Düsseldorf, July 04, 2022 – With the open-source release of the new binary extraction suite “UNBLOB”, ONEKEY provides a core component of its automated firmware security analysis platform to the infosec community. This will set a new milestone in the battle to raise security to a new level in the field of industrial control and production systems and connected devices. UNBLOB is an accurate, fast, and easy-to-use extraction suite. UNBLOB parses unknown binary code or data blobs for many different archive, compression, and file-system formats, extracts their content recursively. With UNBLOB, software can be extracted down to the smallest details and presented transparently. “UNBLOB is the perfect tool for extracting and analyzing firmware binary code. In today’s connected world, billions of IoT devices, each with its own individual firmware, are in use. If vulnerable, each one poses a risk to the entire surrounding infrastructure. Through the release of UNBLOB, we empower professional security researchers and security experts around the world to uncover vulnerabilities in industrial and other products and infrastructures contributing to improve the security level of industrial systems and smart devices,” says Jan Wendenburg, CEO of ONEKEY.
ONEKEY operates the leading European platform for automated security, compliance, and software supply chain analysis of IoT, industrial IoT (IIoT), and manufacturing (OT) devices. To do this, ONEKEY automatically constructs a digital twin based off the device’s firmware image, builds a Software Bill of Materials (SBoM) of the software components it contains, and analyzes it for vulnerabilities and configuration issues which could be exploited by hackers. “We want to give experts and interested companies worldwide access to high-performance security tools, enabling the highest possible level of IoT security. Open source is the fastest and strongest community with the will to improve technology. We want to walk the path together with the experts worldwide and therefore deliberately involve them to provide the best tools for software analysis,” continues Jan Wendenburg of ONEKEY. For companies that do not have their own in-depth expert knowledge, ONEKEY offers a comprehensive full-service solution. With this, anyone can independently inspect firmware for critical security vulnerabilities and compliance violations without needing source code, device, or network access.
UNBLOB open-source software is targeted at professional security researchers and security experts who have the necessary capabilities of analyzing or reverse engineering firmware images. Firmware images are usually distributed as BLOBs (Binary Large Objects) in binary form and therefore cannot be read or analyzed in conventional ways. In addition to providing built-in extraction capabilities for many different archive, compression, and file-system formats, UNBLOB highlights the structure of the firmware and supplies an extensible and ready-to-use framework to add extraction capabilities for custom formats in a matter of hours. “We actively support the development of an international community of security experts focused on analysis and security of IoT assets. Remaining as the weakest link in many ICT infrastructures (I)IoT and OT devices have emerged as a lucrative target for threat actors. Securing these devices and making them resilient to cyber-attacks is a must-have on our way to strengthening our global digital infrastructure,” Wendenburg sums up. Open sourcing UNBLOB will be accompanied by comprehensive demonstrations at two of the most renowned hacker conferences. Quentin Kaiser will present UNBLOB’s capabilities at the upcoming Black Hat Arsenal and DEF CON Demo Labs in Las Vegas. He will be accompanied by Florian Lukavsky and both are looking forward on technical deep dives with the experts.
Please visit www.unblob.org for more information and further documentation about UNBLOB.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management. The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
Integrated compliance checking already covers the upcoming EU Cyber Resilience Act and existing requirements according to IEC62443-4-2, EN303645, UNR155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150