D-Link: A Firmware Security Analysis – Part 4

Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware.

Source Code Analysis: A False Sense of Firmware Security

Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers.

D-Link: A Firmware Security Analysis – Part 3

In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to wireless.htm, it can cause a buffer overflow.

D-Link: A Firmware Security Analysis – Part 2

In this post we will explore the technical side of firmware security analysis to help identify which of the flaws are potentially exploitable flaws, and which flaws are simply poor programming practices.

Russians, Fancy Bears, and IoT Security

We sat down with ReFirm Labs co-founders, Terry Dunlap and Peter Eacman, to discuss their thoughts on the recent announcement from Microsoft. Here is what they had to say.

Your Firmware Code Just Might Land You in Jail

Your Firmware Code Just Might Land You in Jail

Imagine this scenario: A teenager modifies the firmware code on a remote device to change signals on several trams for pubic transportation. A train crashes causing a derailment in which 12 people were injured. Not possible you say?

Introducing: Centrifuge – Software Bill of Materials

Introducing: Centrifuge – Software Bill of Materials

Today ReFirm Labs is excited to announce a new feature available to all platform subscribers. Software Bill of Materials powered by the Centrifuge Platform will generate a list of open source components that are present in a firmware image by comparing the files found within the firmware and matching them up with components.

Securing Your Firmware Podcast

Securing Your Firmware Podcast

Securing firmware with ReFirm Labs is the topic for this episode of the Recorded Future podcast. We talk with co-founder Terry Dunlap and his colorful past!

How to Hack Embedded Firmware: Function Calls

How to Hack Embedded Firmware: Function Calls

It’s our hope that this rather sensationally-titled piece will actually provide some down-to-earth developer basics for helping to make our connected world at least a little safer.

Firmware Hackers – ReFirm Innovation Sandbox 2018

Firmware Hackers – ReFirm Innovation Sandbox 2018

Firmware Hackers Find New IoT Vulnerabilities Firmware… it’s running on practically every internet connected device. And because it cannot be protected by traditional security products, it has become a favored target for hackers and state sponsored actors....