ReFirm Labs’ platform automates the process of finding security vulnerabilities in IoT firmware. It’s the latest ex-NSA team to take up residence at DataTribe in Fulton.
Refirm Labs recently rick-rolled a security camera.
It wasn’t meant to be a prank. In fact, it was an example of the company’s capabilities.
According to a report issued this week by the Fulton-based company, one specific camera model marketed by TRENDnet has a vulnerability within its own data security system. Using its platform Centrifuge, members of the company were able to exploit the opening to get access to the internet-connected camera’s video feed. Then they replaced the feed with the infamous Rick Astley gif.
CEO Terry Dunlap said the vulnerability exists in the camera’s firmware, or the software that is used to control the hardware. The company also found vulnerabilities in cameras made by Belkin and China-based Dahua. In the case of the Dahua camera, Dunlap believed the vulnerability didn’t show up by chance. He didn’t speculate further about how it showed up, but said the hole leaves it open to a potential attack.
“There’s no reason for it to be there,” he said. “It’s not a programming error. It’s not a logic error. It was done intentionally.”
The 44-page report the company produced about the findings generated headlines this in the Washington Post and Forbes, as it showed that the TRENDnet cameras still had vulnerabilities even though the company settled with the Federal Trade Commission over similar concerns in 2013.
It was the first splash for the company, which Dunlap spun out of his 10-year-old government contracting company Tactical Network Solutions. ReFirm Labs also recently closed on $1.5 million in seed funding from Fulton-based startup studio DataTribe.
A former National Security Agency employee, Dunlap and team members went to the private sector in 2007 and developed expertise in reverse engineering firmware. Along with cameras, firmware is key to Internet of Things devices and other types of connected hardware. As the company taught workshops, Dunlap said he started seeing interest from other contractors, as well as large companies looking to create internet-connected devices. The idea behind reverse engineering is that if the companies understand how an attacker could break into a device, they can build products that are more secure.
With the potential for a would-be attacker taking full control of a device, attention to security has come alongside predictions of a big growth of internet-connected devices. The NSA has identified IoT security as a major area of concern. Just this fall, Morgan State recently opened a lab dedicated to reverse engineering research.
For ReFirm Labs, the fact that the larger firms were interested signaled a wider need.
“There was an obvious need not just to teach people how to do this by hand, but there was really a lack of automated tools out in the public or in the commercial space that would rapidly reverse engineer firmware,” Dunlap said.
Company members developed an open source project binwalk, as well as what would become the Centrifuge platform – which Dunlap said has some additional internal elements. Reverse engineering is typically done “by hand,” but Dunlap said the company figured out how to automate the process of finding vulnerabilities.
“This is typically a very manual, painstaking process, but we’ve been able to develop code that can look for these things quickly and very accurately,” he said.
At first, the development was within Tactical Network Solutions. The product-focused startup didn’t start to come into view until Dunlap said he “begrudgingly” attended a TechBreakfast in Columbia one morning. That’s where he met leaders of DataTribe, who eventually decided to invest in the company to take the platform to the commercial market.
Now, Dunlap is back in startup mode. He and four other TNS employees are now working at DataTribe and building ReFirm Labs. The company recently brought on a vice president of sales, and is looking to bring on a VP of engineering and Android reverse engineer.
At DataTribe, the company has access to resources that help with building and marketing a product company. ReFirm Labs is the latest to move into the space after companies from its initial round including industrial control systems security company Dragos and encryption company Enveil raised institutional rounds of funding and moved to their own nearby offices. As DataTribe cofounders Bob Ackerman and Mike Janketold us earlier this year, DataTribe looks to help technologists that worked inside the area’s government agencies become startup founders and develop a business that can scale.
ReFirm Labs also happens to be a spinout from a services company, which has also been flagged as a potential source of more startups in a state that’s heavy on government contractors. Dunlap has experience as a business owner, but he acknowledges he still has a lot to learn. “It’s a company,” he said of Tactical Network Solutions. “But it’s not a commercial software company, which is a different beast.”
The company is looking to work with larger partners who contract out production of device components to third-parties.
“When that’s all said and done, just before you go to production line, Centrifuge will tell you where the vulnerabilities are,” Dunlap said.
The company already counts early clients like AT&T and CableLabs. It’s also worked with Mattel on a version of hologram Barbie, which acts as a personal assistant.
“Mattel wanted us to take a look at it to make sure nobody could hack into it from the outside and make Barbie do malicious things,” Dunlap said.