IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v38y2022ics1874548222000373.html

A taxonomy of IoT firmware security and principal firmware analysis techniques

Author

Listed:
  • Nadir, Ibrahim
  • Mahmood, Haroon
  • Asadullah, Ghalib

Abstract

Internet of Things (IoT) has come a long way since its inception. However, the standardization process in IoT systems for a secure IoT solution is still in its early days. Numerous quality review articles have been contributed by researchers on existing frameworks, architectures, as well as the threats to IoT on different layers. However, most of the existing work neglects the security aspects of firmware in the IoT ecosystem. As such, there is a lack of comprehensive survey on IoT firmware security that highlights critical reasons for firmware insecurity in IoT, lists vulnerabilities, and perform an in-depth review of the principal analysis techniques. This article aims to fill that gap by delivering, to the best of our knowledge, the first comprehensive review article of the firmware (in)security of IoT devices. Starting by highlighting the importance of firmware security, this research work recognizes critical reasons behind the insecurity of firmware by discussing technical, commercial, standardization, and researching aspects. In particular, the scope, evolution, and internals of IoT firmware along with their security implications are discussed. Furthermore, a taxonomic classification of IoT firmware vulnerabilities has been presented. We also discuss complications that hinder the detection of firmware vulnerabilities before doing a detailed analysis of existing vulnerability assessment tools and techniques. A comparative analysis of the principal analysis techniques is provided in terms of the vulnerabilities they discover, the methodology they employ, and the platform and/or architectures they support. Towards the end, some key research issues have been identified to encourage and facilitate research in the firmware security domain of IoT. Finally, some recommendations have been provided for the IoT device vendors, developers, and integrators.

Suggested Citation

  • Nadir, Ibrahim & Mahmood, Haroon & Asadullah, Ghalib, 2022. "A taxonomy of IoT firmware security and principal firmware analysis techniques," International Journal of Critical Infrastructure Protection, Elsevier, vol. 38(C).
    • Handle: RePEc:eee:ijocip:v:38:y:2022:i:c:s1874548222000373
    DOI: 10.1016/j.ijcip.2022.100552
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548222000373
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2022.100552?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Miao Yu & Jianwei Zhuge & Ming Cao & Zhiwei Shi & Lin Jiang, 2020. "A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices," Future Internet, MDPI, vol. 12(2), pages 1-23, February.
    2. Lee, In & Lee, Kyoochun, 2015. "The Internet of Things (IoT): Applications, investments, and challenges for enterprises," Business Horizons, Elsevier, vol. 58(4), pages 431-440.
    3. Vipindev Adat & B. B. Gupta, 2018. "Security in Internet of Things: issues, challenges, taxonomy, and architecture," Telecommunication Systems: Modelling, Analysis, Design and Management, Springer, vol. 67(3), pages 423-441, March.
    4. Kshetri, Nir, 2017. "The evolution of the internet of things industry and market in China: An interplay of institutions, demands and supply," Telecommunications Policy, Elsevier, vol. 41(1), pages 49-67.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Eric Forcael & Isabella Ferrari & Alexander Opazo-Vega & Jesús Alberto Pulido-Arcas, 2020. "Construction 4.0: A Literature Review," Sustainability, MDPI, vol. 12(22), pages 1-28, November.
    2. Silviu-Gabriel Szentesi & Lavinia Denisia Cuc & Ramona Lile & Paul Nichita Cuc, 2021. "Internet of Things (IoT), Challenges and Perspectives in Romania: A Qualitative Research," The AMFITEATRU ECONOMIC journal, Academy of Economic Studies - Bucharest, Romania, vol. 23(57), pages 448-448.
    3. Huo, Dongyang & Malik, Asad Waqar & Ravana, Sri Devi & Rahman, Anis Ur & Ahmedy, Ismail, 2024. "Mapping smart farming: Addressing agricultural challenges in data-driven era," Renewable and Sustainable Energy Reviews, Elsevier, vol. 189(PA).
    4. Seyed Davood Hajimirrahimi & Rando Värnik & Elham Eftekhari & Dacinia Crina Petrescu & Ruxandra Malina Petrescu-Mag & Maryam Pour & Hossein Azadi, 2025. "Towards the institutionalization of ethics: agricultural experts’ knowledge of planning effective management of passive defense in Iran," Environment, Development and Sustainability: A Multidisciplinary Approach to the Theory and Practice of Sustainable Development, Springer, vol. 27(10), pages 25525-25557, October.
    5. Leonel Jorge Ribeiro Nunes & Radu Godina & João Carlos de Oliveira Matias, 2019. "Technological Innovation in Biomass Energy for the Sustainable Growth of Textile Industry," Sustainability, MDPI, vol. 11(2), pages 1-12, January.
    6. Fehmi Krasniqi & Hysni Terziu, 2021. "Challenges of Kosovo Micro Businesses," European Journal of Economics and Business Studies Articles, Revistia Research and Publishing, vol. 7, ejes_v7_i.
    7. Athanasios Tsipis & Asterios Papamichail & Ioannis Angelis & George Koufoudakis & Georgios Tsoumanis & Konstantinos Oikonomou, 2020. "An Alertness-Adjustable Cloud/Fog IoT Solution for Timely Environmental Monitoring Based on Wildfire Risk Forecasting," Energies, MDPI, vol. 13(14), pages 1-35, July.
    8. Bent Flyvbjerg & Alexander Budzier & Jong Seok Lee & Mark Keil & Daniel Lunn & Dirk W. Bester, 2022. "The Empirical Reality of IT Project Cost Overruns: Discovering A Power-Law Distribution," Papers 2210.01573, arXiv.org.
    9. Chae, Bongsug (Kevin), 2018. "The Internet of Things (IoT): A Survey of Topics and Trends using Twitter Data and Topic Modeling," 22nd ITS Biennial Conference, Seoul 2018. Beyond the boundaries: Challenges for business, policy and society 190376, International Telecommunications Society (ITS).
    10. Bettina Freitag & Lukas Häfner & Verena Pfeuffer & Jochen Übelhör, 2020. "Evaluating investments in flexible on-demand production capacity: a real options approach," Business Research, Springer;German Academic Association for Business Research, vol. 13(1), pages 133-161, April.
    11. Md. Masud Rana & Shah Ridwan Chowdhury & Mohammad Safaet Siddiqee & Elma Noorain Momo & Afnan Yusuf & Md. Mahbubur Rahman, 2026. "Thirty years of digital entrepreneurship research through a systematic review and bibliometric analysis," Future Business Journal, Springer, vol. 12(1), pages 1-30, December.
    12. Akhtar, Pervaiz & Khan, Zaheer & Tarba, Shlomo & Jayawickrama, Uchitha, 2018. "The Internet of Things, dynamic data and information processing capabilities, and operational agility," Technological Forecasting and Social Change, Elsevier, vol. 136(C), pages 307-316.
    13. Li, Ying & Dai, Jing & Cui, Li, 2020. "The impact of digital technologies on economic and environmental performance in the context of industry 4.0: A moderated mediation model," International Journal of Production Economics, Elsevier, vol. 229(C).
    14. Abideen Mayowa Abdul-Yekeen & Opeyemi Rasaq & Maryam Adebukola Ayinla & Azeezat Sikiru & Victoria Kujore & Tawakalit Omolabake Agboola, 2024. "Utilizing the Internet of Things (IoT), Artificial Intelligence, Machine Learning, and Vehicle Telematics for Sustainable Growth in Small and Medium Firms (SMEs)," Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023, Open Knowledge, vol. 5(1), pages 237-274.
    15. Osterrieder, Philipp & Budde, Lukas & Friedli, Thomas, 2020. "The smart factory as a key construct of industry 4.0: A systematic literature review," International Journal of Production Economics, Elsevier, vol. 221(C).
    16. Deng, Ying & Cao, Zhitao & Yang, Na, 2024. "Understanding the nexus between fintech, natural resources, green investment, and environmental sustainability in China: A DYNARDL approach," Resources Policy, Elsevier, vol. 91(C).
    17. Ciachorowski Damian & Lis Anna Maria & Miranda Elem, 2025. "Sustainability in digital transformation: towards an integrated framework," Engineering Management in Production and Services, Sciendo, vol. 17(4), pages 86-103.
    18. Elias G. Carayannis & David F. J. Campbell, 2021. "Democracy of Climate and Climate for Democracy: the Evolution of Quadruple and Quintuple Helix Innovation Systems," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 12(4), pages 2050-2082, December.
    19. Thu-Hang Hoang & Thi-Trang Tran & Lam Nha Tu Huynh & Dung Khanh Vo & Bao Gia Huynh & Tam Minh Thi Tran & Nguyen Dang Nguyen, 2025. "Advances and barriers in promoting green logistics 4.0 from a multi-stakeholder perspective–a systematic review," Environment Systems and Decisions, Springer, vol. 45(2), pages 1-19, June.
    20. Kumar, V. & Ramachandran, Divya & Kumar, Binay, 2021. "Influence of new-age technologies on marketing: A research agenda," Journal of Business Research, Elsevier, vol. 125(C), pages 864-877.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:38:y:2022:i:c:s1874548222000373. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.