Le Lézard
Classified in: Science and technology
Subjects: Conference, Survey

Binarly to Unveil New Findings on Critical PKfail Issue at LABScon 2024


Binarly, provider of the industry leading AI-powered firmware and software supply chain security platform, will present significant new insights into the critical PKfail vulnerability at this week's LABScon 2024 conference. The research will be presented by Binarly founder and CEO Alex Matrosov, alongside vulnerability researcher, Fabio Pagani.

PKfail, originally disclosed on July 24, 2024, highlights a fundamental flaw in the UEFI Secure Boot process, specifically the integrity of the Platform Key (PK), which serves as the root of trust. This vulnerability poses a substantial risk to firmware security across various industries, affecting devices ranging from laptops to medical equipment, ATMs, and voting machines.

Since the initial disclosure, the PKfail vulnerability has been tagged with the CVE-2024-8105 identifier and has led to widespread vendor engagement and industry response. Major technology providers including Dell, Intel, Phoenix Technologies, and Supermicro have issued advisories addressing the issue, underscoring its significant impact on the firmware ecosystem.

At LABScon, Binarly will present additional data gathered from its free pk.fail detection service. This service, launched alongside the public disclosure, allows enterprise security teams to scan firmware for exposure to PKfail. In just over two months, the service has processed over 10,000 firmware submissions, with nearly 8% found to contain untrusted Platform Keys, further corroborating the research team's initial findings.

"PKfail represents a critical breakdown in the firmware supply chain that impacts the entire industry," said Matrosov. "We've seen both large enterprise vendors and smaller device manufacturers affected, showing the urgent need for supply chain transparency and secure-by-design principles in firmware development."

Binarly's ongoing research indicates that non-production cryptographic materials remain prevalent in firmware images, highlighting the necessity for enhanced security practices among vendors. The investigation has also revealed the use of outdated cryptographic keys in currently marketed devices, further amplifying concerns about the vulnerability's scope.

This year's presentation builds on Binarly's commitment to exposing systemic weaknesses in firmware security, following a series of disclosures over the past year related to supply chain risks and below-the-OS vulnerabilities.

Binarly's technical session at LABScon 2024 will further demonstrate the implications of PKfail across multiple sectors and the critical need for industry collaboration to mitigate these risks. The company will also discuss the role of automated tooling and the pk.fail API in identifying vulnerabilities and strengthening firmware integrity across the ecosystem.

PKfail protections are currently available in the new Binarly Transparency Platform 2.5, which empowers organizations with the tools to proactively mitigate firmware and software security issues. The platform enables enterprise defenders to avoid alert fatigue while identifying and addressing critical vulnerabilities before they can be exploited by malicious actors. Learn more at www.binarly.io

About Binarly

Binarly is a global firmware and software supply chain security company founded in 2021. The company's flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly's validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.


These press releases may also interest you

at 13:37
Kindred Group plc ("Kindred" or the "Company") today announces that after settlement of the public offer launched by La Française des Jeux on Kindred, its Board of Directors has received the resignations of the Chairman of the Board, Evert Carlsson,...

at 13:20
Tele2 AB's ("Tele2") , Board of Directors has appointed Jean-Marc Harion as President and CEO, effective from the 10th of November. Jean Marc Harion is currently the CEO of Polish telecom operator Play and serve on Tele2's Board of Directors. With...

at 13:00
CPAmerica, Inc. is excited to announce a new partnership with Autire Technologies, welcoming them as a new Preferred Provider for the association. Autire, a cutting-edge SaaS solution, is an end-to-end, fully automated, standards-based auditing tool...

at 13:00
Scales Plus, a leading distributor and service provider in the weighing industry, today announced the acquisition of key assets...

at 13:00
After months of research and planning with the global supply chain & logistics community, Manifest Vegas has officially launched its thought leadership program. The event begins on Monday, February 10th with the Kick-Off Day program consisting of...

at 13:00
Wiwynn (TWSE:6669), a leading cloud IT infrastructure provider for hyperscale data centers, is unveiling a full suite of AI data center solutions and...



News published on and distributed by: