Firmware Security: An overlooked threat
By the end of 2018, more than 23 billion devices were connected to the internet. The majority of these devices are vulnerable to exploitation. They can be hacked in just minutes and cause enormous issues. Becoming part of a botnet to perform a mass DDoS attack, being used as a malicious proxy server, exposing personal data passed through them to the hackers and more importantly providing an easy way for hackers to get access to the private networks are just a few cases that already happened to the hacked devices. For example, the $1 million heist on Russian bank started with hack of a branch router.
Insecure firmware as the whole software stack of a device is the main reason for such attacks. Having very old and vulnerable code-bases, containing a huge amount of outdated vulnerable 3rd-parties, and default or hard-coded credentials are of three main issues a lot of firmwares have in common. On the vendor side, it takes considerable amount of time and budget to find those issues in their firmwares and on the enterprise user side the practice of authentic device risk assessment is nearly impossible since those firmwares which are deployed nearly everywhere are completely black boxes to them. That’s why, according to the 2016 ISACA Firmware Security Report, only 8% of enterprises are fully prepared for vulnerabilities related to the firmware or according to the 2018 SANS industrial IoT security survey, firmware is the most vulnerable aspect of the IIoT infrastructure.
As a solution to these security threats, Firmalyzer enterprise developed the first automated firmware security analysis platform for connected devices. We help different stakeholders perform the security compliance checks as well as risk assessment on the IoT connected devices. The platform provides corporate users and service providers with fine-grained and accurate results about the risks arise from the devices with zero impact on their networks or their customer's premises. The only asset stakeholders need to have is the binary firmware of the device they want to analyze and give it as an input to the platform which automatically analyzes the firmware and reports the security risks. After performing asset discovery and prioritization, they can acquire the firmware for the relevant device assets and give them as inputs to the platform which automatically analyzes them and reports their actual risks. The results can be reported to the desired risk management platform and the mitigations or remediations can be applied based upon in different levels.
Regarding the European CyberAct and future regulations especially for IoT devices and the lack of a suitable standard for IoT device security, we work closely with device vendors to perform a comprehensive IoT security compliance check based on the leading practices and provide them with the current state-of-the-art solutions to be able to deliver the most possible secure devices to the market.
We are seeking a freelance software developer in Antwerp or Brussels to participate in the different steps of development ( design, program and test ) of our innovative solutions:
Skills and experience:
- Bachelor's degree and/or Master's degree in Computer Science or equivalent
- Hands-on experience in Django and Django REST frameworks
- Experience in writing scalable RESTful APIs
- Hands-on experience in application development under Linux environment
- Ability to build data models to integrate with backend services
- Ability to create and maintain SQL and NoSQL databases
- Experience of Software Development tools based on Atlassian Jira and Agile methods
- Proficient understanding of code versioning tools, such as Git and BitBucket
- A disciplined approach to writing and quality assurance
- Understanding of core computer science concepts such as: common data structures and algorithms, profiling/optimization
- Ability to logically document, analyze and solve problems and to keep projects moving
- Must be a self-motivated, organized and strong communicator
- Coordinate multiple tasks simultaneously
- Demonstrated commitment to confidentiality
- Knowledge in software security is a plus
- Experience in DevOps is a plus
Are you interested in being involved in an innovative business providing enterprise-level cybersecurity solutions?
Send your Resume
Job posted on 13/9/2019
Location: Antwerp or Brussels