• New automated vulnerability analysis of executable binaries via simple plug’n’play process
  • ONEKEY’s Product Cybersecurity & Compliance Platform provides automated analysis for a wide range of firmware and binaries

Duesseldorf, 18 March 2024 – Binary executables require typically significant time and effort to analyse for vulnerabilities. The European company ONEKEY headquartered in Duesseldorf/ Germany, took on this challenge with a simple mission statement and successfully solved it. “Our goal for efficient detection of zero-day vulnerabilities in executable binaries was very simple: just upload these files to our platform and get a list of vulnerabilities within minutes. The implementation was technically challenging, but now our ONEKEY Product Cybersecurity & Compliance Platform can analyse these complex file types also for unknown, so-called zero-day, vulnerabilities,” says Jan Wendenburg, CEO of product cybersecurity specialist ONEKEY. As a provider of a product cybersecurity & compliance platform, the company is specialised in detecting vulnerabilities in IoT and OT devices. Using the new functionality, the ONEKEY team has already identified many vulnerabilities, including many zero-days. The vulnerability information is passed on to the respective manufacturers in accordance with ONEKEY’s coordinated disclosure policy, so that the affected vendors will be able to fix the vulnerabilities in their products as quickly as possible. As a CVE Numbering Authority (CNA), ONEKEY is authorised to assign CVE IDs to the discovered vulnerabilities.

The ONEKEY platform not only analyses vulnerabilities but also generates a digital software bill of materials (SBOM). The SBOM facilitates vulnerability management, including automated impact assessment, and helps IoT/OT device manufacturers comply with existing and upcoming laws, such as the Cyber Resilience Act.

Detect and fix critical vulnerabilities

ONEKEY’s Product Cybersecurity & Compliance Platform (PCCP) already supports a variety of firmware formats with its unique and proprietary firmware extraction technology named “unblob”. Last year, the team released a static code analysis feature that focused on scripting languages (PHP, Python, Lua) and uncovered security issues in several embedded devices. This enables ONEKEY to identify different classes of vulnerabilities including but not limited to command injections, SQL injections, or path traversals.

“Despite our successes to date – numerous security vulnerabilities in devices from a variety of manufacturers – there was one last hurdle that we and our development team were determined to overcome: Analysing executable binaries for zero-day vulnerabilities. We were already able to extract detailed information about these binaries – such as imported libraries or binary hardening features. The new approach allows vendors to identify vulnerabilities, that are commonly exploited by hackers, in a very efficient and low effort way and to significantly improve the security posture of their devices by fixing these issues” explains Jan Wendenburg, CEO of ONEKEY.

Easy usability
The ONEKEY platform takes care of the selection of the binary files to be analysed to relieve users of this responsibility. Only those files that can be assumed to be part of the device’s attack surface are analysed. Taint analysis ensures that the reported results are valid and represent potential security risks. This programme analysis technique is used to detect malicious software and security vulnerabilities. “Thanks to the depth of the analysis, we identify command injection, format strings, and buffer overflow vulnerabilities and many others. We are committed to extend this detection capabilities and our focus is always on identifying and focusing on the really relevant vulnerabilities – it has never been easier to identify security gaps in devices with digital elements,” concludes Jan Wendenburg of ONEKEY.

See the latest ONEKEY blog post for more information on this new feature: https://onekey.com/blog/binary-static-analysis-the-final-frontier/

Recently, ONEKEY was able to provide evidence of possible remote command execution in Cisco Access Point WAP products using this technology – ONEKEY reports the case in a Security Advisory.