CRN looks at the 10 hottest startups of 2019 that are providing new ways to secure IoT devices and deploy applications at the edge, among other things. ReFirm Labs is the leader in firmware security analysis.
In this episode of the The Security Ledger podcast (#167): two stories this week – one from Pittsburgh and one from New York – have highlighted anxiety about Chinese made cameras and other security gear deployed in U.S. government agencies and in cities and towns. We’re joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks are real -and growing.
“ReFirm Labs, a Maryland-based cybersecurity company, found in 2017 that some Dahua cameras could allow intruders access to the video feeds. Dahua released updated firmware to address the issue, although ReFirm cofounder Terry Dunlap said a different backdoor appeared in the new firmware version.”
“The particular placement of this back door did not strike us at all as being accidental. It looked like it was purposefully obfuscated by whoever put it there,” said Terry Dunlap, co-founder of ReFirm Labs and a former National Security Agency analyst.
Cisco and other surveillance camera manufacturers came under increasing scrutiny in 2013 for the security practices of technology linked through the internet. During a presentation at the Black Hat security conference that year, ReFirm Labs own Craig Heffner, demonstrated how to hack into surveillance cameras made by Cisco and others.
Bloomberg reports on the impossible task facing the US Government of removing banned security cameras . ReFirm Labs research points out that Dahua cameras contain an unauthenticated remote backdoor within its firmware. This allows US adversaries to tap into them and send information to China.