Firmware Reviewer provides in-depth firmware analysis (binaries, file systems, containers, virtual machines, IoT, UEFI, Appliances, Network Devices, Smart Meters, Surveillance devices, Drones, etc.), allowing to explore vulnerabilities at the same time to keeping the software securely in your own hands, at your premises. It can be used for a bunch of binary file formats, withNo need of related physical device.
...
The OWASP Firmware Security Testing Methodology is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments. Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on its main task: Analyzing the firmware (and finding vulnerabilities). Firmware Reviewer implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting and is able to assist you during all the nine stages:
...
In October 2018, Government of UK published code of practice for IoT vendors to improve the security of consumer IoT products, The document listed 13 guidelines for consumer IoT devices that are connected to the Internet and/or home network such as smart cameras, TVs, home appliances and home automation systems. The GOV.UK guidelines can also be mapped to several industry standards and best practices on IoT security that includes ENISA and IoT Security Foundation. A detailed mapping between these guidelines has been published in a separate document. The following guidelines were concerned with secure firmware development:
...
Firmware Reviewer automatically addresses those UK Goverment Guidelines. However, there have been different IoT Security guidelines published by different parties as good practices or baselines while there is no global standard for IoT Device Security, which as a result has created confusions in both vendors and users. They not only know which guidelines they should follow or which practices they should apply but also find a significant number of the practices impractical or irrelevant to their cases.
...
Comparison between Versions
The File Compare check is a mechanism to compare a file from a previous run with the file from the current run. It provides more insights into file changes, since it allows comparing two versions of a file rather than comparing only a digest. Last, the Tree Check will produce an informational output listing new files, deleted files, and modified files. Firmware Reviewer can compare several images or single files. Furthermore, Unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
...
In many cases you might want to compare Firmware samples. For instance, you might want to know if and where a manufacturer fixed an issue in a new firmware version. Or you might want to know if the firmware on your device the original firmware is of provided by the manufacturer. If they differ, you want to know which parts are changed for further investigation. Again, Firmware Reviewer is able to automate many of these challenges, like: Identify changed / equal files and Identify changed software versions.
...
DISCLAIMER: Firmware Reviewer never operates on physical devices.
COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.