Firmalyzer enterprise: IoT/connected device firmware security analysis platform
Firmware security: A huge challenge
Majority of organizations have security testing and risk assessment tools in place to continuously scan and monitor their cloud infrastructure and applications running on top of it. However, when it comes to assessing the security of connected devices deployed inside their networks, they are often left with two options: a) using an automated IT vulnerability scanner to scan the device over the network in a hope to uncover remotely exploitable issues without having a clue about the software running inside the device and b) conducting a device penetration testing that usually takes significant resources and is not scalable. This turns into a bigger challenge for system integrators or device manufacturers that use a supply chain of 3rd party firmware binaries, embedded operating systems and software libraries to develop their own devices.
How does Firmalyzer address the firmware security challenge?
Firmalyzer’s firmware security analysis platform enables manufacturers, integrators and enterprises to independently and automatically assess the security of firmware binaries that could contain 3rd party operating systems and software libraries as well as the modules developed in-house. Firmalyzer does not require access to firmware source code, the user only needs to upload the firmware binary of the target device to the platform which automatically analyzes the firmware and reports the security risks.
Platform Features
Discovers known vulnerabilities in both 1st and 3rd party components
Generates Software Bill of Material (BOM) for firmware binaries
Discovers issues in configuration files and ways to fix them
Discovers potential command injection vulnerabilities
Supports Linux & Android based firmwares
Discovers bugs in PHP, Python, Java and JavaScript files inside a firmware
Discovers copyright notes of each component inside a firmware
Discovers default credentials and problematic certificates
Discovers potential buffer overflow vulnerabilities
Processor agnostic