ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced the Spring 2019 release of major updates to its flagship Centrifuge Platform® that vets, validates and continuously monitors the security of the firmware that runs billions of IoT devices, consumer electronics and other connected enterprise machines. The most notable update is the platform’s enhanced capability to support extraction and analysis of Unified Extensible Firmware Interface (UEFI) firmware images that underpin the laptops, desktops and servers that power cloud providers, enterprises and government customers.
In addition, ReFirm Labs also announced the launch of Binwalk ProTM, the most advanced firmware extraction solution on the market. It is an expanded, cloud-based, subscription version of the popular Binwalk open source project, a standard automated tool used by tens of thousands of product security professionals and researchers around the world.
“Most security solutions in the IoT space at the firmware level are reactionary – people are waiting for something bad to happen, then once there’s a breach, they decide to how to fix it. At ReFirm Labs, we are proactively targeting firmware, before it even leaves the factory,” Derick Naef, CEO of ReFirm Labs. “With the release of updates to our flagship Centrifuge Platform and the launch of Binwalk Pro, we’re continuing to develop new tools and add features to our tech platform that are helping developers and penetration testers more efficiently manage the proactive security of their IoT devices, and prevent attackers from gaining a foothold in a network.”
Centrifuge Platform® is the industry’s first proactive IoT and firmware security solution that finds vulnerabilities before attacks happen. It identifies and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and already known vulnerabilities in IoT devices, all without needing access to source code. Highly scalable, automated and cloud-based, Centrifuge Platform® can identify and report firmware abnormalities and vulnerabilities in less than 30 minutes, allowing companies to quickly analyze their firmware for hidden dangers and respond immediately to potential weak spots.
The Spring 2019 updates to Centrifuge Platform® include:
* MALWARE AND KNOWN EXPLOIT DETECTOR: Leveraging ReFirm Labs’
decades of experience analyzing firmware images for security vulnerabilities, Centrifuge Platform® adds a new analysis engine that looks for known malware and exploits in firmware. Because IoT device manufacturers frequently use closed and open source components across their entire suite of products, an exploit that has been uncovered in one manufacturer’s device may be present in other products, as well.
Centrifuge Platform’s Malware and Known Exploit Detector uses ReFirm Labs’ proprietary signature database to quickly identify and flag a firmware image with a known exploit.
* UEFI FIRMWARE ANALYSIS: Last fall, the first UEFI Rootkit was found in the wild – the LoJax malware infects the underlying firmware powering laptops, desktop and servers and is able to persist even when the entire operating system is replaced. Centrifuge Platform® has been enhanced to support extraction and analysis of UEFI firmware images, including detecting if a given UEFI firmware is infected by the LoJax malware.
* ALL-NEW, WEB-BASED FILE SYSTEM BROWSER: Providing a greater amount of information about embedded files and permissions, the new file system browser includes a full search feature to find specific files quickly.
It also includes a web-based hex viewer that allows product security professionals to inspect file content without having to download the entire file system.
* AUTOMATED ALERTS WHEN NEW VULNERABILITIES ARE FOUND: Recent research shows that it only takes three days, on average, for a vulnerability to be exploited. With this release, as long as a firmware image remains on the Centrifuge Platform® and when new vulnerabilities are found, users are automatically notified via email so they can take the necessary steps to protect and remediate the vulnerability on their IoT devices.
Binwalk was created in 2010 by vulnerability researcher Craig Heffner, now principal reverse engineer at ReFirm Labs. A tool that extracts embedded filesystems from firmware images, Binwalk is used by tens of thousands of developers, penetration testers, hackers and hobbyists to reverse engineer firmware images. Binwalk has more than 4,400 GitHub Stars and is embedded in several penetration testing tools such as Kali Linux.
Binwalk Pro™ offers enhanced support for encrypted file systems and overall improved extraction performance than Binwalk’s open source version, providing users with the broadest support for extraction of QNX, JFFS2, CramFS and YAFFS file systems, as well as Docker containers and UEFI. As a cloud-based product, Binwalk Pro™ does not require downloads or installation of source code; creates a central repository for all firmware images and extraction work; and offers an easier navigation of the file system along with easy file searching and a graphical file viewer. Binwalk Pro™ is offered as a monthly subscription, starting at $10/month, based on the number of firmware images uploaded.