October 3, 2023

Defender for IoT, Microsoft’s IoT-oriented antivirus program, is getting a new feature called Firmware Analysis to thwart firmware related attacks. It analyses firmware in embedded Linux devices for vulnerabilities and known weaknesses.

The tool currently in Public Preview, can scan the firmware for devices such as routers, looking for known vulnerabilities like hardcoded user accounts, outof-date open-source packages, or the use of the manufacturer’s private cryptographic signing key.

This analysis provides insights into the software inventory, weaknesses, and certificates of IoT devices without requiring an endpoint agent to be deployed.

Advertisements

Those interested in giving the new tool a spin should head over to “Firmware analysis (preview) in Defender for IoT and upload the firmware image from their endpoint.

Currebtly tools that offer different tools that analyze IoT device firmware security such as

  • Software Bill of Materials (lists open-source packages used to build the firmware),
  • CVE Analysis (analyses firmware components for publicly known security flaws),
  • Binary Hardening Analysis (lists binaries compiled without security flags),
  • SSL Certificate Analysis (pinpoints expired and revoked TLS/SSL certificates),
  • Public and Private Key Analysis (verifies public and private cryptographic keys in the firmware),
  • Password Hash Extraction (checks if the password hashes use secure cryptographic algorithms).
Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: