EEJournal

industry news
Subscribe Now
August 4, 2022

ONEKEY redefines IoT Security with UNBLOB

ONEKEY open sources its high-performance firmware extraction suite

Düsseldorf/Germany, August 4, 2022 – With the open-source release of the new binary extraction suite “UNBLOB”, ONEKEY provides a core component of its automated firmware security analysis platform to the infosec community. This will set a new milestone in the battle to raise security to a new level in the field of industrial control and production systems and connected devices.

UNBLOB is an accurate, fast, and easy-to-use extraction suite. UNBLOB parses unknown binary code or data blobs for many different archive, compression, and file-system formats, extracts their content recursively. With UNBLOB, software can be extracted down to the smallest details and presented transparently. “UNBLOB is the perfect tool for extracting and analyzing firmware binary code. In today’s connected world, billions of IoT devices, each with its own individual firmware, are in use. If vulnerable, each one poses a risk to the entire surrounding infrastructure. Through the release of UNBLOB, we empower professional security researchers and security experts around the world to uncover vulnerabilities in industrial and other products and infrastructures contributing to improve the security level of industrial systems and smart devices,” says Jan Wendenburg, CEO of ONEKEY.

Global access to IoT security
ONEKEY operates the leading European platform for automated security, compliance, and software supply chain analysis of IoT, industrial IoT (IIoT), and manufacturing (OT) devices. To do this, ONEKEY automatically constructs a digital twin based on the device’s firmware image, builds a Software Bill of Materials (SBoM) of the software components it contains, and analyzes it for vulnerabilities and configuration issues which could be exploited by hackers. “We want to give experts and interested companies worldwide access to high-performance security tools, enabling the highest possible level of IoT security. Open source is the fastest and strongest community with the will to improve technology. We want to walk the path together with the experts worldwide and therefore deliberately involve them to provide the best tools for software analysis,” continues Jan Wendenburg of ONEKEY. For companies that do not have their own in-depth expert knowledge, ONEKEY offers a comprehensive full-service solution. With this, anyone can independently inspect firmware for critical security vulnerabilities and compliance violations without needing source code, device, or network access.

Crowdsourcing for improved IoT security
UNBLOB open-source software is targeted at professional security researchers and security experts who have the necessary capabilities of analyzing or reverse engineering firmware images. Firmware images are usually distributed as BLOBs (Binary Large Objects) in binary form and therefore cannot be read or analyzed in conventional ways. In addition to providing built-in extraction capabilities for many different archive, compression, and file-system formats, UNBLOB highlights the structure of the firmware and supplies an extensible and ready-to-use framework to add extraction capabilities for custom formats in a matter of hours. “We actively support the development of an international community of security experts focused on analysis and security of IoT facilities. Remaining the weakest link in many ICT infrastructures, (I)IoT and OT devices have emerged as a lucrative target for threat actors. Securing these devices and making them resilient to cyber-attacks is a must-have on our way to strengthening our global digital infrastructure,” Wendenburg sums up.

Open sourcing UNBLOB will be accompanied by comprehensive demonstrations at two of the most renowned hacker conferences. Quentin Kaiser will present UNBLOB’s capabilities at the upcoming Black Hat Arsenal and DEF CON Demo Labs in Las Vegas. He will be accompanied by Florian Lukavsky and both are looking forward to technical deep dives with the experts.

Please visit www.unblob.org for more information and further documentation about UNBLOB.

About ONEKEY:
ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for industrial (IIoT), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of the devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, completely without source code, device or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors and users of IoT technology to quickly and automatically check security and compliance before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Leave a Reply

featured blogs
Don’t Tell Me the Contents Have Settled!
Jul 25, 2025
Manufacturers cover themselves by saying 'Contents may settle' in fine print on the package, to which I reply, 'Pull the other one'”it's got bells on it!'...
More from Max's Cool Beans...

Libby's Lab

Libby's Lab Scopes out Texas Instruments AMC0311s Precision Isolated Amplifier

Sponsored by Mouser Electronics and Texas Instruments

Join Libby and Demo in this episode of “Libby’s Lab” as they explore the Texas Instruments AMC0311s Precision Isolated Amplifiers, available at Mouser.com! These amplifiers are great for protecting sensitive circuits in high-power applications. Keep your circuits charged and your ideas sparking!

Click here for more information about Texas Instruments AMC0x11S Precision Isolated Amplifier

featured chalk talk

Machine Learning on the Edge
Sponsored by Mouser Electronics and Infineon
Edge machine learning is a great way to allow embedded devices to run applications that can collect sensor data and locally process that data. In this episode of Chalk Talk, Amelia Dalton and Clark Jarvis from Infineon explore how the IMAGIMOB Studio, ModusToolbox™ Software, and PSoC and AURIX™ microcontrollers can help you develop a custom machine learning on the edge application from scratch. They also investigate how the IMAGIMOB Studio can help you easily develop and deploy AI/ML models and the benefits that the PSoC™ 6 Artificial Intelligence Evaluation Kit will bring to your next machine learning on the edge application design process.
Click here for more information about Infineon Technologies CY8CKIT-062S2-AI PSoC™ 6 AI Evaluation Kit
Aug 12, 2024
56,398 views