industry news
Subscribe Now

ONEKEY redefines IoT Security with UNBLOB

ONEKEY open sources its high-performance firmware extraction suite

Düsseldorf/Germany, August 4, 2022 – With the open-source release of the new binary extraction suite “UNBLOB”, ONEKEY provides a core component of its automated firmware security analysis platform to the infosec community. This will set a new milestone in the battle to raise security to a new level in the field of industrial control and production systems and connected devices.

UNBLOB is an accurate, fast, and easy-to-use extraction suite. UNBLOB parses unknown binary code or data blobs for many different archive, compression, and file-system formats, extracts their content recursively. With UNBLOB, software can be extracted down to the smallest details and presented transparently. “UNBLOB is the perfect tool for extracting and analyzing firmware binary code. In today’s connected world, billions of IoT devices, each with its own individual firmware, are in use. If vulnerable, each one poses a risk to the entire surrounding infrastructure. Through the release of UNBLOB, we empower professional security researchers and security experts around the world to uncover vulnerabilities in industrial and other products and infrastructures contributing to improve the security level of industrial systems and smart devices,” says Jan Wendenburg, CEO of ONEKEY.

Global access to IoT security
ONEKEY operates the leading European platform for automated security, compliance, and software supply chain analysis of IoT, industrial IoT (IIoT), and manufacturing (OT) devices. To do this, ONEKEY automatically constructs a digital twin based on the device’s firmware image, builds a Software Bill of Materials (SBoM) of the software components it contains, and analyzes it for vulnerabilities and configuration issues which could be exploited by hackers. “We want to give experts and interested companies worldwide access to high-performance security tools, enabling the highest possible level of IoT security. Open source is the fastest and strongest community with the will to improve technology. We want to walk the path together with the experts worldwide and therefore deliberately involve them to provide the best tools for software analysis,” continues Jan Wendenburg of ONEKEY. For companies that do not have their own in-depth expert knowledge, ONEKEY offers a comprehensive full-service solution. With this, anyone can independently inspect firmware for critical security vulnerabilities and compliance violations without needing source code, device, or network access.

Crowdsourcing for improved IoT security
UNBLOB open-source software is targeted at professional security researchers and security experts who have the necessary capabilities of analyzing or reverse engineering firmware images. Firmware images are usually distributed as BLOBs (Binary Large Objects) in binary form and therefore cannot be read or analyzed in conventional ways. In addition to providing built-in extraction capabilities for many different archive, compression, and file-system formats, UNBLOB highlights the structure of the firmware and supplies an extensible and ready-to-use framework to add extraction capabilities for custom formats in a matter of hours. “We actively support the development of an international community of security experts focused on analysis and security of IoT facilities. Remaining the weakest link in many ICT infrastructures, (I)IoT and OT devices have emerged as a lucrative target for threat actors. Securing these devices and making them resilient to cyber-attacks is a must-have on our way to strengthening our global digital infrastructure,” Wendenburg sums up.

Open sourcing UNBLOB will be accompanied by comprehensive demonstrations at two of the most renowned hacker conferences. Quentin Kaiser will present UNBLOB’s capabilities at the upcoming Black Hat Arsenal and DEF CON Demo Labs in Las Vegas. He will be accompanied by Florian Lukavsky and both are looking forward to technical deep dives with the experts.

Please visit www.unblob.org for more information and further documentation about UNBLOB.

About ONEKEY:
ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for industrial (IIoT), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of the devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, completely without source code, device or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors and users of IoT technology to quickly and automatically check security and compliance before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Leave a Reply

featured blogs
Aug 18, 2022
It takes the proverbial village to build complex chips and systems these days. Imagination and Cadence are critical parts of the ecosystem that build many of the technologies that make our life as consumers more productive, comfortable, and safe. In my career, I had run into ...
Aug 17, 2022
Learn about digital twins and their impact on the automotive industry, including earlier development and testing for automotive SoCs, ADAS, ECUs, and more. The post Driving the Future of Innovation in Automotive with Digital Twins for Electronic Systems Development appeared ...
Jul 27, 2022
It's easy to envisage a not-so-distant future when sophisticated brain-computer interfaces become available for general-purpose infotainment use....

featured video

Making Cars Safe, Secure, and Reliable

Sponsored by Cadence Design Systems

Cadence has worked closely with customers to meet the challenges of designing and verifying automotive components, subsystems, and entire systems. A holistic design approach ensures that the vehicle meets performance requirements while adhering to automotive quality, safety, and security standards early in the design cycle. Discover Cadence innovations specifically around CFD and thermal, system analysis, PCB/ECU design, processor IP, system verification, functional safety and 3D-IC design.

Click here to learn more

featured chalk talk

Expanding SiliconMAX SLM to In-Field

Sponsored by Synopsys

In order to keep up with the rigorous pace of today’s electronic designs, we must have visibility into each step of our IC design lifecycle including debug, bring up and in-field operation. In this episode of Chalk Talk, Amelia Dalton chats with Steve Pateras from Synopsys about in-field infrastructure for silicon lifecycle management, the role that edge analytics play when it comes to in-field optimization, and how cloud analytics, runtime agents and SiliconMAX sensor analytics can provide you more information than ever before for the lifecycle of your IC design.

Click here for more information about SiliconMAX Silicon Lifecycle Management