In December 2022, the discovery of moderate to severe vulnerabilities in baseboard management controllers (BMCs) used by 15 different vendors raised concerns about firmware flaws. Firmware, which resides closer to the hardware level, is often difficult to detect and address vulnerabilities since traditional security scanners cannot reach it. Furthermore, breaching a single firmware component can provide attackers with access to entire networks, making these vulnerabilities a significant threat.
Bootkits and rootkits like BlackLotus, CosmicStrand, and MoonBounce have heightened the risk at the firmware level, despite the implementation of firmware security measures in operating systems like Windows 11. This expanding attack surface underscores the urgency to find effective solutions.
Recognizing the high stakes and challenges associated with firmware vulnerabilities, Binarly emerged as a potential game-changer. Binarly is a finalist in the Black Hat USA Startup Spotlight Competition and has developed a binary analysis tool that aims to uncover both known and unknown vulnerabilities in firmware. Moreover, the technology can assess the accuracy and thoroughness of software bills of materials (SBOMs) to identify linked dependencies.
Alex Matrosov, the founder and CEO of Binarly, emphasizes the need to address supply chain security at scale and detect signs of tampering and firmware implantation. Binarly believes in automation and employs AI/ML techniques to identify and mitigate attack surfaces below the operating system. Instead of relying on signature-based detection, Binarly’s approach involves analyzing code to uncover previously unknown vulnerabilities.
The company utilizes machine learning to study known vulnerability classes, identify similar code portions, classify discovered vulnerabilities, and predict their exploitability. This deep vulnerability analysis provides valuable insights by highlighting vulnerable code snippets, as shown in Binarly’s figure.
One key aspect of Binarly’s approach is to prevent products from being released with vulnerabilities. By integrating their analysis tools into the development process, Binarly aims to reduce incident response impact on both their clients and downstream customers. To facilitate this, Binarly hosts FwHunt, a platform that allows developers to upload their firmware for scanning.
Matrosov highlights the platform’s capabilities in identifying various classes of issues and expediting the vulnerability identification and resolution process. In 2021, Binarly leveraged its platform to identify and disclose over 320 high-impact vulnerabilities in firmware. The company’s focus is now on productizing their research to help security professionals and developers understand vulnerabilities and their remediation.
Binarly, along with three other startups, Mobb, Endor Labs, and Gomboc, will present their business models at the Black Hat Startup Spotlight event. The event provides an opportunity for these startups to showcase their innovative approaches to cybersecurity.
Aside from its technical expertise, Binarly has put a unique twist on its name. The company derives its name from founder Alex Matrosov’s passion for surfing. Combining “binary analysis” and the slang term “gnarly” (which refers to large, difficult, and dangerous waves), Binarly signifies its intention to tackle complex and challenging firmware-related problems.
To further engage with the cybersecurity community, Binarly offers swag and demonstrations of the vulnerabilities it has discovered. Additionally, Matrosov will be signing copies of his book, “Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats,” which he co-authored with Intel senior security researcher Eugene Rodionov and DARPA Information Innovation Office program manager Sergey Bratus.
Binarly was founded on April 13, 2021, and has already secured seed funding of $3.6 million. The company currently has 16 employees dedicated to advancing their mission of securing firmware and enhancing supply chain security.
In conclusion, Binarly’s binary analysis tool and platform aim to revolutionize the way security professionals and developers address firmware vulnerabilities. By leveraging AI/ML techniques, Binarly can detect and mitigate attack surfaces below the operating system, contributing to a more secure and resilient cybersecurity landscape. With their innovative approach and commitment to transparency, Binarly is poised to make a significant impact in the fight against firmware flaws.