Microsoft has confirmed the acquisition of ReFirm Labs as part of a broader effort to improve the security of IoT devices. The terms of the transaction were not disclosed.
The ReFirm team is the developers behind Binwalk Open Source, which is a tool for detecting and extracting files and codes in firmware images. Binwalk was launched in 2010; since then, its technology has evolved into a series of products that can discover and report known flaws in IoT devices, potential zero-day vulnerabilities, encryption keys, backdoor passwords, and other issues. Founded in 2017, ReFirm Labs has a broader collection of enterprise vulnerability management tools.
David Weston, Microsoft’s director of enterprise and operating system security, explained that its technology plays an important role in the field of IoT security, and it “bridges the gap between IT and OT today… such as vulnerabilities. Evaluate and identify things like missing patches and security issues on IoT devices.”
Weston said that people need to be able to more easily assess and maintain the safety of connected devices, from smart light bulbs to OT tools. ReFirm Labs’ technology does not require the security team to have expertise in reverse engineering firmware to meet this need.
He went on to say that what ReFirm Labs brings to Azure Defender for IoT and other security products is “basically a drag-and-drop security analysis.” The user can drag the firmware onto the ReFirm product, and the ReFirm product decompresses it, and uses its firmware extraction technology to evaluate each file in the firmware package, looking for known vulnerabilities, predictable passwords and loose secrets, such as private Key, and then generate reports and database entries based on its findings.
Weston said that this scan will ultimately determine whether the device can be safely connected to the Internet or corporate network, noting that this is a security hole for many companies. A recent study commissioned by Microsoft found that 83% of surveyed companies have experienced firmware security incidents, but only 29% of companies allocate resources to protect firmware.
A key challenge for firmware security lies in the supply chain. Device manufacturers usually use third-party software and components in their products, but do not have the tools or resources to analyze the components before using them. Therefore, their equipment may have security vulnerabilities.
ReFirm’s technology is designed to build Microsoft’s current security capabilities in Azure Defender for IoT. Manufacturers will be able to upload firmware to Azure Defender for IoT for security assessment and fix vulnerabilities before shipping the device. Weston explained in a blog post about the acquisition that, on the business side, those who use connected devices can understand which defects need to be fixed and apply the required patches through Azure devices.
Although firmware security is currently a serious problem in the Internet of Things, it is also a cross-device problem. Microsoft plans to extend ReFirm’s detection function beyond the Internet of Things.
“In the long term, the vision of ReFirm integration is to start with IoT and then extend it to other products, such as Microsoft Defender ATP, and enable you to understand all these unique operating systems and firmware that make up modern computers,” Weston said.
It has been nearly a year since Microsoft acquired IoT/OT security company CyberX as part of its strategy to extend Azure IoT cloud-based security monitoring to industrial network equipment. CyberX’s technology and Azure Defender for IoT will monitor and detect attacks; the role of ReFirm is to determine whether a device is safe and whether it needs to be updated.
The ReFirm team will join Microsoft as part of the acquisition, bringing its expertise and Centrifuge firmware platform to improve its ability to analyze and protect firmware.
Kelly Sheridan is a full-time editor of Dark Reading. She focuses on cybersecurity news and analysis.She is a business technology reporter. She has previously reported on Microsoft for InformationWeek, and has reported on finance in insurance and technology… View full bio