Microsoft acquires ReFirm Labs to up IoT security

  • June 9, 2021
  • Steve Rogerson

Microsoft has acquired Maryland-based ReFirm Labs to enhance IoT security.

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function such as high-speed networking, graphics, disc IO, AI and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices that contain multiple specialised sub-processors each with its own firmware layer and often a custom operating system.

Many vulnerability-analysis and endpoint detection and response tools find it difficult to monitor and protect devices at the firmware level, leading to a security gap for attackers to exploit.

“At the same time, we have also seen growth in the number of attacks against firmware where sensitive information like credentials and encryption keys are stored in memory,” said David Weston, Microsoft’s director of enterprise and OS security.

A recent survey commissioned by Microsoft of 1000 security decision-makers found 83 per cent had experienced some level of firmware security incident, but only 29 per cent were allocating resources to protect that critical layer. And, according to March 2021 data from the National Vulnerability Database, difficult-to-patch firmware attacks are continuing to rise.

Microsoft’s Azure Defender for IoT team – formerly Cyber X – recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices

The challenge in securing these devices starts with securing the supply chain. Device builders typically integrate third-party software and components, but they are missing the tools and the expertise in analysing the components they consume and, as a result, may unknowingly ship devices with security vulnerabilities.

This is where ReFirm Labs comes in. Microsoft believes firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface.

“We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs,” said Weston “We are excited to announce that ReFirm Labs is joining Microsoft to enrich our firmware analysis and security capabilities across devices that form the intelligent edge, from servers to IoT.”

The addition of ReFirm Labs to Microsoft should bring both expertise in firmware security and the Centrifuge firmware platform to enhance its ability to analyse and help protect firmware backed by the power and speed of the cloud.

ReFirm is the author of the Binwalk open-source software, which has been used to analyse thousands of device types for firmware security issues, uncovering unpatched common vulnerabilities and exposures, insecure secrets, and a multitude of other security problems in plugin IoT devices and embedded firmware.

ReFirm’s firmware analysis technology should advance Microsoft’s capabilities to help secure IoT and OT devices via Azure Defender for IoT which was recently enhanced with technology from its acquisition of Cyber X.

“Together, we will provide device builders and customers the ability to discover, protect and assess device risk both at the firmware and network level and then patch devices with an easy-to-use cloud-based solution,” said Weston.

Microsoft has already taken steps to bring the power of the cloud to help secure and eliminate gaps between hardware and software with the announcement of secured-core PCs, the creation of the Pluton security processor with partners, and most recently the extension of secured-core to servers and edge devices.

“This acquisition marks the next step in our journey and ability to help secure customers from the chip to the cloud, backed by more than 3500 defenders at Microsoft and the more than eight trillion security signals we process every day,” said Weston. “We are thrilled to take this next step with ReFirm Labs to proactively address what is already becoming the next big attack surface, firmware. Together, we will continue to provide innovation and value to our customers by helping them discover, monitor and update all of their network-connected devices. The technology and expertise that ReFirm brings will be an incredible addition to Microsoft and help us continue to deliver on our commitment to protecting from the chip to the cloud.”