D-Link: A Firmware Vulnerability – Part 2

Exploit Identification Turn Up the Technical In part one of the Vulnerability assessment we talked about choosing a target, downloading the firmware, and submitting it to Centrifuge which was pretty simple. Centrifuge provided a lot of useful information about the...

Russians, Fancy Bears, and IoT Security

During the 2019 Black Hat conference in Las Vegas, Nevada there was a massive announcement from Microsoft generating a lot of buzz. Their discovery? A malicious Russian hacker group has been targeting common IoT devices. Their goal? Widespread attacks on corporate...

D-Link: A Firmware Vulnerability – Part 1

Have you ever wanted to be like the super l33t hax0rs that you see in the movies? Sitting in a dark room pounding away randomly on a keyboard with the only light coming from the screen in front of you? The silence only broken by you saying “I’m in.”? Then this is the...

Do We Need to Watch the Eyes Watching Us?

On May 21, 2019 the New York Times reported that the Trump Administration is considering a limit on Hikvision’s ability to buy American technology. Hikvision is one of the world’s largest surveillance camera manufacturers and is 42% owned by the Chinese...

Deep Dive into Binary Firmware Analysis

The Centrifuge Platform is capable of analyzing binary firmware for previously unknown vulnerabilities and providing detailed reports of great use to developers and vulnerability researchers alike. This document details the interpretation of these code analysis...

Introducing: Centrifuge – Software Bill of Materials

Introducing: Centrifuge - Software Bill of Materials Firmware is typically built upon many software components assembled together to achieve the desired functionality of the product being made. Market pressures to release products quickly have forced firmware...

Podcast: Securing Your Firmware

These days, most of us have a pretty good handle on protecting the software our computers run from viruses and other types of malware. We’re careful about downloading and installing software from unknown, insecure sources, and run antivirus applications to help keep...

How to Hack Embedded Firmware: Function Calls

We spend a lot of time at ReFirm finding ways to make the embedded firmware in connected devices more secure. We do that, of course, because we’re a business and that’s what we do. But we also do it because it’s an important thing to do, and it’s the right thing to...

Innovation Sandbox 2018: ReFirm Labs

Firmware. It's running on practically every internet connected device. And because it cannot be protected by traditional security products, it has become a favored target for hackers and state sponsored actors. Here's a true story: A Fortune 100 customer used our...

Securing the Health of Connected Medical Devices

The increased demand for connected health devices is driven by several factors, including remote, home-based care needs for chronic conditions in a growing elderly population. These devices have been shown to increase the quality and effectiveness of health care. As...