Microsoft’s Defender for IoT, an antivirus program designed for Internet of Things (IoT) devices, is introducing a new feature called Firmware Analysis. This feature aims to enhance the security of embedded Linux devices by analyzing their firmware for vulnerabilities and known weaknesses.
The Firmware Analysis tool, which is currently in Public Preview, performs an automated analysis of binary firmware images used in IoT devices, such as routers. It scans for potential security vulnerabilities, including hardcoded user accounts, outdated open-source packages, and the use of the manufacturer’s private cryptographic signing key.
The analysis provides insights into the software inventory, weaknesses, and certificates of IoT devices without requiring the deployment of an endpoint agent. It offers various tools to analyze firmware security, such as Software Bill of Materials (listing open-source packages used), CVE Analysis (checking for known security flaws), Binary Hardening Analysis (listing binaries compiled without security flags), SSL Certificate Analysis (identifying expired and revoked TLS/SSL certificates), Public and Private Key Analysis (verifying cryptographic keys), and Password Hash Extraction (checking for secure password hashes).
Users interested in trying out the new Firmware Analysis tool can access it in the Public Preview version of Defender for IoT. They need to upload the firmware image from their endpoint for analysis. The feature is automatically available to users with the Security Admin, Contributor, or Owner roles in Defender for IoT. However, those with the SecurityReader role or who want to use Firmware Analysis as a standalone feature will require the FirmwareAnalysisAdmin role assigned by an admin.
By providing this firmware analysis capability, Microsoft aims to bolster the security of IoT devices and help organizations identify and mitigate potential security risks in their embedded Linux devices.
