To address the supply chain threats that stem from vulnerable or malicious software distributed through firmware on mobile and IoT devices via binary firmware images, we propose a scalable, comprehensive, and automated framework to detect firmware-borne threats, both malicious and (un)intentionally insecure, present in Android and iOS devices. We use a workflow encompassing three analysis techniques: forced-path execution, static analysis, and dynamic analysis across multiple software modules and applications. The novelty of our approach is based on its capability to provide analysis of software across different vendors, operating system versions, and applications as opposed to single application testing that has been our aim for previous work on mobile application testing. Being able to identify and trace data and control flow between different applications, the operating system, and back-end services for Android and iOS devices (mobile and IoT) is necessary to uncover code vulnerabilities and threats in the presence of software bundles such as the firmware images. In addition, recognizing that no single binary code analysis approach is without its shortcomings, so we address and complement the shortcomings of each individual approach, by employing a more comprehensive analysis using a diversity of analysis techniques. We detail a feasibility study for the design and implementation of, a novel system that will automatically identify, trigger, and analyze vulnerabilities in firmware. Our goal is to uncover any code vulnerabilities and design errors and their effects by efficiently enumerating and null-fuzzing all statically and dynamically accessible software components on the firmware.
