Securing Your Firmware Podcast
These days, most of us have a pretty good handle on protecting the software our computers run from viruses and other types of malware. We’re careful about downloading and installing software from unknown, insecure sources, and run antivirus applications to help keep everything safe. But what about the system-level code that runs deep within the devices we rely on every day? What about the firmware? Well, the securing firmware podcast can help! Listen today.
Our guest today is Terry Dunlap. He’s CEO and co-founder of ReFirm Labs, a tech startup that’s focused on firmware — analyzing the code and helping manufacturers, organizations, and governments ensure their devices haven’t been compromised. He’s got a colorful history that includes teenage hacking, time at the NSA, and the founding of several companies.
In the episode, Terry tells us more about his early years and what got him interested in cyber security, and his views on what our biggest threat is in IoT and firmware security today. He also explains what companies and enterprises can do to secure their networks. On the securing firmware podcast we cover these topics and others having to do with securing firmware in IoT devices and the networks they’re connected to.
Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware.
Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers.
In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to wireless.htm, it can cause a buffer overflow.