NortonLifeLock Inc.
SYSTEMS AND METHODS FOR IDENTIFYING SOFTWARE VULNERABILITIES IN EMBEDDED DEVICE FIRMWARE

Abstract:

The disclosed computer-implemented method for identifying software vulnerabilities in embedded device firmware may include (i) collecting a firmware image for an Internet-of-Things device, (ii) extracting library dependencies from the firmware image for the Internet-of-Things device, (iii) identifying a true version of a library specified in the firmware image by checking a ground truth database that records confirmed values for true versions for previously encountered libraries, and (iv) performing a security action to protect a user from a security risk based on identifying the true version of the library specified in the firmware image. Various other methods, systems, and computer-readable media are also disclosed.