International Journal of Open Information Technologies

In the present IoT world the need for robust network security is more important than ever as the internet-connected gadgets are everywhere and our dependence on networked systems is increasing. Ensuring the safe transfer of data and protecting the connected devices, primarily through routers that serve as gateways to the internet, has become a critical priority. The security of router firmware is of paramount importance because any weaknesses in these vital components could lead to extensive network breaches and data compromises. Due to the growing prominence of embedded devices and many of  which are surprisingly lacking in robust security measures, making them attractive targets for potential attacks. Among them, routers which function as bridges connecting local and global networks have become prime targets for Cyber attacks. To this end, this paper focuses on analyzing the firmware of TP-Link Archer AX55 AX3000 dual band Gigabit Wi-Fi 6 Router crafted by TP-Link technologies. The objective is to conduct a through security analysis to fortify the security of router firmware and then providing countermeasures for strengthening the  safety  and resilience of the Internet’s infrastructure. The insights and recommendations resulting from this work stand to benefit router manufacturers, network administrators, and end-users in their ongoing efforts to combat ever-evolving Cyber threats.

F. Bolandi, “Automated security analysis of firmware,” 2022.

U. Brezolin, A. Verg u¨tz, and M. Nogueira, “A method for vulnerability detection by iot network traffic analytics,” Ad Hoc Networks, vol. 149, p. 103247, 2023.

A. Costin, A. Zarras, and A. Francillon, “Automated dynamic firmware analysis at scale: A case study on embedded web interfaces,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 437–448.

U. Ravindran and R. V. Potukuchi, “A review on web application vulnerability assessment and penetration testing,” Review of Computer Engineering Studies, vol. 9, no. 1, 2022.

P. R. Vamsi and A. Jain, “Practical security testing of electronic com- merce web applications,” International Journal of Advanced Networking and Applications, vol. 13, no. 1, pp. 4861–4873, 2021.

I. Nadir, H. Mahmood, and G. Asadullah, “A taxonomy of iot firmware security and principal firmware analysis techniques,” International Jour- nal of Critical Infrastructure Protection, p. 100552, 2022.

M. Ibrahim, A. Continella, and A. Bianchi, “Aot-attack on things: A security analysis of iot firmware updates,” in 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), 2023.

P. Sun, L. Garcia, G. Salles-Loustau, and S. Zonouz, “Hybrid firmware analysis for known mobile and iot security vulnerabilities,” in 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2020, pp. 373–384.

J. Selsøyvold and I. H. Trosdahl, “A security assessment of an embedded iot device,” B.S. thesis, NTNU, 2022.

A. Qasem, P. Shirani, M. Debbabi, L. Wang, B. Lebel, and B. L. Agba, “Automatic vulnerability detection in embedded devices and firmware: Survey and layered taxonomies,” ACM Computing Surveys (CSUR), vol. 54, no. 2, pp. 1–42, 2021.

J.-b. Hou, T. Li, and C. Chang, “Research for vulnerability detection of embedded system firmware,” Procedia Computer Science, vol. 107, pp. 814–818, 2017.

S. Hemram, G. J. W. Kathrine, G. M. Palmer, and S. V. Ewards, “Firmware vulnerability detection in embedded systems and internet of things,” in 2022 International Conference on Augmented Intelligence and Sustainable Systems (ICAISS). IEEE, 2022, pp. 1161–1167.

S. . Kali Linux. (2023, “Penetration testing and ethical hacking linux distribution.” [Online]. Available: https://www.kali.org/

ReFirmLabs, “Refirmlabs/binwalk: Firmware analysis tool,” GitHub, binwalk Repository. [Online]. Available: https://github.com/ReFirmLabs/binwalk

F. Repository, “Firmwalker repository analysis tool,” GitHub, firmwalker Repository. [Online]. Available: https://github.com/craigz28/firmwalker

“binvis/binvis.io: The binvis.io site,” GitHub (2023, September 28). [Online]. Available: https://github.com/binvis/binvis.io