We are glad to announce that our automated firmware analysis platform now finds unknown zero-day vulnerabilities (0-Day) to prevent zero-day attacks in cybersecurity. This new detection capabilities is a big leap towards automated security for connected devices and Industrial Control Systems.
Any zero-day exploit is an immense danger for operators and producers of connected devices. If found and hacked, a zero-day exploit can risk a whole companies’ fortune. Our development team has finally managed to create the future of automated detection to uncover such unknown zero-day vulnerabilities for connected devices, smart products and infrastructures and makes a huge step in product cybersecurity possible – adding a massive step into future software cybersecurity.
Finding unknown software vulnerabilities is mostly a manual, time- and resource consuming task. Today’s automated vulnerability detection solutions typically search for files and patterns with known vulnerabilities. There are large, publicly available databases for software vulnerabilities to simplify software development, testing and related security.
The “holy grail” on product cybersecurity is to find unknown zero-day vulnerabilities in a fully automated way. This would lead to significantly more secure software and significantly less probability of misuse or being hacked – while reducing development time and resources.
ONEKEY’s new automated detection capabilities have already uncovered multiple critical zero-day vulnerabilities that lead to remote code execution in IoT and OT devices – only by feeding the binary firmware image into the ONEKEY firmware analysis platform. Based on the binary analysis, the software gives clear results about critical security issues and hints for the appropriate elimination. It also generates automatically a SBOM (Software Bill of Materials) as it will be required by the EU authorities soon. Find more about secure supply chains in our latest Whitepaper “Tackling software supply chain with IEC62443 and SBOM”.
The ONEKEY platform extracts the firmware automatically, attack surface is mapped automatically, entry points for attackers are identified automatically and dangerous functions, which can be exploited by attackers, are evaluated and verified so that only the relevant ones are highlighted. Everything provided with actionable advice & pinpointing to affected areas in the firmware application.
The new detection capabilities have uncovered already multiple unknown, zero-day vulnerabilities. Based on ONEKEY’s responsible disclosure policy, the device producer not yet working with ONEKEY will be informed confidentially. After the industry standard 90 days grace period, vulnerability results will be published to the public in detailed cybersecurity advisories.
The new automated zero-day detection capabilities marking only the beginning of a new era – to support an increased discovery rate of critical zero-day vulnerabilities in IoT and OT devices, ONEKEY registered as CNA (CVE Numbering Authority) to better support responsible disclosure processes with producers and contribute to securing the Internet of Things.
Read the press release “ONEKEY announces automated detection of zero-day vulnerabilities”
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150