Innovation Sandbox 2018: ReFirm Labs

by | May 3, 2018

Firmware. It’s running on practically every internet connected device. And because it cannot be protected by traditional security products, it has become a favored target for hackers and state sponsored actors. Here’s a true story: A Fortune 100 customer used our platform to analyze the firmware in their widely deployed security cameras. They found threats. But the most disturbing threat they found was hard coded backdoor accounts. Armed with this information they started digging through their network, and they were shocked at what they found. Their corporate traffic was going out of these cameras to a foreign IP address they didn’t recognize. Now, this camera, made by a foreign company, happens to be one of the world’s top selling enterprise security cameras with over 20 million units sold. Thankfully, the Fortune 100 company was able to block the malicious traffic and justify the replacement of every single camera on their network. Now think about this. What if these connected devices with these types of threats are in your corporate network right now. Or in a bank. Or in a nuclear power plant. Finding these types of threats before something catastrophic happens has been nearly impossible, until now. Introducing the Centrifuge Platform – the first cloud-based solution that can rapidly analyze and continuously monitor the health and status of firmware – no source code required. Built with our patent pending technologies, we can reveal things like embedded crypto keys, both public and private, password hashes, publicly know vulnerabilities, and – an industry first for firmware – potential zero-day vulnerabilities. All in one comprehensive report. And by continuously monitoring the firmware, the Centrifuge Platform can proactively warn you any time a new public vulnerability impacts or threatens any of your connected devices. Any industry with connected devices can benefit form the Centrifuge Platform. Medical, auto, financial… you get the picture. There’s no need for special libraries, there’s no need for monitoring agents. In fact, we don’t even need access to your network, so what makes us uniquely qualified… Actually, let me talk about our customers. That’s probably more important. So our customers today are actually taking action now to secure their firmware and protect the integrity of their supply chain. (Time Limit Buzzer)
Recent Posts
Do We Need to Watch the Eyes Watching Us?

Do We Need to Watch the Eyes Watching Us?

On May 21, 2019 the New York Times reported that the Trump Administration is considering a limit on Hikvision’s ability to buy American technology. Hikvision is one of the world’s largest surveillance camera manufacturers and is 42% owned by the Chinese...

Deep Dive into Binary Firmware Analysis

Deep Dive into Binary Firmware Analysis

The Centrifuge Platform is capable of analyzing binary firmware for previously unknown vulnerabilities and providing detailed reports of great use to developers and vulnerability researchers alike. This document details the interpretation of these code analysis...

The Current State of IoT Security Sucks: Blame the Manufacturers

The Current State of IoT Security Sucks: Blame the Manufacturers

The Current State of IoT Security Sucks: Blame the Manufacturers A recent 2019 Cyber Threat Report by SonicWall illustrates the alarming volume of IoT attacks that occur year-over-year. In my opinion, you can blame the manufacturers – and here’s why. Source: SonicWall...