Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

February 13, 2020 |

ReFirm Labs Announces New Centrifuge Platform Capability for Detecting the HiSilicon Vulnerability in the Firmware of Digital and Network Video Recorders

The new vulnerability detection capability in ReFirm Labs’ flagship IoT security platform detects backdoors in the firmware of some HiSilicon-based devices, preventing bad actors from gaining control over IoT devices.

FULTON, Md. (PRWEB) February 13, 2020

ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced a new capability of its Centrifuge PlatformÆ that detects the presence of backdoors in the firmware of some digital and network video recorders (DVRs/NVRs) that use surveillance chips from HiSilicon, a subsidiary of Huawei. The firmware in question is used in devices from dozens of original equipment manufacturers.

“The HiSilicon vulnerability illustrates that connected devices continue to be brought to market with critical vulnerabilities that are the result of poor security practices and unclear sourcing of software components in the cyber supply chain,” said Derick Naef, CEO of ReFirm Labs.

“This is the newest example of 3rd-party binaries being introduced into network-connected devices without proper security vetting or validation,” said Naef. “Whether these kinds of vulnerabilities are malicious or the result of human error, companies need to have better visibility into the security of their supply chain components. This kind of vulnerability demonstrates why there’s an important need to analyze the firmware of IoT devices before deploying them into networks.”

Firmware is the embedded operating software in the hardware of an IoT device. It is a commonly unprotected attack surface that attackers use to get a foothold in a network — an unsecured IoT device is essentially an unlocked front door, which means that once attackers take over an IoT device, they can move laterally into a corporate network. Attackers actively exploit weaknesses in IoT security not to attack the devices themselves, but as a jumping off point for all kinds of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.

The HiSilicon backdoor allows an attacker to activate the built-in Telnet service and then use hardcoded passwords to gain control of a device. Such backdoors could then be exploited by bad actors for corporate espionage or government surveillance. According to security researcher Vladislav Yarmak, this particular backdoor has been deployed in at least three different versions of software development kits (SDKs) for the surveillance chips since 2013. Some security researchers have noted that the affected software SDKs likely came from Xiongmai, a Chinese electronics manufacturer with a well known reputation for delivering insecure IoT devices.

ReFirm Labs’ Centrifuge PlatformÆ is the first solution that proactively manages the security of firmware — a specific class of software that provides the low-level control for the hardware of an IoT device. Centrifuge PlatformÆ can identify and report abnormalities and vulnerabilities in firmware in less than 30 minutes. It allows companies to quickly analyze their firmware for hidden dangers and respond immediately to potential weak spots. Highly scalable, automated and cloud-based, Centrifuge PlatformÆ is a simple and reliable way for monitoring security across an entire system of deployed IoT devices without the need for agents or access to the network itself.

For more information about Centrifuge PlatformÆ, go to https://www.refirmlabs.com/centrifuge-platform.

About ReFirm Labs
ReFirm Labs provides the industry’s first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices from hidden threats. Its flagship product, Centrifuge PlatformÆ, detects and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and known vulnerabilities in IoT devices without needing access to source code. ReFirm Labs’ technology has been proven to provide the insight and intelligence needed for users to proactively defend connected devices and maintain compliance and the integrity of supply chain security. Founded by a team of former NSA offensive cyber operators, ReFirm Labs is trusted by government agencies and Fortune 500 companies that operate in a wide variety of industries, including: telecommunications, cloud infrastructure and data centers, automotive, health care, utilities, and manufacturing. For more information, visit http://www.refirmlabs.com or follow on Twitter @ReFirmLabs.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience