If it’s not in the manifest, most tools won’t catch it. But unreferenced or outdated components can still be present & exploitable.

Watch this clip from our latest webinar to learn more, & catch the full conversation here 👉 https://info.finitestate.io/the-future-of-iot-security
#FirmwareSecurity #IoTSecurity

Critical vulnerabilities exploited! Learn how to protect your networks. #VulnerabilityDisclosure #FirmwareSecurity #MitigationStrategies https://redoracle.com/News/Critical-Exploited-Vulnerabilities-Threatening-Networks.html

Most #SBOM tools rely on declarations.

Finite State looks at what’s actually on the device & how it behaves.

📽️ Catch this moment from our webinar to see how execution-aware analysis changes the game.

https://info.finitestate.io/the-future-of-iot-security

#FirmwareSecurity #VulnerabilityManagement

Two days until #BSidesBoulder25 and only 15 tickets remain! Today we highlight, two #BSidesBoulder25 talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel).

Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server.

Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey.

#BSides #BSidesBoulder #CyberSecurity #Quishing #Smishing #MobileSecurity #PhishingDefense #HardwareHacking #FirmwareSecurity

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

Missed our webinar last week?

Watch the on-demand recording of “The Future of IoT Security – A Modern Approach to Scanning” now → https://info.finitestate.io/the-future-of-iot-security

#IoTSecurity #SBOM #FirmwareSecurity #CyberResilience #ProductSecurity #DevSecOps #PenTesting

We're honored to be featured in Omdia’s latest report spotlighting the leaders in firmware & #SoftwareSupplyChainSecurity 🎉

Read the full report to explore what sets us apart 👉 https://omdia.tech.informa.com/om129716/omdia-market-radar-firmware-and-software-supply-chain-security-2025

#ProductSecurity #SBOM #IoTSecurity #FirmwareSecurity #Omdia

Traditional tools miss the real IoT risks.

We’re breaking it all down in our next webinar: The Future of IoT Security https://lnkd.in/g8-ntqY5

Cue Larry Pesce, VP of Services, & unofficial 👑 of webinars, to tell you more.

#IoTSecurity #SupplyChainSecurity #FirmwareSecurity

What does it really take to build secure, auditable firmware today?

In the latest episode of Nerding Out with Viktor, I sat down with Joshua Watt (Garmin) and Ross Burton (ARM) to dig into how the Yocto Project, SBOMs, and SPDX 3.0 are changing how we ship and maintain embedded Linux at scale.

We get into:
*Why SBOMs need to be generated at build-time, not after
*How SPDX 3.0 helps with license clarity and deep package tracking
*Why VEX metadata matters when it’s time to triage real vulnerabilities
*Build determinism, OTA failures, and surviving 15-year product lifecycles
*What the Cyber Resilience Act means for your toolchain

Whether you’re deep in firmware or just trying to ship connected products without getting buried in compliance debt, this one’s worth a listen.

Listen here: https://vpetersson.com/podcast/S02E09.html

#Yocto #EmbeddedLinux #SBOM #SPDX #FirmwareSecurity

BIOS level hacking has always been one of the stealthiest and most dangerous forms of attack. Operating beneath the OS, malware embedded in firmware can survive drive wipes and reinstalls. While rare, these attacks are very real. From state actors using BIOS implants for espionage to researchers demonstrating how firmware can be weaponized, this layer is often ignored until it is too late. Projects like Libreboot and Coreboot aim to replace proprietary firmware with open alternatives, giving users more control and reducing the risk of hidden vulnerabilities.

#FirmwareSecurity #BIOSHacking #Coreboot #Libreboot #CyberSecurity #LowLevelThreats #OpenSourceSecurity

🚀 BLU: The Smart Solution for Embedded Bootloader Upgrades 🛠️

🔗 Read more: https://piembsystech.com/bootloader-updater-blu/

#EmbeddedSystems #Bootloader #FirmwareUpdates #AutomotiveECU #IoT #IndustrialAutomation #SecureFirmware #CANProtocol #OverTheAirUpdates #EmbeddedSoftware #Piembsystech #OpenSourceLearning #Microcontrollers #FirmwareSecurity #CANFD #IoTDevices #LinuxEmbedded #RealTimeSystems #HILTesting #EmbeddedNetworking #AutomotiveCyberSecurity #FirmwareDevelopment #MicrocontrollerProgramming #OTAUpdates

Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them.

Vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems.

➡️https://www.pentestpartners.com/security-blog/backdoor-in-the-backplane-doing-ipmi-security-better/

#IPMI #CyberSecurity #BMCsecurity #Supermicro #VulnerabilityManagement #FirmwareSecurity

🔒 Secure & Immutable: The Role of ROM Bootloaders in Embedded Systems
🔗 Read more on Piembsystech: https://piembsystech.com/rom-bootloader/

📖 Piembsystech – The Open Source Learning Platform for engineers, professionals, and students. Share knowledge, explore tech, and grow together! 🚀

#EmbeddedSystems #Bootloader #FirmwareSecurity #AutomotiveTech #IoT #Piembsystech #Cybersecurity #SecureBoot

@novacustom

Grateful to NovaCustom for their generous financial contribution and collaboration to integrate Heads firmware into their hardware offerings.

This partnership highlights the growing adoption of Heads as a trusted solution for secure boot verification and tamper detection.

Looking to adapt Heads to your specific needs? Explore our consultation services: https://osresearch.net/Consultation-Services/

Want hardware preflashed with Heads? Check out our trusted vendors: https://osresearch.net/Vendors/

#OpenSource #FirmwareSecurity #Heads #linuxboot #firmware #cybersecurity #qubesos #linux #security #coreboot

Rehost embedded ARM firmware at near-native speeds! Lukas Seidel (@pr0me) introduces SAFIREFUZZ, achieving 690x fuzzing throughput with ARM Cortex-M firmware. Dive into instruction rewriting, emulation, and performance gains. https://re-verse.sessionize.com/session/784004 #REverse2025 #Fuzzing #FirmwareSecurity

Bootkits: the ultimate stealth threat. Takahiro Haruyama shares cutting-edge techniques to detect UEFI implants with code behavior analysis, YARA/FwHunt rules, and retrohunts. Learn how 6 new bootkits were uncovered! https://re-verse.sessionize.com/session/776242 #REverse2025 #FirmwareSecurity #UEFI

Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html

#firmwaresecurity #baseband #pixel9 #mobilesecurity #exploitmitigation #cybersecurity

🎤 Announcing Stuart Yoder's talk at Dasharo vPub: "Security Assessment on Arm Platforms"!

As a System Architect at Arm, Stuart will share insights into security assessments across Arm-based hardware. Considering tools like LFVS HSI and Chipsec, he will discuss ongoing efforts to enhance security evaluation techniques.

🗓️ Sep 12, 20:00 UTC

📄 More info: https://buff.ly/3ZbZSTe
🎟️ Sign up: https://buff.ly/47dBUJk

#Dasharo #Arm #Security #Firmware #CyberSecurity #Chipsec #FirmwareSecurity

🎤 Excited to announce @zaolin 's demo at Dasharo vPub: "@binarly_io Risk Hunt: Finding Firmware Vulnerabilities in the Wild!"

Philipp will showcase the latest updates to Binarly's Risk Hunt platform and demonstrate its capabilities for analyzing and identifying vulnerabilities in various firmware images.

🗓️ Sep 12, 19:00 UTC

📄 More info: https://buff.ly/4dPT6af
🎟️ Sign up: https://buff.ly/47dBUJk

#Dasharo #FirmwareSecurity #Binarly #RiskHunt #CyberSecurity #Firmware

@dmnk and I wrote about how to incrementally adopt rust in existing firmware/bare-metal code bases.

https://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html

#rust #firmwaresecurity #embeddedsecurity #cybersecurity #infosec #memorysafety

Check out Krystian Hebel's latest blog post on the 3mdeb site, detailing how the TwPM (Trustworthy Platform Module) is tested. This in-depth article covers the project's progress, testing methodologies, and future goals. It’s a must-read for anyone interested in open-source firmware, hardware security, and TPM technology.

https://blog.3mdeb.com/2024/2024-01-31-twpm-testing/

#TwPM #TPM #FirmwareSecurity #3mdeb #OpenSource #HardwareSecurity #Testing