Fall 2024 - Fire Alarm Report
Trey Durden, Madelyn Novelli, James Ragazino, Spencer Redelman, Alexander Schoolcraft, Liam Smith, Tony Tanory, Ky Tran, Drew Petry (Advisor), Garrett Brown (Advisor)
The SWIFT (Smart Wireless Integrated Fire Technology) system, developed by Honeywell, includes various fire alarm devices such as wireless smoke and heat detectors, pull stations, alarms, monitoring software, and control panels. By utilizing wireless communication, SWIFT eliminates the need for extensive cabling, which simplifies installation and allows for more flexible device placement. However, wireless systems can be vulnerable to hacking or tampering if not properly secured. Unauthorized access could disrupt the system’s functionality or trigger false alarms. This study seeks to examine the security weaknesses of the Honeywell SWIFT system through firmware reverse engineering and targeted attacks.
Fall 2024 - Wyze Camera Report
Ben Cordova, Michael Edoigiawerie, Andrew Graffeo, Varsha Jacob, Joshua Muehring, Tanay Rajkumar, Deniz Timurturkan, Blake Wood, Jake Ashmore (Advisor)
This paper covers details about the Wyze Camera and the Georgia Tech Embedded System Cyber Security’s research into the camera as of Fall 2024. The goal of the research project is to exploit the Wyze IP Camera. This paper demonstrates our work to reverse engineer the Wyze Camera’s radio frequency (RF) protocols. The team will then try to replicate these results through a process called fuzzing. The results of these two processes will then be compared to see if fuzzing is a viable alternative for manual reverse engineering RF devices.
Fall 2024 - CSAW Team Yellow Hackets Report
Shayan Aqeel, Henry Bui, Tracy Guo, Smit Patel, Drew Petry (Advisor), Kevin Thompson (Advisor)
This paper describes all of the work that the Yellow Hackets team completed within the semester competing in the Cybersecurity Awareness Embedded Security Challenge (CSAW ESC).
The CSAW ESC is a challenge where teams are given an Arduino acting as a cyber-physical system and tasked to crack and expose keys within the system. For the 2024 season, the CSAW ESC specifically focused on manufacturing-based cyber-physical systems and possible exploits that could be performed in a manufacturing environment.
This paper focuses on the research done to prepare for the challenge (particularly the possible exploits and side channel attack vulnerabilities that could be performed against a manufacturing-based cyberphysical system), the technical work done to tackle each of the challenges in the CSAW ESC, and individual contributions of each of the team members
Fall 2024 - CSAW Team Trojan Trackers Report
David Kim, Kayla Kirnon, Joshua Wang, Drew Petry (Advisor), Kevin Thompson (Advisor)
This report outlines our team’s engagement in the Vertically Integrated Projects (VIP), with a focus on embedded systems security. As part of the course, we participated in the CSAW Embedded Security Challenge, a competition that provided a practical platform to apply the theoretical and technical concepts learned in class. This paper details our approaches to addressing the challenges, the methodologies we employed, and the lessons learned throughout the semester. By linking our work in the competition to the VIP program objectives, we highlight the value of experiential learning in developing advanced problem solving skills in embedded systems security
Fall 2024 - CSAW Team GT Security Innovators Report
Jennifer Maaskant, Divyen Marsonia, Darshan Singh, Drew Petry (Advisor), Kevin Thompson (Advisor)
The 2024 Embedded Security Challenge (ESC) is an international competition focusing on hacking into the hardware of embedded systems. This year's ESC is on using side-channel attacks (SCA) on cyber-physical systems (CPS) in the manufacturing industry. As Cyber-Physical Systems (CPS) become increasingly complex, they become more susceptible to side-channel attacks (SCAs), which exploit unintended information leaks to breach security. This pager explores the various side-channel attack methodologies applicable to CPS, focusing on acoustic, power analysis, timing, electromagnetic emissions, and encryption attacks. It provides an overview of these attacks, detailing how they exploit specific vulnerabilities in various CPS components that run off Arduino-based systems, such as sensors, actuators, and controllers. In response to these threats, this pager explores essential mitigation strategies to protect these systems from SCAs, including obfuscating power consumption, obscuring timing information, and shielding electromagnetic emissions. Highlighting attack methods and mitigations, this research aims to understand the risks posed by sidechannel attacks in CPS and offer recommendations for improving system security.
Spring 2024 - Wyze Camera Team's Report
Michael Edoigiawerie, Varsha Jacob, Joshua Muehring, Spencer Redelman, Deniz Timurturkan, Robert Ward, Jake Ashmore (Advisor)
This paper covers the work done on the Wyze IP Camera by the Embedded Systems Cyber Security VIP at Georgia Institute of Technology. The paper will include work up to and including Spring 2024. The VIP Project’s goal is to manually reverse engineer the wireless communications protocol portion of the Wyze IP Camera in order to find any vulnerabilities in its code. The main areas of focus in the wireless protocol for this semester’s research include the camera’s methods of receiving, transmitting, and processing packets. The camera’s binary was disassembled in Ghidra to provide psuedo-C code, which is being used to learn more about each of these sections. In the future, the results found from manually reverse engineering the camera will be compared to the results of automatically spoofing the camera, in order to determine if automatic spoofing is a viable candidate for finding vulnerabilities in RF devices.
Spring 2024 - MITRE eCTF Team Yellow Hacket's Report
Henry Bui, Brianna Bumpus, Levi Doyle, Andrew Graffeo, Nashad Mohamed, Mahta Tavafogh, Alan Zheng, Kevin Thompson (Advisor)
This paper describes the MITRE eCTF 2024 competition and details as well as the Yellow Hackets team’s implementation and security methods used to meet the various requirements of the competition.
Spring 2024 - MITRE eCTF Team BuzzHack's Report
Shayan Aqeel, Adith Devakonda, Jacob Devane, Lindsay Estrella, Tracy Guo, Scott Snow, John Zhang, Kevin Thompson (Advisor)
The 2024 MITRE eCTF competition focuses on developing and attacking microcontroller medical devices. In this report the design decisions and implementations of the secure firmware are outlined. These solutions emphasize security measures like symmetric encryption and hashing algorithms. The build environment includes hosting necessary tools, packages, and dependencies using Nix and Poetry. The Medical Infrastructure Supply Chain (MISC) architecture consists of an Application Processor (AP) and two Components implemented through the MAX78000FTHR development boards.
The MISC functionality includes commands for listing Component IDs, obtaining Attestation Data, replacing failed Components, performing integrity checks, and enabling secure communications. The security requirements include verifying the boot process, authorizing boot-up sequences, maintaining confidentiality, and establishing secure communications post-boot. This report captures the work team members have done in the competition, along with a timeline of events and goals completed.
Spring 2024 - Fire Alarm Team's Report
Bryan Casalini, Trey Durden, Wolf Helm, Madelyn Novelli, Darshan Singh, Drew Petry (Advisor), Garrett Brown (Advisor)
SWIFT (Smart Wireless Integrated Fire Technology) is a line of fire alarm devices produced by Honeywell. The product line consists of many different devices like wireless smoke and heat detectors, pull stations, alarms, as well as monitoring software and control panels. SWIFT devices communicate wirelessly, reducing the need for extensive cabling and conduits. This is marketed to simplify installation and allows for flexible placement of devices. Unfortunately wireless communication can be vulnerable to hacking or tampering, especially if proper security measures are not implemented. Unauthorized access to the system could potentially compromise its functionality or lead to false alarms. This study aims to investigate the vulnerabilities of the Honeywell SWIFT system by reverse engineering the systems firmware, and targeting it with precise attacks.
Fall 2023 - CSAW Team A
Lindsay Estrella, Kayla Kirnon, Nashad Mohamed, Mahta Tavafoghi, Andrew Zeliff (Advisor)
This paper outlines our methodical approach to understanding and addressing the challenges in this year’s CSAW competition. We detail our processes for vulnerability analysis, process, and execution. This paper offers insights into our approaches to the challenges we completed and the others that stumped us. The paper also reflects any changes or new approaches done after receiving a partial answer key to the challenges
Fall 2023 - CSAW Team B
Adith Devakonda, Levi Doyle, Madelyn Novelli, John Zhang, Andrew Zeliff (Advisor)
The 2023 CSAW Embedded Security Challenge focuses on side channel attacks (SCAs) on cyber-physical systems (CPS). The competition phase put side channel knowledge into practice as teams attempted to retrieve flags from an Arduino based system running various programs.
Fall 2023 - Fire Alarm Team
Aniyah Bussey, Nathan Dailey, Trey Durden, Drew Petry (Advisor), Garrett Brown (Advisor)
Given the increase of large commercial buildings throughout America, building management has become a bigger concern than ever, as it becomes less and less possible for one person to manage a building thoroughly . One crucial system in these very large buildings is the fire alarm system. These systems are traditionally wired, however newer developments are migrating to wireless infrastructure to support expansion of these systems into larger and more complex places. However, moving to a wireless infrastructure means that these fire alarm systems are now being opened up to new methods of attack by malicious entities. With enough experience an individual could wirelessly gain control of a building’s fire alarm, and remotely control the system potentially putting innocent people into dangerous situations. This ongoing study analyzes the vulnerabilities of Honeywell’s Smart Wireless Integrated Fire Technology (SWIFT) system, which integrates wired and wireless communication by using a gateway communicating with smoke detectors, pull stations, and other addressable fire devices.
Fall 2023 - Wyze Camera Team
Michael Edoigiawerie, Varsha Jacob, Joshua Muehring, Spencer Redelman, Deniz Timurturkan, Jake Ashmore (Advisor)
This paper covers details about the Wyze Camera and the Georgia Tech Embedded System Cyber Security’s research into the camera as of Fall 2023. The goal of the research project is to exploit the Wyze IP Camera, which can be done by manually reverse engineering the camera’s code for receiving and transmitting information. The overall goal of the project is to reverse engineer the Wyze Camera’s RF protocols in order to exploit it as a proof of concept. The team will then try to automatically get these same results through a process called fuzzing as a proof of concept. The results of these two processes will then be compared to see if fuzzing is a viable alternative for manual reverse engineering RF devices.
Spring 2023 - Fire Alarm Report
Aniyah Bussey, Daniel Chou, Manuel Fabregas, Sidney Wright, Drew Petry (Advisor), Garrett Brown (Advisor)
Given the prevalence of large commercial buildings and offices, building management systems have scaled to meet the perpetually increasing requirements. One such example is the fire alarm system. Although traditionally wired, newer developments are migrating to wireless infrastructure to support convenient expansion of sensors and pull stations. However, a byproduct of wireless advancement is the addition of new attack vectors to exploit fire systems. An experienced malicious actor could gain control of a building’s fire alarm through wireless means, and they could remotely spoof and suppress alarms at will, leaving those in the building in a dangerous situation. This ongoing study analyzes the vulnerabilities of Honeywell’s Smart Wireless Integrated Fire Technology (SWIFT) system, which integrates wired and wireless communication by using a gateway communicating with smoke detectors, pull stations, and other addressable fire devices.
Spring 2023 - Wyze Camera Report
Nashad Mohamed, Mahta Tavafoghi, Jake Ashmore (Advisor)
This paper details the the current research found by the Wyze Camera team in the Embedded Systems Cybersecurity VIP. The team is focused on the sensor firmware of the Wyze camera. Our objective is to understand the program and search for vulnerabilities by reverse engineering the main program binary files of the Wyze camera. This team aims to study the Over the Air (OTA) protocol of the Wyze camera which will lay the foundation for a RF fuzzing test bed which is the technique in which malformed, invalid, or unexpected data is fed into computer programs. Monitoring the program’s output while fuzzing helps find crashes, memory leaks, and other issues, which would present a way to discover security flaws in the Wyze Camera.
Spring 2023 - MITRE eCTF 2023 Report
Dinko Dermendzhiev, Katherine Paton-Smith, Adith Devakonda, Levi Doyle, Lindsay Estrella, Veena Gonugondla, Ritvik Verma, John Zhang, Samuel Litchfield (Advisor)
The 2023 MITRE Embedded CTF competition tasks teams with developing two firmware builds: car and fob. This document outlines the design decisions and implementation of this firmware as it relates to a few important security measures. In anticipation of the attack phase part of the competition, Section III details the work completed by the reverse engineering sub-team.
Fall 2022 - Wyze Camera Team's Report
Makiyah Dee, Marshall Yuan, Tegan Kapadia, Andrew Verzino, Jake Ashmore (Advisor)
This paper details the current progress in research into the Wyze Camera by the Embedded Systems Cyber Security VIP team of the Georgia Institute of Technology. This document covers the information the team has discovered regarding the camera’s capabilities, vulnerabilities, and firmware. The goal of the research is to discover the Over the Air protocol used by the Wyze camera so that we can use it as a test case for the development of an RF fuzzing testbed.
Fall 2022 - CSAW ESC 2022: Team mAIday's Report
Sydney Bice, Zelda Lipschutz, Katherine Paton-Smith, Ammar Ratnani, Samuel Litchfield (Advisor)
The authors participated in CSAW ESC 2022, conducting attacks to compromise the machine learning models presented in the challenges. This paper serves to debrief those challenges, covering the team’s analyses of the problems and their attempts to solve them.
Fall 2022 - CSAW ESC 2022: Team Ramblin’ Wrecks' Report
Antonia Nunley, Sheel Shah, Chris Reid, Kayla Kirnon, Allen Stewart (Advisor)
The paper discusses important research, solution, and technical issues that have occurred leading up to the competition. The paper first goes over the technical issues that the team endured, how we overcame some of those issues, and how it effected out process on the challenges. After talking about the setup process, the paper moves into the first challenge 7R0J4N_1. For this challenge, the paper discuss the research that was conducted in order for us to began completing the task. Then it moves into the scope of the challenge and the attack method we used to solve it. Once all of that us discussed, second challenge we discuses is C0DEW0RDS. This section talks about the goal of this challenge, the script that was created, and testing process.The next two challenges we discuss was poison_mushroom andaplaca5_everywhere, respectively. Both of them follow similar format, as the paper discuss the challenge, potential solution, and the research that was conducted. leak_b0ttle and Dumps7er D1VE are both similar challenges in the sense that they are both dealing with images, where as one goes into digital watermarking and the other determining which images were used their network with a proprietary set of images.
Fall 2022 - Fire Alarm Team's Report
Aniyah Bussey, Daniel Chou, Jun Yeop Kim, Siddharth Suman, Sidney Wright, Deniz Keskin (Advisor), Garrett Brown (Advisor)
As wireless fire alarm systems gain popularity due to increased convenience and more control over the various components for building administrators compared to a traditional wired system, they also introduce a new class of vulnerabilities that no wired system has. This ongoing study investigates what those vulnerabilities are, and how they might be exploited, for example, to induce panic in or create a dangerous environment for building occupants. This study specifically focuses on well- known building systems manufacturer Honeywell’s Smart Wireless Integrated Fire Technology (SWIFT) solution, which includes wireless versions of pull stations, smoke detectors, and other common fire alarm system devices, along with a gateway which interfaces these wireless devices with an existing wired system.
Spring 2022 - CSAW Team
Spencer Hua, Ammar Ratnani, Zelda Lipschutz, Chris Reid, Allen Stewart (Advisor)
With the increasing size and complexity of modern software, manually auditing source code for vulnerabilities has become intractable for all but the smallest programs. As a result, automated software techniques like fuzzing have become very popular due to their effectiveness at finding unique crash paths. This paper is a summary of the authors’ attempts at applying modern fuzzing methods to embedded systems. Specifically, it looks at fuzzing malloc implementations, including those provided by musl, uClibc, and AVR Libc. Additionally, the paper examines the authors’ progress in identifying the fundamental bugs found by fuzzing, as well as their efforts to create a functional remote code execution (RCE) exploit.
Spring 2022 - Fire Alarm Team
Garrett Brown, Donald Lawrence, George Kokinda, Daniel Chou, Sidney Wright, Yeonhak Kim, Chris M. Roberts (Advisor)
The market for fire protection systems has been transitioning from traditional wired networks to modern wireless mesh networks that offer superior convenience and management tools for building administrators. However, in addition to convenience, wireless networks expose new opportunities for attack that were not possible on wired systems. Despite the danger that these vulnerabilities can pose for users of a wireless fire system, relatively little research has been conducted in this area. This study investigates and uncovers the vulnerabilities in the well-known building management manufacturer Honeywell’s SWIFT system, specifically with regards to its SLC connection to previously existing wired devices, including pull stations, smoke detectors, and the fire alarm control panel.
Spring 2022 - Wyze Camera Team
Antonia Nunley, Joseph Lucas, Makiyah Dee, Marshall Yuan, Sheel Shah, Siddharth Suman, Jake Ashmore (Advisor)
This paper details the current progress in research into the Wyze Camera by the Embedded Systems Cyber Security VIP team of the Georgia Institute of Technology. This document goes over known and discovered information about the camera, including its capabilities, found vulnerabilities, and aspects of its firmware. The goal of the research is to discover the Over the Air protocol used by the Wyze camera, so that RF Fuzzing can be achieved.
Fall 2021 - CSAW ESC 2021 Final Paper: Team Rackets for Georgia Tech VIP
Spencer Hua, Ammar Ratnani, Suhani Madarapu, Zelda Lipschutz, Allen Stewart (Advisor)
The authors participated in CSAW ESC 2021, conducting many side-channel attacks (SCAs) and fault-injection attacks (FIA) on the presented challenges. This paper serves to debrief those challenges, debriefing the team’s analyses, though processes, and solution attempts.
Fall 2021 - SWIFT Wireless Fire Alarm System Analysis
Donald Lawrence, George Kokinda, Garrett Brown, Andrew Lukman, Yeonhak Kim, Jack Smalligan, Chris M. Roberts (Advisor)
Fire protection systems play a crucial role in the realm of building management. Despite its importance, there’s relatively little literature surrounding this topic in the field of cybersecurity. Over the past decade, building management systems have shifted away from age-old wired systems to more modern wireless systems that offer a higher-level convenience over their older counterparts. Though the benefits are undeniable, the ability to go wireless has opened up building management systems to a new domain of attacks. A malicious actor could assault a wireless fire protection system by triggering false alarms, disabling the system entirely, or partaking in other hostile activities to provoke havoc within a building. This study investigates a product suite from Honeywell (a manufacturer of building management systems) known as the SWIFT system which includes common fire protection components such as an alarm pull station, a smoke detector, a gateway, and more. The purpose of this study is to uncover any vulnerabilities that could lead to attacks on the SWIFT system through RF analysis, serial monitoring, and software/firmware reverse engineering.
Fall 2021 - Wyze Camera Report
Antonia Nunley, Chris Reid, David Wolfson, Joseph Lucas, Makiyah Dee, Kyser Montalvo, Jake Ashmore (Advisor)
This is the final paper for the Wyze research team at the Georgia Institute of Technology’s vertically integrated project on embedded systems and cyber security. This document gives a brief introduction of the camera and its characteristics, followed by information about known vulnerabilities, and the firmware of the camera, dongle, and contact sensor. The goal of the research this semester is to look into the RF protocol used by the Wyze camera and determine characteristics about the transfer of packets.
Fall 2021 - Patching of ESC Challenges via Applied Research and Experimental Verification
Siddhant Singh, Cameron Newman, Siddharth Suman, Sheel Shah, Allen Stewart (Advisor)
This document details the vulnerability mitigation patches that team Mouseion from the Georgia Institute of Technology implemented for all challenges of the CSAW ESC 2021 event as part of the research track. These challenges involved various vulnerabilities to Fault Injection and Side Channel Analysis based attacks which were analysed, mitigated and verified by the team. This involved examining existing research as well as applying generalized mitigation approaches for such vulnerabilities to each challenge program. These mitigation implementations were tested via power traces and fault injection attacks to compare them with the original challenges and empirically verify their effectiveness and efficiency.
Spring 2021 - Fire Alarm Team
Garrett Brown, Donald Lawrence, George Kokinda, Jaewon Jeung, Chris M. Roberts (Advisor)
Building management and fire protection systems are relatively under-researched areas in the field of cybersecurity. A malicious actor could attack one of these systems in order to cause interruption of functionality, false alarms, and other dangers to the inhabitants of the building. Honeywell is a manufacturer of these building management systems, and this study investigates their Fire Alarm Pull Station and any vulnerabilities involving it and the overarching SWIFT system.This is accomplished through analyzing the protocol SWIFT devices use to communicate, and by finding exploits that a bad actor would want to take advantage of.
Spring 2021 - Wyze Camera Team
Alma Nkemla ,Katherine Paton-Smith, Houlton McGuinn, Jake Ashmore (Advisor)
This paper is the final report for the Wyze Camera Team in the VIP: Embedded Systems Cyber Security. The document starts by outlining characteristics of the Wyze camera in addition to previous works regarding vulnerabilities of the camera. Then current research into determining the RF protocol is described. The goal of the research is to ultimately create a RF testing system to reveal more vulnerabilities of the Wyze camera.
Spring 2021 - CSAW Team A
Connor Bushnell, Akshat Sistla, Cameron Newman, Lisa Nute, Allen Stewart (Advisor)
This paper provides the final report submission for team CSAW-A in the Vertically Integrated Projects: Cybersecurity of Embedded Systems course. The team demonstrates their ability to use open-source reverse engineering tools, as well as details the creation of their own tools, for the purposes of analyzing and solving challenges presented by past and futureCSAW ESC binaries.
Spring 2021 - CSAW Team B
Spencer Hua, Taleb Hirani, Siddhant Singh, John Moxley, Allen Stewart (Advisor)
This report details the efforts of the Georgia Tech’s Embedded System Cybersecurity VIP team to create a Ghidra script for use in the static analysis of binaries for various architecture. This tool uses Ghidra’s plugin system and external engines to symbolically solve for constraints and reach a solution state in the loaded binary. The team demonstrates this tool and the process of creating and using it.