Blog Archives - ReFirm Labs

Doorbells and IoT Security Certification: Retailers Need to Step Up

February 4, 2021

Backdoors in popular consumer doorbells and security cameras made by Merkury/Geeni are still available from top trusted retailers in the US such as Walmart, Amazon, Home Depot, Best Buy and more. Continue reading

Florida Tech Cybersecurity Researchers Discover Hidden Vulnerabilities in Wireless Doorbells, Cameras

February 4, 2021

The market for internet-connected smart doorbells and security cameras has grown substantially over the last couple of years. We recently discovered four significant vulnerabilities in several doorbells and four security cameras that are being sold at popular retailers such as Walmart and Amazon. Continue reading

IoT Security Compliance and Enforcement

January 4, 2021

IoT devices will need to adopt the same basic security requirements and compliance seen in traditional IT systems. Read to learn more. Continue reading

IoT Cybersecurity Act 2020

November 24, 2020

Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature. Why is this important? Continue reading

Embrace IoT Security Compliance or Die a Slow Death

July 29, 2020

IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it. Continue reading

How to Compare Two Different Binary Files

June 23, 2020

One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares! Continue reading

How to Enforce IoT Security Standards and Compliance

June 16, 2020

With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here's how to save time and money. Continue reading

Identification of the CABLEHAUNT eCos Bug Using GHIDRA

June 9, 2020

GHIDRA may be the preferred tool of choice for analyzing RTOS firmware images. We will demonstrate identification of a published vulnerability as a case study. Continue reading

Supply Chain Risk: The HiSilicon Backdoor

February 12, 2020

Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet. Continue reading

Reverse Engineering My Router’s Firmware with binwalk

February 7, 2020

A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs. Continue reading

Identifying the Cable Haunt Vulnerability Using the Centrifuge Platform®

February 5, 2020

On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images. Continue reading

D-Link: A Firmware Security Analysis – Part 4

November 6, 2019

Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware. Continue reading

Showing 1–12 of 30 posts