Upgrading in the war against cybercriminals with expanded protection from zero-day attacks
Düsseldorf/Germany – ONEKEY, a company specializing in the security of industrial control systems and IoT devices, is responding to the increasing activity of criminal hackers with its new software release. ONEKEY offers an extensive software-supported automated analysis of binary code to detect previously unknown vulnerabilities, especially the so-called zero-day vulnerabilities. ONEKEY’s automated firmware analysis identifies all device-internal software components and comprehensively matches them against international vulnerability databases, such as CVE. In addition to the known vulnerabilities, however, the software examines for other potential and yet undiscovered security problems. These can include configuration conflicts, hard-coded credentials, outdated or invalid cryptographic usages and assets. The new automated 0-day analysis identifies previously unknown vulnerabilities in the applications such as code, SQL or command injection issues that could be exploited by an attacker. This 0-Day detection significantly expands the type and number of vulnerabilities that are automatically detected by the ONEKEY platform.
Localization of zero-day threats
In addition to detecting 0-day vulnerabilities, the platform also provides information as to where each vulnerability is located in the code. This helps customers to quickly isolate the problem and reduces the time and effort required to fix it. The new version of ONEKEY software has been massively enhanced to provide the highest level of protection: “In recent months, industrial companies have been attacked more frequently, including numerous medium-sized businesses. We are actively helping to ensure that hackers – whether criminally or politically motivated – can no longer gain access to networks via connected devices or industrial control systems,” says ONEKEY CEO Jan Wendenburg regarding the latest innovations of his cybersecurity platform.
Transparent listing of software components in SBOMs
The new variable software composition analysis enables to list and scan all components from internal development and external sources to be screened for unwanted components and risks. The integrated “Software-Bill-of-Materials (SBOM)” generator helps to increase transparency and reduce efforts and software supply chain risks. This will become more important with the upcoming EU Cyber Resilience Act. Even very large firmware images are no problem as the platform supports extended file sizes.
Extended detection of private keys
The new release introduces numerous additional features that further increase the cybersecurity level for users in industry and business. These include automatic detection of private keys, which can easily be exploited as a potential backdoor and can lead to man-in-the-middle attacks. The threat level classification has also been expanded to include “critical” and “informative” to better represent identified issues. “Currently, cyberwar is developing faster than the IoT/OT industry in general. Therefore, a high level of protection is urgently needed for businesses that have a lot of network-connected technology in use. Our research team is thus working intensively on our automatisms to be able to not only find known risks, but especially detect those not yet discovered, based on our innovative software,” explains Jan Wendenburg, CEO of ONEKEY.
ONEKEY is a leading European specialist for automatic security & compliance analyses for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations via automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of the devices, completely without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the entire product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.