October 3, 2023

Defender for IoT, Microsoft’s IoT-oriented antivirus program, is getting a new feature called Firmware Analysis to thwart firmware related attacks. It analyses firmware in embedded Linux devices for vulnerabilities and known weaknesses.

The tool currently in Public Preview, can scan the firmware for devices such as routers, looking for known vulnerabilities like hardcoded user accounts, outof-date open-source packages, or the use of the manufacturer’s private cryptographic signing key.

This analysis provides insights into the software inventory, weaknesses, and certificates of IoT devices without requiring an endpoint agent to be deployed.


Those interested in giving the new tool a spin should head over to “Firmware analysis (preview) in Defender for IoT and upload the firmware image from their endpoint.

Currebtly tools that offer different tools that analyze IoT device firmware security such as

  • Software Bill of Materials (lists open-source packages used to build the firmware),
  • CVE Analysis (analyses firmware components for publicly known security flaws),
  • Binary Hardening Analysis (lists binaries compiled without security flags),
  • SSL Certificate Analysis (pinpoints expired and revoked TLS/SSL certificates),
  • Public and Private Key Analysis (verifies public and private cryptographic keys in the firmware),
  • Password Hash Extraction (checks if the password hashes use secure cryptographic algorithms).

Leave a Reply

%d bloggers like this: