Backdoors in popular consumer doorbells and security cameras made by Merkury/Geeni are still available from top trusted retailers in the US such as Walmart, Amazon, Home Depot, Best Buy and more. Continue reading
The market for internet-connected smart doorbells and security cameras has grown substantially over the last couple of years. We recently discovered four significant vulnerabilities in several doorbells and four security cameras that are being sold at popular retailers such as Walmart and Amazon. Continue reading
IoT devices will need to adopt the same basic security requirements and compliance seen in traditional IT systems. Read to learn more. Continue reading
Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature. Why is this important? Continue reading
IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it. Continue reading
One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares! Continue reading
With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here's how to save time and money. Continue reading
GHIDRA may be the preferred tool of choice for analyzing RTOS firmware images. We will demonstrate identification of a published vulnerability as a case study. Continue reading
Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet. Continue reading
A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs. Continue reading
On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images. Continue reading
Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware. Continue reading