{"id":"https://openalex.org/W3003093100","doi":"https://doi.org/10.1109/newcas44328.2019.8961216","title":"Idols with Feet of Clay: On the Security of Bootloaders and Firmware Updaters for the IoT","display_name":"Idols with Feet of Clay: On the Security of Bootloaders and Firmware Updaters for the IoT","publication_year":2019,"publication_date":"2019-06-01","ids":{"openalex":"https://openalex.org/W3003093100","doi":"https://doi.org/10.1109/newcas44328.2019.8961216","mag":"3003093100"},"language":"en","primary_location":{"id":"doi:10.1109/newcas44328.2019.8961216","is_oa":false,"landing_page_url":"https://doi.org/10.1109/newcas44328.2019.8961216","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 17th IEEE International New Circuits and Systems Conference (NEWCAS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053239049","display_name":"Lionel Morel","orcid":"https://orcid.org/0000-0002-0246-1930"},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"funder","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3020098449","display_name":"CEA Grenoble","ror":"https://ror.org/02mg6n827","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I3020098449"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Lionel Morel","raw_affiliation_strings":["Univ. Grenoble Alpes, CEA, List,Grenoble,France,F-38000","Univ. Grenoble Alpes, CEA, List, Grenoble, France"],"affiliations":[{"raw_affiliation_string":"Univ. Grenoble Alpes, CEA, List,Grenoble,France,F-38000","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I3020098449","https://openalex.org/I2738703131"]},{"raw_affiliation_string":"Univ. Grenoble Alpes, CEA, List, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I3020098449","https://openalex.org/I2738703131"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008551348","display_name":"Damien Courouss\u00e9","orcid":"https://orcid.org/0000-0003-2761-3627"},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"funder","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3020098449","display_name":"CEA Grenoble","ror":"https://ror.org/02mg6n827","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I3020098449"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Damien Courouss\u00e9","raw_affiliation_strings":["Univ. Grenoble Alpes, CEA, List,Grenoble,France,F-38000","Univ. Grenoble Alpes, CEA, List, Grenoble, France"],"affiliations":[{"raw_affiliation_string":"Univ. Grenoble Alpes, CEA, List,Grenoble,France,F-38000","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I3020098449","https://openalex.org/I2738703131"]},{"raw_affiliation_string":"Univ. Grenoble Alpes, CEA, List, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I3020098449","https://openalex.org/I2738703131"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5053239049"],"corresponding_institution_ids":["https://openalex.org/I2738703131","https://openalex.org/I3020098449","https://openalex.org/I899635006"],"apc_list":null,"apc_paid":null,"fwci":0.2893,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.68662157,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9847999811172485,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9004561305046082},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7036632299423218},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.672581672668457},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5909820795059204},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5184511542320251},{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.49189257621765137},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4843205511569977},{"id":"https://openalex.org/keywords/sword","display_name":"SWORD","score":0.46352535486221313},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.4322627782821655},{"id":"https://openalex.org/keywords/booting","display_name":"Booting","score":0.42490968108177185},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28648537397384644}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9004561305046082},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7036632299423218},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.672581672668457},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5909820795059204},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5184511542320251},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.49189257621765137},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4843205511569977},{"id":"https://openalex.org/C2781424646","wikidata":"https://www.wikidata.org/wiki/Q7395200","display_name":"SWORD","level":2,"score":0.46352535486221313},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.4322627782821655},{"id":"https://openalex.org/C504728807","wikidata":"https://www.wikidata.org/wiki/Q180256","display_name":"Booting","level":2,"score":0.42490968108177185},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28648537397384644}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/newcas44328.2019.8961216","is_oa":false,"landing_page_url":"https://doi.org/10.1109/newcas44328.2019.8961216","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 17th IEEE International New Circuits and Systems Conference (NEWCAS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6499999761581421,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W22070249","https://openalex.org/W1490557050","https://openalex.org/W1607006990","https://openalex.org/W1989060313","https://openalex.org/W2022018347","https://openalex.org/W2085992264","https://openalex.org/W2099382052","https://openalex.org/W2107691219","https://openalex.org/W2159059513","https://openalex.org/W2212111137","https://openalex.org/W2341430962","https://openalex.org/W2406734572","https://openalex.org/W2508317201","https://openalex.org/W2560082747","https://openalex.org/W2562036180","https://openalex.org/W2686848947","https://openalex.org/W2714546933","https://openalex.org/W2750047563","https://openalex.org/W2751658612","https://openalex.org/W2752493903","https://openalex.org/W2753041928","https://openalex.org/W2753332081","https://openalex.org/W2791034507","https://openalex.org/W2794691759","https://openalex.org/W2800702583","https://openalex.org/W2809072942","https://openalex.org/W2897864851","https://openalex.org/W2901397262","https://openalex.org/W2963063929","https://openalex.org/W3000116064","https://openalex.org/W3028668932","https://openalex.org/W3099644249","https://openalex.org/W3100675173","https://openalex.org/W6713987737","https://openalex.org/W6730881097","https://openalex.org/W6743926752","https://openalex.org/W6744145243","https://openalex.org/W6744567818","https://openalex.org/W6752725622","https://openalex.org/W6784963693"],"related_works":["https://openalex.org/W1966431236","https://openalex.org/W608147619","https://openalex.org/W4200629945","https://openalex.org/W1984676852","https://openalex.org/W2352808932","https://openalex.org/W2026551898","https://openalex.org/W2068967940","https://openalex.org/W270731569","https://openalex.org/W4252104358","https://openalex.org/W2062160093"],"abstract_inverted_index":{"IoT":[0,89],"devices":[1,67,142],"are":[2,14,81,92,104,197,217],"generally":[3],"implemented":[4],"with":[5],"low-cost":[6],"embedded":[7],"solutions,":[8],"and":[9,11,40,71,76,103,146,186,193],"connectivity":[10,28],"communication":[12],"capabilities":[13],"the":[15,34,42,49,85,100,107,119,126,130,136,156,182,191,200],"raison":[16],"d'\u00eatre":[17],"of":[18,88,95,181],"such":[19,66],"devices.":[20,90],"But":[21],"this":[22,175],"is":[23,64,111,138],"a":[24,54,93,149,165],"double-edged":[25],"sword,":[26],"since":[27,97],"also":[29],"implies":[30],"(1)":[31],"to":[32,36,117,140,161,199,208,213],"open":[33],"door":[35],"more":[37],"attack":[38],"possibilities,":[39],"(2)":[41],"targeted":[43],"system,":[44],"once":[45],"breached,":[46],"can":[47,121,143],"be":[48,144],"support":[50],"for":[51,148],"attacks":[52,195],"at":[53],"larger":[55],"scale,":[56],"possibly":[57],"involving":[58],"many":[59],"connected":[60],"systems.":[61],"Our":[62],"observation":[63],"that":[65,196,206],"lack":[68],"proper":[69],"hardware":[70,192],"software":[72,86,194],"security":[73,109],"protections.":[74,188],"Bootloader":[75],"Firmware":[77],"Update":[78],"(BFU)":[79],"mechanisms":[80],"critical":[82],"components":[83],"in":[84,211],"stack":[87],"BFUs":[91],"target":[94,127],"choice":[96],"they":[98],"use":[99],"highest":[101],"privileges":[102],"executed":[105],"before":[106],"system's":[108],"policy":[110],"set":[112],"up.":[113],"An":[114],"attacker":[115,160],"able":[116],"compromise":[118],"BFU":[120,137,157],"gain":[122,162],"full":[123],"control":[124,163],"over":[125,164],"system.":[128],"Moreover,":[129],"update":[131],"mechanism":[132],"often":[133],"supported":[134],"by":[135],"essential":[139],"ensure":[141],"upgraded":[145],"maintained":[147],"long":[150],"time.":[151],"If":[152],"not":[153],"properly":[154],"secured,":[155],"allows":[158],"an":[159,179],"system":[166],"throughout":[167],"its":[168],"whole":[169],"lifetime,":[170],"including":[171],"future":[172],"upgrades.":[173],"In":[174],"paper,":[176],"we":[177,204],"provide":[178],"overview":[180],"threats":[183],"targeting":[184],"BFUs,":[185],"existing":[187],"We":[189],"cover":[190],"known":[198],"scientific":[201],"literature.":[202],"Also,":[203],"argue":[205],"vulnerabilities":[207],"physical":[209],"attacks,":[210,216],"particular":[212],"fault":[214],"injection":[215],"mostly":[218],"left":[219],"un-attended.":[220]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}