Are IoT Firmware Vulnerabilities, Backdoors Intentional?
Firmware vulnerabilities, backdoors, and more are explored with ReFirm Labs’ co-founder Terry Dunlap in this episode of the The CyberWire Daily Podcast. Jump to 5:00 in the podcast to hear the really good stuff!
What Is Firmware?
Just like an operating system–OS X, Windows, Linux–runs your computer or laptop, firmware is a stripped down version of a much larger operating system typically designed to operate one piece of hardware for a very specific purpose.
A perfect example is the wireless router in your home. The router is a single purpose machine, or piece of hardware, you typically set up once and let it run. Your wireless router is running firmware.
Firmware Vulnerabilities: Backdoors into Your IoT Devices
Firmware can be hacked and embedded with malware. Hackers can manipulate firmware vulnerabilities to gain access through IoT devices. Since many IoT devices do not contain secure firmware, hackers and nation-state actors often gain access to networks, gather sensitive information, or conduct intellectual property theft.
Keep Up with Firmware Vulnerabilities to Reduce Risk
Companies that keep their IoT and firmware security up-to-date won’t have to worry about remote attacks and hackers gaining access to their networks through their IoT devices. But keep in mind… one overlooked IoT device could grant access to your network.
The CyberWire Podcast.
Check out the CyberWire Podcast episode below. Terry discusses vital aspects of IoT security, firmware vulnerabilities, and backdoors that can plague a company that doesn’t have the right safeguards in place for its IoT devices.
Check it out below!
Click here to learn more about firmware security.
Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet.
A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs.
On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images.