Blog Archives - ReFirm Labs

IoT Security Compliance and Enforcement

January 4, 2021

IoT devices will need to adopt the same basic security requirements and compliance seen in traditional IT systems. Read to learn more. Continue reading

IoT Cybersecurity Act 2020

November 24, 2020

Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature. Why is this important? Continue reading

Embrace IoT Security Compliance or Die a Slow Death

July 29, 2020

IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it. Continue reading

How to Compare Two Different Binary Files

June 23, 2020

One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares! Continue reading

How to Enforce IoT Security Standards and Compliance

June 16, 2020

With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here's how to save time and money. Continue reading

Identification of the CABLEHAUNT eCos Bug Using GHIDRA

June 9, 2020

GHIDRA may be the preferred tool of choice for analyzing RTOS firmware images. We will demonstrate identification of a published vulnerability as a case study. Continue reading

Supply Chain Risk: The HiSilicon Backdoor

February 12, 2020

Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet. Continue reading

Reverse Engineering My Router’s Firmware with binwalk

February 7, 2020

A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs. Continue reading

Identifying the Cable Haunt Vulnerability Using the Centrifuge Platform®

February 5, 2020

On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images. Continue reading

D-Link: A Firmware Security Analysis – Part 4

November 6, 2019

Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware. Continue reading

Source Code Analysis: A False Sense of Firmware Security

October 29, 2019

Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers. Continue reading

D-Link: A Firmware Security Analysis – Part 3

October 9, 2019

In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to wireless.htm, it can cause a buffer overflow. Continue reading

Showing 1–12 of 28 posts