Innovating in the RSAC Sandbox: ReFirm and the IoT

by | Apr 10, 2018

Connected devices, IoT deployments, and the routers and other hardware needed to tie it all together are everywhere.

The security of those devices? Practically nowhere, as Akamai’s findings published last week on Universal Plug and Play (UPnP) firmware vulnerabilities and Lily Hay Newman’s Wired article “A Long-Awaited IoT Crisis is Here, and Many Devices Aren’t Ready” point out.

The threat to the IoT via embedded firmware vulnerabilities is real, but it hasn’t come out of nowhere. At ReFirm, we’ve been preaching the dangers of exploitable embedded firmware for a long time — and we’ve used our years of experience in cybersecurity to build the Centrifuge platform to identify and to help mitigate embedded firmware security risks.

That’s why we’re so pleased that the 2018 RSA Conference USA has recognized us as one of cybersecurity’s boldest new innovators, and rewarded our work with a finalist position in the RSAC Innovation Sandbox contest — a contest which annually honors the best in cybersecurity.

“If you look at RSAC Innovation Sandbox contestants from the last five years alone, you’ll see more than $1.38 billion in combined investments and 12 acquisitions, proving the businesses that take this stage gain exposure to the right people at the right time to launch them to success,” said Sandra Toms, vice president and curator for RSA Conferences. “The submissions this year were noticeably competitive as we received exceptional entries from across the globe. I have no doubt this year’s presentations will be a must-see at RSA Conference.”

What was it that made ReFirm Labs and Centrifuge stand out amongst all of this year’s exceptional entries? The scope of the problem, and what Centrifuge does to mitigate it. 

Hardware manufacturers of routers and other connected devices don’t publish their firmware code for vetting by outside security experts. The problems begin because unvetted firmware code is frequently vulnerable to attacks and exploits — and to make matters worse, firmware often incorporates third-party code to which not even the manufacturers themselves have access. The scale of the problem begins to be appreciated when one realizes that every single model of connected device, even models from the same manufacturer, have to have their own firmware. 

It’s a security-threat snowball, and it’s only growing as the number and kind of connected IoT devices continues to curve upwards.

Enter Centrifuge. In contrast to the Akamai researchers who felt they had to write their own tools to discover vulnerabilities, we here at ReFirm have already done so — and it’s all baked in to the Centrifuge platform. In under thirty minutes, Centrifuge can rapidly analyze firmware and prioritize vulnerabilities and risks, and then provide continuous validation of firmware on deployed devices. It does all of that without the need for source code from device manufacturers. 

The upshot? Centrifuge can identify zero-day vulnerabilities, hidden crypto keys, and backdoor passwords in IoT firmware — and has definitely earned its place as an RSAC Innovation Sandbox finalist.

If you’ll be at the 2018 RSA Conference USA and would like to see us pitch ReFirm and Centrifuge in the Sandbox, the contest runs at RSAC on Monday, April 16, from 1:30 until 4:30. Drop in, listen to the pitches, and then feel free to talk all things cybersecurity with our CEO and former NSA cyberwarfare specialist Terry Dunlap.

If you can’t make it to RSAC this year, don’t worry — we’ll be more than happy to find a time that works for you to give you more insight into all of the capabilities that Centrifuge brings to the table, and all of the enhanced IoT security it affords. Just request a demo to get started:

Other Announcements
ReFirm Labs at The Montgomery Summit

ReFirm Labs at The Montgomery Summit

ReFirm Labs co-founder Terry Dunlap participates in the 2019 Montgomery Summit panel: Frontiers of Cybersecurity Innovation. Other Announcements