Firmware Hackers – ReFirm Innovation Sandbox 2018
Firmware Hackers Find New IoT Vulnerabilities
Firmware… it’s running on practically every internet connected device. And because it cannot be protected by traditional security products, it has become a favored target for hackers and state sponsored actors. And firmware hackers are finding ways to manipulate and gain access to networks using these devices.
Here’s a true story: A Fortune 100 customer used our platform to analyze the firmware in their widely deployed security cameras. They found threats that firmware hackers can manipulate. But the most disturbing threat they found was hard coded backdoor accounts. Armed with this information they started digging through their network, and they were shocked at what they found. Their corporate traffic was going out of these cameras to a foreign IP address they didn’t recognize.
Now, this camera, made by a foreign company, happens to be one of the world’s top selling enterprise security cameras with over 20 million units sold. Thankfully, the Fortune 100 company was able to block the malicious traffic and justify the replacement of every single camera on their network.
Now think about this.
What if these connected devices with these types of threats are in your corporate network right now. Or in a bank. Or in a nuclear power plant. Finding these types of threats before something catastrophic happens has been nearly impossible, until now.
Introducing the Centrifuge Platform – the first cloud-based solution that can rapidly analyze and continuously monitor the health and status of firmware – no source code required. Built with our patent pending technologies, we can reveal things like embedded crypto keys, both public and private, password hashes, publicly know vulnerabilities, and – an industry first for firmware – potential zero-day vulnerabilities. All in one comprehensive report. And by continuously monitoring the firmware, the Centrifuge Platform can proactively warn you any time a new public vulnerability impacts or threatens any of your connected devices.
Hackers Can Manipulate IoT Devices
Any industry with connected devices can benefit form the Centrifuge Platform. Medical, auto, financial… you get the picture.
There’s no need for special libraries, there’s no need for monitoring agents. In fact, we don’t even need access to your network, so what makes us uniquely qualified… Actually, let me talk about our customers. That’s probably more important. So our customers today are actually taking action now to secure their firmware and protect the integrity of their supply chain. (Time Limit Buzzer)
IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it.
One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares!
With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here’s how to save time and money.