The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.
