IT Security: New Automated Zero-Day Security Analysis For Binary Executable Files!

  • New automated vulnerability analysis of executable binaries via simple plug’n’play process
  • ONEKEY’s Product Cybersecurity & Compliance Platform provides automated analysis for a wide range of firmware and binaries

Duesseldorf, 18 March 2024 – Binary executables require typically significant time and effort to analyse for vulnerabilities. The European company ONEKEY headquartered in Duesseldorf/ Germany, took on this challenge with a simple mission statement and successfully solved it. “Our goal for efficient detection of zero-day vulnerabilities in executable binaries was very simple: just upload these files to our platform and get a list of vulnerabilities within minutes. The implementation was technically challenging, but now our ONEKEY Product Cybersecurity & Compliance Platform can analyse these complex file types also for unknown, so-called zero-day, vulnerabilities,” says Jan Wendenburg, CEO of product cybersecurity specialist ONEKEY. As a provider of a product cybersecurity & compliance platform, the company is specialised in detecting vulnerabilities in IoT and OT devices. Using the new functionality, the ONEKEY team has already identified many vulnerabilities, including many zero-days. The vulnerability information is passed on to the respective manufacturers in accordance with ONEKEY’s coordinated disclosure policy, so that the affected vendors will be able to fix the vulnerabilities in their products as quickly as possible. As a CVE Numbering Authority (CNA), ONEKEY is authorised to assign CVE IDs to the discovered vulnerabilities.

The ONEKEY platform not only analyses vulnerabilities but also generates a digital software bill of materials (SBOM). The SBOM facilitates vulnerability management, including automated impact assessment, and helps IoT/OT device manufacturers comply with existing and upcoming laws, such as the Cyber Resilience Act.

Detect and fix critical vulnerabilities

ONEKEY’s Product Cybersecurity & Compliance Platform (PCCP) already supports a variety of firmware formats with its unique and proprietary firmware extraction technology named “unblob”. Last year, the team released a static code analysis feature that focused on scripting languages (PHP, Python, Lua) and uncovered security issues in several embedded devices. This enables ONEKEY to identify different classes of vulnerabilities including but not limited to command injections, SQL injections, or path traversals.

“Despite our successes to date – numerous security vulnerabilities in devices from a variety of manufacturers – there was one last hurdle that we and our development team were determined to overcome: Analysing executable binaries for zero-day vulnerabilities. We were already able to extract detailed information about these binaries – such as imported libraries or binary hardening features. The new approach allows vendors to identify vulnerabilities, that are commonly exploited by hackers, in a very efficient and low effort way and to significantly improve the security posture of their devices by fixing these issues” explains Jan Wendenburg, CEO of ONEKEY.

Easy usability
The ONEKEY platform takes care of the selection of the binary files to be analysed to relieve users of this responsibility. Only those files that can be assumed to be part of the device’s attack surface are analysed. Taint analysis ensures that the reported results are valid and represent potential security risks. This programme analysis technique is used to detect malicious software and security vulnerabilities. “Thanks to the depth of the analysis, we identify command injection, format strings, and buffer overflow vulnerabilities and many others. We are committed to extend this detection capabilities and our focus is always on identifying and focusing on the really relevant vulnerabilities – it has never been easier to identify security gaps in devices with digital elements,” concludes Jan Wendenburg of ONEKEY.

See the latest ONEKEY blog post for more information on this new feature:

Recently, ONEKEY was able to provide evidence of possible remote command execution in Cisco Access Point WAP products using this technology – ONEKEY reports the case in a Security Advisory.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150