CENTRIFUGE: IoT & Embedded Firmware Exploit Identification

  • Ask yourself...

    1.  Is your embedded system or Internet of Things (IoT) device secure from exploitation?
    2.  Did you run your source code through an analyzer to identify insecure coding practices?
    3.  Did you test the final compiled binary just before you went to production?
    4.  Are you aware that compilers can introduce vulnerabilities into your production-line ready firmware image?

    If you answered no to just one of these questions, then you, your product, and your company may be open to unforeseen risks that may tarnish your name, your brand, your reputation, or even your stock price.

  • One Important and Final Quality Assurance Check
    Do you use and link to open source libraries in your firmware image? Do you know if the libraries themselves are secure? Centrifuge can quickly identify vulnerabilities introduced by insecure coding practices, linking to flawed open source libraries, or vulnerabilities introduced by the compilation process itself.

    No source code needed!

    Centrifuge is your roadmap to vulnerability discovery just before you go to production. It's the final step in your development life cycle process.

    Supplier Validation
    Does your company rely upon vendor-provided firmware for integration into your own products? Do you know if your supplier's firmware image is free from vulnerabilities that could -- once integrated into your final product -- open you up to attack and embarrassment?

    Centrifuge requires only a compiled firmware image with a Linux-based filesystem. It does not need nor require access to source code!

    Rapid Exploit Development
    Centrifuge can save significant time and money for governments, intelligence agencies, militaries, and their contractors.

    Instead of starting from ground-zero looking for vulnerabilities in a target's firmware, Centrifuge can point you to the exact binaries, and the function calls within those binaries, that could be exploitable.

    Time is money in government circles, and Centrifuge certainly is a time/money game changer.

  •  
  • Where does Centrifuge fit within my development life cycle?
    We believe it should be the very last step just before production. But you know your processes better than we do. Feel free to contact us to discuss.

    Who should use Centrifuge?
    Manufacturers, integrators, researchers, intelligence agencies and anyone that develops, uses, integrates, or exploits firmware images and does not have access to the source code.

    Centrifuge is just another code validation tool, right?
    Actually, no. Centrifuge does not require access to source code. Centrifuge requires a compiled firmware image with root filesystems. Centrifuge unpacks the filesystems, identifies each executable binary, and analyzes each binary for vulnerabilities without ever seeing one line of source code!

    I have more questions!
    Then shoot us an email or give us a call! You can find all the details you need to contact us right here.