Embrace IoT Security Compliance or Die a Slow Death

IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it.

How to Compare Two Different Binary Files

One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares!

How to Enforce IoT Security Standards and Compliance

With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here’s how to save time and money.

Identification of the CABLEHAUNT eCos Bug Using GHIDRA

GHIDRA may be the preferred tool of choice for analyzing RTOS firmware images. We will demonstrate identification of a published vulnerability as a case study.

Supply Chain Risk: The HiSilicon Backdoor

Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet.

IP Surveillance Cameras and Firmware Security

There have been reports explaining how Hikvision and Dahua might be spying on you. At ReFirm Labs, our research and findings on the firmware in these cameras showed the US ban on these surveillance cameras is warranted.

Binary Firmware Analysis

Centrifuge is instrumental in identifying critical flaws and vulnerabilities in firmware binaries. Given a real-world firmware image containing hundreds or thousands of files, the ability to hone in on a handful of high risk binaries and to quickly identify flaws inside specific functions contained in those binaries is essential for those looking to secure their own products, as well as those attempting to exploit embedded devices.

The Current State of IoT Security Sucks

Manufacturers are to blame for the proliferation of IoT attacks by making these IoT devices easy to exploit. The sad thing is, these attacks are easily avoidable without any additional cost to the manufacturer.

Risk Management: Do You Need Cybersecurity Insurance?

Having cybersecurity insurance is becoming common with many companies. Recently, the co-founder of ReFirm Labs, Terry Dunlap, sat down with American Express and shared his thoughts about the new trend. During the meeting with American Express, Terry discussed who he believed needs cybersecurity insurance the most, why they need it, and in what ways it can be beneficial for companies to have.

Your Firmware Code Just Might Land You in Jail

Imagine this scenario: A teenager modifies the firmware code on a remote device to change signals on several trams for pubic transportation. A train crashes causing a derailment in which 12 people were injured. Not possible you say?

Introducing: Centrifuge – Software Bill of Materials

Today ReFirm Labs is excited to announce a new feature available to all platform subscribers. Software Bill of Materials powered by the Centrifuge Platform will generate a list of open source components that are present in a firmware image by comparing the files found within the firmware and matching them up with components.

Securing Your Firmware Podcast

Securing firmware with ReFirm Labs is the topic for this episode of the Recorded Future podcast. We talk with co-founder Terry Dunlap and his colorful past!

How to Hack Embedded Firmware: Function Calls

It’s our hope that this rather sensationally-titled piece will actually provide some down-to-earth developer basics for helping to make our connected world at least a little safer.

Firmware Hackers – ReFirm Innovation Sandbox 2018

Firmware Hackers Find New IoT Vulnerabilities Firmware… it’s running on practically every internet connected device. And because it cannot be protected by traditional security products, it has become a favored target for hackers and state sponsored actors....