon Jeung, Chris M. Roberts (Advisor)
Building management and fire protection systems are relatively under-researched areas in the field of cybersecurity. A malicious actor could attack one of these systems in order to cause interruption of functionality, false alarms, and other dangers to the inhabitants of the building. Honeywell is a manufacturer of these building management systems, and this study investigates their Fire Alarm Pull Station and any vulnerabilities involving it and the overarching SWIFT system.This is accomplished through analyzing the protocol SWIFT devices use to communicate, and by finding exploits that a bad actor would want to take advantage of.
Spring 2021 - Wyze Camera Team
Alma Nkemla ,Katherine Paton-Smith, Houlton McGuinn, Jake Ashmore (Advisor)
This paper is the final report for the Wyze Camera Team in the VIP: Embedded Systems Cyber Security. The document starts by outlining characteristics of the Wyze camera in addition to previous works regarding vulnerabilities of the camera. Then current research into determining the RF protocol is described. The goal of the research is to ultimately create a RF testing system to reveal more vulnerabilities of the Wyze camera.
Spring 2021 - CSAW Team A
Connor Bushnell, Akshat Sistla, Cameron Newman, Lisa Nute, Allen Stewart (Advisor)
This paper provides the final report submission for team CSAW-A in the Vertically Integrated Projects: Cybersecurity of Embedded Systems course. The team demonstrates their ability to use open-source reverse engineering tools, as well as details the creation of their own tools, for the purposes of analyzing and solving challenges presented by past and futureCSAW ESC binaries.
Spring 2021 - CSAW Team B
Spencer Hua, Taleb Hirani, Siddhant Singh, John Moxley, Allen Stewart (Advisor)
This report details the efforts of the Georgia Tech’s Embedded System Cybersecurity VIP team to create a Ghidra script for use in the static analysis of binaries for various architecture. This tool uses Ghidra’s plugin system and external engines to symbolically solve for constraints and reach a solution state in the loaded binary. The team demonstrates this tool and the process of creating and using it.