Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers. Continue reading

In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to wireless.htm, it can cause a buffer overflow. Continue reading

In this post we will explore the technical side of firmware security analysis to help identify which of the flaws are potentially exploitable flaws, and which flaws are simply poor programming practices. Continue reading

We sat down with ReFirm Labs co-founders, Terry Dunlap and Peter Eacman, to discuss their thoughts on the recent announcement from Microsoft. Here is what they had to say. Continue reading

Evan will take you through the initial firmware analysis to finding vulnerabilities (if there are any), what to do when you find one, and writing that juicy proof-of-concept exploit to impress your friends. We might even throw in a few failures along the way because... Continue reading

There have been reports explaining how Hikvision and Dahua might be spying on you. At ReFirm Labs, our research and findings on the firmware in these cameras showed the US ban on these surveillance cameras is warranted. Continue reading

Centrifuge is instrumental in identifying critical flaws and vulnerabilities in firmware binaries. Given a real-world firmware image containing hundreds or thousands of files, the ability to hone in on a handful of high risk binaries and to quickly identify flaws inside specific functions contained in... Continue reading

Manufacturers are to blame for the proliferation of IoT attacks by making these IoT devices easy to exploit. The sad thing is, these attacks are easily avoidable without any additional cost to the manufacturer. Continue reading

Having cybersecurity insurance is becoming common with many companies. Recently, the co-founder of ReFirm Labs, Terry Dunlap, sat down with American Express and shared his thoughts about the new trend. During the meeting with American Express, Terry discussed who he believed needs cybersecurity insurance the... Continue reading

In case you missed our live Lunch & Learn event in January on weaponizing vulnerabilities found in a D-Link camera, here’s your chance to watch the entire one-hour talk. Buckle up! It’s fairly technical. Continue reading

Imagine this scenario: A teenager modifies the firmware code on a remote device to change signals on several trams for pubic transportation. A train crashes causing a derailment in which 12 people were injured. Not possible you say? Continue reading

Today ReFirm Labs is excited to announce a new feature available to all platform subscribers. Software Bill of Materials powered by the Centrifuge Platform will generate a list of open source components that are present in a firmware image by comparing the files found within... Continue reading