Microsoft previews Defender for IoT firmware analysis service


Microsoft announced a new Defender for IoT feature that will allow analyzing the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses.

Dubbed Firmware Analysis and now available in Public Preview, the new capability can detect a wide range of weaknesses, from hardcoded user accounts and outdated or vulnerable open-source packages to the use of a manufacturer’s private cryptographic signing key.

“Firmware analysis takes a binary firmware image that runs on an IoT device and conducts an automated analysis to identify potential security vulnerabilities and weaknesses,” Microsoft’s Derick Naef says.

“This analysis provides insights into the software inventory, weaknesses, and certificates of IoT devices without requiring an endpoint agent to be deployed.”

Read more…