Supply Chain Risk: The HiSilicon Backdoor

Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet.

Reverse Engineering My Router’s Firmware with binwalk

A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs.

Identifying the Cable Haunt Vulnerability Using the Centrifuge Platform®

On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images.

D-Link: A Firmware Security Analysis – Part 4

Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware.

Source Code Analysis: A False Sense of Firmware Security

Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers.

Binary Firmware Analysis

Centrifuge is instrumental in identifying critical flaws and vulnerabilities in firmware binaries. Given a real-world firmware image containing hundreds or thousands of files, the ability to hone in on a handful of high risk binaries and to quickly identify flaws inside specific functions contained in those binaries is essential for those looking to secure their own products, as well as those attempting to exploit embedded devices.

The Current State of IoT Security Sucks

Manufacturers are to blame for the proliferation of IoT attacks by making these IoT devices easy to exploit. The sad thing is, these attacks are easily avoidable without any additional cost to the manufacturer.

Risk Management: Do You Need Cybersecurity Insurance?

Having cybersecurity insurance is becoming common with many companies. Recently, the co-founder of ReFirm Labs, Terry Dunlap, sat down with American Express and shared his thoughts about the new trend. During the meeting with American Express, Terry discussed who he believed needs cybersecurity insurance the most, why they need it, and in what ways it can be beneficial for companies to have.

Your Firmware Code Just Might Land You in Jail

Imagine this scenario: A teenager modifies the firmware code on a remote device to change signals on several trams for pubic transportation. A train crashes causing a derailment in which 12 people were injured. Not possible you say?

Introducing: Centrifuge – Software Bill of Materials

Today ReFirm Labs is excited to announce a new feature available to all platform subscribers. Software Bill of Materials powered by the Centrifuge Platform will generate a list of open source components that are present in a firmware image by comparing the files found within the firmware and matching them up with components.

Securing Your Firmware Podcast

Securing firmware with ReFirm Labs is the topic for this episode of the Recorded Future podcast. We talk with co-founder Terry Dunlap and his colorful past!

How to Hack Embedded Firmware: Function Calls

It’s our hope that this rather sensationally-titled piece will actually provide some down-to-earth developer basics for helping to make our connected world at least a little safer.