Nowadays, software is everywhere: although being very flexible, it is also exposed to attacks, meaning that there’s the need for more secure software. This is even more important in the IoT framework, where software is at the basis of the operation of many devices, and where the number of active IoT devices globally is expected to grow from 7.6 billion in 2019 to 24.1 billion in 2030 (more than three times!).
Binare is a recent deep-tech cybersecurity spinoff from University of Jyvaskyla in Finland. The company develops advanced automated solutions for (I)IoT cybersecurity with particular focus on IoT Firmware Analysis.
In the IoT-SESOD (SEcurity SOftware Data) experiment, Binare wanted to create an ultimate software security platform to analyse software and firmware, focussing on IoT and industrial IoT software and firmware. The goal? Notify users and vendors of those services in case of security breaches.
SBoMs goes to software as nutritional facts to ingredients.
To test the solution, Binare selected 215 vendors, who provided a variety of 178 devices (such as cameras, routers, and electric chargers); from those, Binare was able to collect 14k firmware files. The infrastructure could be scaled thanks to the Cloud Infrastructure provided by EGI, through which the SME processed 12,8 M files, summing up to over 1445 GB size.
The dataset helped identify the top frequent vulnerabilities and allowed the device vendors to fix them and prevent new ones.
Watch the video explaining the experiment in detail: