"A Long-Awaited IoT Reverse Engineering Tool Is Finally Here"

Ang Cui, an embedded device security researcher, previewed a tool for analyzing firmware at the 2012 DefCon security conference in Las Vegas. Firmware is the foundational software that supports any computer and coordinates between hardware and software. The tool was created specifically for Internet of Things (IoT) device firmware and the compiled "binaries" that run on anything from a home printer to an industrial door controller. The Firmware Reverse Analysis Console (FRAK) was designed to reduce overhead, so security researchers could focus more on assessing the constantly changing and growing population of vulnerable embedded devices rather than getting bogged down with reverse engineering preparation work. Cui promised that the tool would be open source and free to use. In 2012, Cui explained that FRAK would be useful for gaining insight into how an embedded device works, whether it has vulnerabilities, and how to protect such devices from exploitation. A decade later, Cui and his company, Red Balloon Security, are launching Ofrak, also called OpenFRAK. Red Balloon Security continued to refine and expand the platform for internal use in its work with IoT device makers as well as customers who require a high level of security from the embedded devices they purchase and deploy. According to Jacob Strieb, a software engineer at Red Balloon Security, the company has always used FRAK in its workflow, but Ofrak is a revamped and streamlined version. Ofrak is said to be a neutral investigative framework designed to integrate with other platforms for easier collaboration among multiple people. It is useful for independent researchers looking to break into the black box of embedded devices as well as manufacturers wanting to evaluate their own products and play a larger role in patch development and distribution. This article continues to discuss the firmware analysis platform Ofrak.

Wired reports "A Long-Awaited IoT Reverse Engineering Tool Is Finally Here"