Click here or Call 855.907.4673 TO GIVE HAITI SCHOOL CHILDREN LIFE-SAVING FOOD.

Binarly to Unveil New Findings on Critical PKfail Issue at LABScon 2024

News > Business News

Carbonatix Pre-Player Loader

Audio By Carbonatix

2:00 PM on Monday, September 16, 2024

The Associated Press

LOS ANGELES--(BUSINESS WIRE)--Sep 16, 2024--

Binarly, provider of the industry leading AI-powered firmware and software supply chain security platform, will present significant new insights into the critical PKfail vulnerability at this week’s LABScon 2024 conference. The research will be presented by Binarly founder and CEO Alex Matrosov, alongside vulnerability researcher, Fabio Pagani.

PKfail, originally disclosed on July 24, 2024, highlights a fundamental flaw in the UEFI Secure Boot process, specifically the integrity of the Platform Key (PK), which serves as the root of trust. This vulnerability poses a substantial risk to firmware security across various industries, affecting devices ranging from laptops to medical equipment, ATMs, and voting machines.

Since the initial disclosure, the PKfail vulnerability has been tagged with the CVE-2024-8105 identifier and has led to widespread vendor engagement and industry response. Major technology providers including Dell, Intel, Phoenix Technologies, and Supermicro have issued advisories addressing the issue, underscoring its significant impact on the firmware ecosystem.

At LABScon, Binarly will present additional data gathered from its free pk.fail detection service. This service, launched alongside the public disclosure, allows enterprise security teams to scan firmware for exposure to PKfail. In just over two months, the service has processed over 10,000 firmware submissions, with nearly 8% found to contain untrusted Platform Keys, further corroborating the research team’s initial findings.

"PKfail represents a critical breakdown in the firmware supply chain that impacts the entire industry," said Matrosov. "We’ve seen both large enterprise vendors and smaller device manufacturers affected, showing the urgent need for supply chain transparency and secure-by-design principles in firmware development."

Binarly's ongoing research indicates that non-production cryptographic materials remain prevalent in firmware images, highlighting the necessity for enhanced security practices among vendors. The investigation has also revealed the use of outdated cryptographic keys in currently marketed devices, further amplifying concerns about the vulnerability's scope.

This year’s presentation builds on Binarly’s commitment to exposing systemic weaknesses in firmware security, following a series of disclosures over the past year related to supply chain risks and below-the-OS vulnerabilities.

Binarly’s technical session at LABScon 2024 will further demonstrate the implications of PKfail across multiple sectors and the critical need for industry collaboration to mitigate these risks. The company will also discuss the role of automated tooling and the pk.fail API in identifying vulnerabilities and strengthening firmware integrity across the ecosystem.

PKfail protections are currently available in the new Binarly Transparency Platform 2.5, which empowers organizations with the tools to proactively mitigate firmware and software security issues. The platform enables enterprise defenders to avoid alert fatigue while identifying and addressing critical vulnerabilities before they can be exploited by malicious actors. Learn more at www.binarly.io

About Binarly

Binarly is a global firmware and software supply chain security company founded in 2021. The company’s flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly’s validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.

View source version on businesswire.com:https://www.businesswire.com/news/home/20240916298298/en/

CONTACT: [email protected]

818.351.9637

KEYWORD: CALIFORNIA UNITED STATES NORTH AMERICA

INDUSTRY KEYWORD: SOFTWARE INTERNET HARDWARE ELECTRONIC DESIGN AUTOMATION ARTIFICIAL INTELLIGENCE DATA MANAGEMENT TECHNOLOGY SECURITY

SOURCE: Binarly

Copyright Business Wire 2024.

PUB: 09/16/2024 02:00 PM/DISC: 09/16/2024 02:00 PM

http://www.businesswire.com/news/home/20240916298298/en

This content is used here with permission. To view the original visit: https://www.businesswire.com/news/home/20240916298298/en/
 

You might also be interested in:

Salem News Channel Today

Sponsored Links

On Air & Up Next

  • Radiosurgery New York
    2:00AM - 3:00AM
     
    Don’t miss Radiosurgery New York with Dr. Gil Lederman on AM 970 The Answer.
     
  • Waking Up America!
    3:00AM - 5:30AM
     
    Stigall’s shows are equal parts hilarity and desk-pounding monologues with   >>
     
  • The Jennifer Kelly Show
    5:30AM - 6:00AM
     
    The Jennifer Kelly Show kicks off our daily lineup with insight and analysis on   >>
     
  • The Joe Piscopo Show
    6:00AM - 10:00AM
     
    There is something about Joe that makes you feel at home. Wake up with Joe and   >>
     
  • The Mike Gallagher Show
    10:00AM - 12:00PM
     
    Mike Gallagher is one of the most listened-to radio talk show hosts in America.   >>
     

See the Full Program Guide