Software exists at nearly every level of modern society today. From vehicles to appliances, watches to phones, and buildings to energy grids, software’s correct functioning is crucial. A particular class of software, known as firmware is even more critical than most, as its responsibilities usually involve arbitrating hardware resources. Firmware’s primary job is to act as an intermediary between raw hardware I/O mechanisms and higher-level software responsibilities – hence the name firmware. Effectively, it abstracts away underlying hardware concerns, provides a higher-level interface for other programs to use, and is integral to a system’s function.
Despite firmware’s great importance to systems across nearly every domain, it receives less attention than other software from the program analysis community. The reasons for this are four fold: firmware’s interaction with its environment increases the difficulty of instrumentation, firmware images are challenging to find as there are no commonly agreed upon update mechanisms, firmware’s binary formats differ widely between platforms and distributors, and typical firmware Instruction Set Architecture (ISA) are less available or custom versus ones supported by commodity Operating Systems. These challenges stymie researchers trying to reason about firmware images at scale or at all. In comparison to nearly 40 years of tool development and research behind the common x86 platform, firmware that is integral to other newer or more obscure platforms has had less investigation. Given the prevalence of incorrect or insecure code found in desktop applications and commodity OSs, it is not a significant leap to assume that similar issues exist within firmware. To get real data on the security and functioning of firmware, we must first develop instrumentation for select firmware platforms and then automate our analyses to match the sheer scale of firmware available. As such, we explore key topics that can be applied to automating binary firmware analysis, point out shortcomings with current state-of-the-art research, and discuss a path forward to solving this difficult problem.