National Security Agency Veterans Develop Automated Platform To Detect Firmware Vulnerabilities In Billions of IoT And Other Connected Devices
Just-Published ReFirm Labs Report Finds Major Security Problems in Popular Consumer And Enterprise Cameras from TRENDNet, Belkin, and Dahua
FULTON, Md., Nov. 15, 2017 (GLOBE NEWSWIRE) -- ReFirm Labs today announced it has received $1.5 million in initial funding and is launching its Centrifuge Platform, which automatically detects security vulnerabilities in the firmware that runs billions of Internet of Things (IoT) devices, consumer electronics and other connected enterprise machines. ReFirm Labs is backed by DataTribe, which contributed $1.5 Million in seed-stage capital. DataTribe is a startup studio specializing in co-building cybersecurity, analytics and big data product companies coming out of intelligence agencies and government research labs.
Led by National Security Agency (NSA) alumni, ReFirm Labs aims to close the firmware security gap exploited by hackers to gain control of or disable IoT devices such as digital cameras, home appliances, routers, servers, printers and other connected machines. These common devices can be remotely taken over, destroyed or hijacked for Botnet attacks that effectively shut down or slow major web services such as Twitter, Spotify, Netflix, and PayPal. Distributed denial of service (DDoS) attacks use infected devices to bombard websites and have cost some organizations as much as $22,000 a minute in lost business and remediation costs.
“Manufacturers often have little visibility or control over the firmware of third-party components that are integrated into their devices,” said ReFirm Labs CEO and co-founder Terry Dunlap, an NSA veteran with deep experience in wireless network security. “ReFirm Labs’ Centrifuge Platform makes it possible to rapidly assess the security posture of a device at any point in the lifecycle chain, identifying backdoor accounts, hard-coded passwords and potential zero-day threats.”
Other key members of the ReFirm Labs team include co-founder and CTO Peter Eacmen, a Naval Postgraduate School alumni and former Department of Defense cyber expert for the NSA, FBI, and US Special Forces; and Principal Research Engineer Craig Heffner, author of the open source firmware project “binwalk,” a tool for reverse engineering compiled firmware images of embedded systems, and Firmware Mod-Kit. Additionally, John Stewart, Chief Security Officer of Cisco and Jay Emmanuel, Chief Architect at DataTribe, joined the ReFirm Labs board of directors.
Security Flaws In Four Popular Routers and Cameras, New Report Finds
ReFirm Labs also published a 44-page Firmware Vulnerability report today highlighting major, recently-discovered security flaws in four popular consumer and enterprise cameras and routers from TRENDNet, Belkin, and Dahua. The release of this report demonstrates the “deeper dive” capability of the Centrifuge Platform. The report can be found on the firm’s website. www.ReFirmLabs.com.
“Current tools assess the integrity of firmware through source code analysis. But they don’t tell you anything about the security posture of a shipped or patched firmware image that is found in every connected device at home or work,” said Dave DeWalt, DataTribe Investment Board Member and former FireEye CEO. “Terry and his team have developed a much-needed, automated method of analyzing firmware at unprecedented speed and scale.”
Growing Risks of IoT Firmware
Industry analysts project that more than 32 billion IoT devices will be deployed by 2020. This could provide cyber criminals and other actors with the potential to wreak havoc by exploiting devices that are assembled from unverified components and deployed without the ability to track and fix new vulnerabilities as they become apparent. Firmware is the software embedded on hardware devices that enable their distinctive functionality. Firmware is highly specialized and rarely updated — when compromised, it can allow hackers to gain alarming levels of control.
“We live in a whole new world where the digitization of business means that an asset is no longer just a laptop or server, but includes billions of IoT devices,” said Amit Yoran, CEO, Tenable. “Organizations need to understand, manage and measure this modern attack surface holistically – analyzing their IoT devices alongside cloud, mobile, SaaS, operational technology (OT) and even the code itself. The ReFirm Labs Firmware Vulnerability Report represents critical research that will help organizations reduce their Cyber Exposure risk in the context of a dynamic threat environment.”
About ReFirm Labs
ReFirm Labs is an enterprise, consumer, and IoT security company that has developed a radically new approach to securing connected devices through a process of firmware validation. By rapidly identifying security vulnerabilities in networked devices, ReFirm Labs helps protect manufacturers and large enterprises from the devastating technical, social, and financial costs of firmware-level attacks. Built by a group of world-class experts in IoT security, the company’s Centrifuge Platform automates a proprietary firmware analysis process developed for high-stakes security applications. ReFirm Labs is backed by DataTribe and headquartered in Fulton, MD. www.ReFirmLabs.com.
About DataTribe
DataTribe was launched in 2015 with the vision of empowering technologists in the Washington, D.C. region to build and grow successful product companies. Founded by leading investors, startup veterans and alumni of the U.S. Intelligence Community, DataTribe commits capital, in-kind business services and decades of professional expertise to co-build the next generation of cybersecurity, big data and analytics companies. DataTribe is headquartered in Fulton, MD, with offices in San Francisco, CA. www.datatribe.com.
Media contact: Jennifer Izquierdo (443)-474-0216