Ryan SchradinTechnology continues to redefine how we live and work. Today, the emergence of the Internet of Things (IoT) means everything generates data. That data is used by artificial intelligence (AI) and data analytics tools to make decisions and predict outcomes. And all of these futuristic capabilities are going to be available anywhere thanks in large part to the advancement of 5G and mobile technologies.
With so much data being generated and many devices becoming connected, security needs to be considered. And it can’t be an afterthought.
The upcoming Washington Technology Showcase will be a half-day event that will serve as a platform for a number of truly inventive companies with solutions in three growing and exciting technologies: the Internet of Things (IoT), 5G and artificial intelligence (AI). And one of the companies that will be presenting during the event – ReFirm Labs – is focused on keeping the devices that make up the IoT secure and their data private.
We recently had an opportunity to sit down with one of the company’s co-founders, Terry Dunlap, to talk about why firmware is a target for hackers, why it’s vulnerable to their attacks and how ReFirm Labs’ solutions can help. We also talked about the upcoming Washington Technology Showcase and why technology companies, technologists and investors in the area should consider it a “must attend” event.
Here is what he had to say:
Corporate Growth, Capital Style (CGCS): Can you tell our readers a bit about ReFirm Labs? What are the company’s solutions and what markets does the company serve?
Terry Dunlap: ReFirm Labs is a pioneer in the firmware security space. We’re a group of former offensive cyber operators from the US National Security Agency. We offer developers and users of IoT and embedded devices the ability to rapidly uncover threats like hidden backdoors, hardcoded user credentials, exploitable vulnerabilities, and a host of other attack vectors.
Our focus is on helping customers in the critical infrastructure space: telecommunications, oil and gas, energy, and nuclear to name a few.
CGCS: What is firmware for those that aren’t familiar? How can firmware be a security vulnerability?
Terry Dunlap: Firmware is the low-level operating system that runs your WiFi router, your smartwatch, industrial control systems, security and surveillance cameras, most automobiles today, and the list goes on.
Our research has revealed intentional backdoors placed into the firmware of surveillance cameras made in China. And at the consumer level, we often see WiFi routers in people’s homes that contain hardcoded user accounts and passwords that allow nefarious individuals access to your entire home network and all its devices.
CGCS: Why is the supply chain a security concern for companies? How does ReFirm Labs’ solutions help secure a company’s supply chain?
Terry Dunlap: In most cases, manufacturers do not develop and create all the components of the final product. They rely on components–mostly from China–to supply WiFi or Bluetooth networking, for example. The suppliers do not provide the manufacturer the actual source code used to build the components.
Without access to the source code for these components, the manufacturer is assuming the components are free of defects, backdoors, and malicious code. ReFirm Labs can help manufacturers examine these components for material defects or malicious intent without access to the source code. That way manufacturers can be assured their supply chain is not accidentally, or purposely, compromised.
CGCS: Why is IoT and firmware security increasingly important today? How could an attack against IoT devices negatively impact an organization? What kinds of organizations need to be concerned about this?
Terry Dunlap: It’s a new attack vector that’s gaining in popularity because developers of firmware are not thinking of security. And most security products on the market today are not looking at the firmware level. Most focus on web apps, network traffic, or other anomalous behavior.
As an attacker, I am not interested in your actual IoT device. The reason I would target your IoT devices for exploitation is because your security products are not looking at them. Most security products today can’t even find all the IoT devices on your network. And when I do attack your IoT device, I use it as a staging area or beachhead. This is where I will upload all my tools and begin to move laterally throughout your entire network.
It may be intellectual property I’m after, company secrets, competitive intelligence, or your about-to-be-released quarterly financials, which I could leverage if you’re a publicly traded company.
Any company connected to the Internet should be concerned.
CGCS: Why did ReFirm Labs choose the National Capital region for its headquarters? What does this area provide that made it the right choice for the company?
Terry Dunlap: We chose the region because of the talent pool and access to investment capital that has a national security focus.
CGCS: ReFirm Labs will be attending the upcoming Washington Technology Showcase. Why was this an important event for the company to participate in?
Terry Dunlap: Given the large number of government agencies and companies here with some type of cyber focus or mission, it just makes sense. If anyone understands cyber from both an offensive and defensive cyber perspective, it’s the people, companies, and agencies of the National Capital region.
CGCS: Who do you think could benefit from attending the WTS? What do you anticipate they’ll get out of attending the show?
Terry Dunlap: Anyone who is into cyber should attend. WTS is to cyber geeks as what CES is to electronics junkies. I believe attendees will see first-hand the newest, latest technologies and cyber capabilities as it relates to IoT, 5G, and AI.
For addition information about the Washington Technology Showcase, click HERE.
