Certifying embedded firmware within a device has traditionally been a difficult task for certification labs. Device manufacturers typically will not provide testing labs with embedded firmware source code, making it nearly impossible for the labs to spot vulnerabilities or built-in backdoors. Even worse, pre-compiled third-party libraries are often used within embedded firmware source code — meaning not even the device manufacturers are fully aware of what’s in their own devices.
Here’s the good news: ReFirm’s Centrifuge platform requires no source code to examine embedded firmware. It can discover vulnerabilities and potential exploits even if the manufacturer has used third-party libraries. Centrifuge can even examine embedded firmware built using MIPS, ARM, x86_64, SuperH, QNX, and other architectures, rapidly providing a prioritized report of a device’s firmware vulnerabilities.
If you’d like to see how Centrifuge can help you vet and validate embedded firmware, request a demo today.