Automatically address IoT Security Guidelines of UK Government by Firmalyzer Enterprise Automated Firmware Security Analysis Platform

In October 2018, Government of UK published code of practice for IoT vendors to improve the security of consumer IoT products. In this blog post, we explore those guidelines that are applicable to IoT device manufacturers and show how they can be addressed automatically using Firmalyzer platform.

Read more

Firmalyzer discovered high-severity vulnerabilities in PLCNext, the next generation PLC device of Phoenix Contact

With the advent of 4th industrial revolution the automation technology has undergone a rapid change. As a result new solutions has been introduced to the market to address new requirements and one of them are the next generation PLC devices. Since those devices are meant to be used in critical infrastructure where security is a high priority, we decided to perform a security assessment on them and our first choice was PLCNext AXC F 2152 made by Phoenix Contact.

Read more

Firmalyzer discovered a high-severity vulnerability in Mydlink-enabled devices

One of Firmalyzer's binary analysis modules is OpenSSL API checker that scans firmware binaries for improper use of OpenSSL APIs such as lack of certificate verification when establishing a TLS connection. Two months ago, Firmalyzer discovered such a vulnerability in a binary named "signalc" included in D-Link DIR-810L "cloud router" firmware.

Read more