Microsoft could finally be cutting down on this security flaw

IoT Devices
(Image credit: Shutterstock) (Image credit: Shutterstock)

Defender for IoT, Microsoft’s IoT-oriented antivirus program, is getting a new feature to cut down on firmware attacks. Called Firmware Analysis, the feature does exactly what the name suggests - analyses firmware in embedded Linux devices for vulnerabilities and known weaknesses. 

The tool, which is currently in Public Preview, can scan the firmware for devices such as routers, looking for known vulnerabilities like hardcoded user accounts, outof-date open-source packages, or the use of the manufacturer’s private cryptographic signing key.

"Firmware analysis takes a binary firmware image that runs on an IoT device and conducts an automated analysis to identify potential security vulnerabilities and weaknesses," said Microsoft's Derick Naef. "This analysis provides insights into the software inventory, weaknesses, and certificates of IoT devices without requiring an endpoint agent to be deployed."

Analyzing firmware

At the moment, the tool offers different tools that analyze IoT device firmware security such as Software Bill of Materials (lists open-source packages used to build the firmware), CVE Analysis (analyses firmware components for publicly known security flaws), Binary Hardening Analysis (lists binaries compiled without security flags), SSL Certificate Analysis (pinpoints expired and revoked TLS/SSL certificates), Public and Private Key Analysis (verifies public and private cryptographic keys in the firmware), and Password Hash Extraction (checks if the password hashes use secure cryptographic algorithms). 

Those interested in giving the new tool a spin should head over to “Firmware analysis (preview) in Defender for IoT and upload the firmware image from their endpoint.

"The Defender for IoT Firmware Analysis feature is automatically available if you currently access Defender for IoT using the Security Admin, Contributor, or Owner role," Microsoft says. "If you only have the SecurityReader role or want to use Firmware Analysis as a standalone feature, then your Admin must give the FirmwareAnalysisAdmin role."

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.