Centrifuge IoT Security Platform Updates – April 2017

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

The dev team at TNS makes ongoing updates to the Centrifuge IoT Security Platform. Here’s a list of the most recent changes:

General

Emulation has made its way to the top of our priority list.But stable extraction quickly superseded emulation based on user activity.The CSP tool automatically emails the development team whenever there’s an error during processing.

Upgrading/Compatibility

New models were added to the database schema; performing a migration is recommended.

Extractors

Firmware image “extracted” directory is always created, even when Binwalk decides it doesn’t feel like doing it.Symlink fixup and recursive file system image extraction have been abstracted out of the BinwalkExtractor and are now available for use by all Extractors.Created .tar file extractor.Created .gz file extractor, which queues a subsequent extractor to extract whatever was compressed.All extractors create a -root directory, which is required for Analyzers to be executed.

Analyzers

Began working on an Analyzer that identifies common web server platforms present in the firmware image.Created an Entropy Graph Analyzer that separates graph creation from extraction. This works around an issue Binwalk caused by attempting to overlay signatures on the entropy graph when there is a large number of signatures (greater than ten).

WebUI

User login sessions persist across server restarts.

Minor

Identified CVEs are sorted by date in reverse order; most recent CVE is presented first.

 

Thanks for your continued support! We appreciate your efforts to secure your IoT devices.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
100 Followers
About Tactical Network Solutions
Are you concerned about risky, vulnerable embedded firmware in IoT devices, connected medical devices, automotive ECUs and industrial control systems? You're not alone. Since 2007, Fortune 500 companies and governments around the world have sought out Tactical Network Solutions for reverse engineering training programs, firmware evaluations, and cyber risk mitigation strategies. Clients are excited to leverage our automated firmware evaluations and consulting performed with the proprietary Centrifuge IoT Security Platform. The evals are completed with NO access to source code on compiled images containing a Linux-based root filesystem compiled for either MIPS, ARM, or X86. We also support QNX (a real-time operating system) and Docker containers. TNS evaluations have revealed thousands of hidden attack vectors including erroneously placed private crypto keys, insecure binaries with highly vulnerable function calls and other rampant security holes on embedded firmware. Our community of clients includes firmware developers, underwriters, law firms, governments and intelligence agencies worldwide who share a common goal: to discover hidden attack vectors in IoT and connected devices.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel