Connect with us

Hi, what are you looking for?


Cloud Security

Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push

Microsoft’s aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer.

Microsoft’s aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer.

Financial terms of the deal were not disclosed. ReFirm Labs, a four-year-old startup based in Maryland, raised $3.5 million in two rounds of early-stage venture capital funding.

According to Microsoft’s David Weston, the ReFirm Labs technology will be offered as a feature in the Azure Defender for IoT product.

The Refirm Labs deal comes exactly a year after Microsoft snapped up CyberX, an IoT security company that provides a digital map of thousands of devices scattered throughout modern organizations.

[ SEE: Microsoft: Firmware Attacks Outpacing Security Investments ]

In an interview with SecurityWeek, Weston said the two transactions fit perfectly to provide visibility and manageability to the custom operating systems and firmware that currently ship on smart light bulbs, printers and other always-connected devices.

“These two fit together perfectly,” Weston said. “For example, CyberX can determine if someone is trying to brute-force the SSH service on your device.  ReFirm will tell you if that SSH service has a predictable password, whether or not it has ASLR turned on and whether or not OpenSSL actually has a CVE.”

For Microsoft, a company with a $5 billion bet on IoT, securing the layers below the operating system takes on new urgency and Weston said battle-tested Windows Update mechanism will play a key part in remediating firmware vulnerabilities.

Advertisement. Scroll to continue reading.

“We took Windows Update and we’re pivoting it to IoT and the intelligent edge. So, say manufacturers get pinged by customers, they’ll have to move to a ‘Patch Tuesday’ emotion because customers can actually scan the firmware themselves.”

SEETrickBot Malware Can Scan Systems for Firmware Vulnerabilities ]

“Device builders are gonna need to come on board before they even ship it to the customer, to make sure it meets any basic security promise.  And we have a device updating mechanism to keep that promise going,” Weston added.

In a statement announcing the acquisition, Microsoft said it was imperative to fix firmware security problems as billions of intelligent, cloud-connected devices flood the market and expand the available attack surface. 

“You will get pwned from a vulnerability in one of these IoT devices.  It’s already happening,” Weston declared.

ReFirm is well known for the Binwalk open-source software, which has been used to analyze thousands of device types for firmware security issues, uncovering unpatched common vulnerabilities and exposures (CVEs), insecure secrets, and a multitude of other security problems in plugin IoT devices and embedded firmware. 

Related: Tenable Acquires OT Security Firm Indegy for $78 Million

Related: Rockwell Automation to Acquire Cybersecurity Firm Avnet

Related: Dragos Acquires NexDefense, Releases Free ICS Assessment Tools

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...