Microsoft buys ReFirm Labs to extend security for IoT and OT devices

Microsoft acquired ReFirm Labs in early June with the aim of making richer firmware analysis and security features for smart edge devices, spanning everything from servers to IoT devices.

Microsoft was most likely already keeping an eye on the open-source Binwalk software developed by ReFirm Labs after learning the results of a survey commissioned by the company itself. The figures revealed that 83% of respondents had experienced some kind of firmware-related security incident, yet only 29% were allocating resources to protect this extremely critical layer. Another revelation in that same vein was made by a US Cybersecurity and Infrastructure Security Agency (CISA) presentation during the RSA 2021 conference, which warned of recent growth in firmware attacks. Along with the US Department of Homeland Security, Microsoft recently listed a series of more than 25 critical vulnerabilities in IoT and OT devices.

It is precisely the firmware layer that ReFirm Labs’ Binwalk attacks. The tool is used to analyze and reverse engineer firmware images, often in search of flaws and vulnerabilities in IoT devices or other systems with embedded firmware.

According to Microsoft, the intention is to use Binwalk to drive advances in Microsoft’s current security capabilities to help protect IoT and OT devices through Azure Defender for IoT, which was recently enhanced with technologies from newly acquired CyberX, such as behavioral analytics for IoT and OT and threat intelligence.

Microsoft comments that this set of technologies is intended to provide device manufacturers and customers with the ability to discover, protect and assess risks at both the firmware and network-level and also provide tools in the cloud to fix any flaws and vulnerabilities.