To illustrate how we tackle the issue of firmware inspection, Nozomi Networks Labs selected a popular facial/thermal recognition camera and describes how to analyze the firmware in detail.
Nozomi Networks Labs published three new vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) affecting multiple Axis devices. The transparent approach applied by Axis into security review allowed Labs to perform an immediate static analysis and verification of the vulnerabilities.
One of the most challenging tasks for a cybersecurity researcher is getting access to the underlying file system in OT devices to do a full analysis of potential attack vectors. This blog describes techniques for extracting firmware directly from the hardware and reading the flash content, a critical skill in a structured research team.
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
Nozomi Networks Labs has discovered a remote code execution vulnerability in the Annke N48PBB network video recorder. We urge network defenders to check their systems for the device, and apply the available patch immediately.