BINARLY

This year was an absolute triumph for Binarly! We made significant strides in software supply chain security for our customers, delivering solutions that resulted in a four-fold increase in revenue compared to the previous year. We also welcomed new, remarkable customers such as Meta, Cisco and have grown our existing customer base — including Dell Technologies, Framework, and OnLogic — all strong signals for the entire market. ?Let’s review some significant milestones for Binarly in 2024!

??Some exciting research to share from Binarly REsearchers Takahiro Haruyama and Fabio Pagani -- a novel approach to UEFI bootkit detection. Drawing from an exhaustive analysis of known bootkits -- from #Lojax and #MosaicRegressor to #MoonBounce and #BlackLotus -- the team uncovered that common hook chains and extra components aren’t reliable markers for detection. Instead, by focusing on the OS-persistence techniques (like clearing control registers and shellcode-style PE parsing), they built YARA and FwHunt rules that don’t just catch known bad actors, but also reveal previously undetected bootkits. The research drives home a clear message: legacy detection tools like YARA have limitations, and it’s time to move beyond them. By integrating advanced static analysis, semantic detection, and ML-based clustering, this methodology sets a new bar for firmware security, transforming how we monitor, triage, and counteract stealthy bootkit attacks. ?? https://lnkd.in/g8KF_Fay

??Binarly Transparency Platform v2.8 has arrived!?? We're excited to announce the launch of Binarly Transparency Platform v2.8, marking a pivotal leap forward in our agile development journey. This update introduces advanced image diffing, refined role-based access control (RBAC), enhanced vulnerability detection capabilities and tooling for cryptographic keys and certificates management. With our new monthly release cadence, Binarly is now better positioned to deliver continuous, rapid improvements like advanced image diffing for pinpointing changes between binary versions and robust RBAC for secure, role-specific access management. The update also incorporates our newly granted US Patent No. 12,236,262, which dramatically slashes vulnerability detection costs (https://lnkd.in/gYm_fJcG). With enhanced cryptographic keys and certificates management alongside precision vulnerability detection, Binarly v2.8 is designed to provide actionable insights and support organizations in managing and securing their digital assets effectively. Learn more about how Binarly Transparency Platform v2.8 is setting a new standard supply chain vulnerability and risk management: https://lnkd.in/gNv_KDMW

In 2023, the Binarly REsearch team uncovered a massive supply chain incident targeting Intel-based devices due to leaked Intel Boot Guard keys from their reference code. Alarmingly, these compromised keys were found to be blindly reused across the industry, exposing countless devices. (details: https://lnkd.in/gQeijqk4) In 2024, our team identified #PKfail revealing even deeper systemic issues—specifically, a fundamentally broken design within UEFI Secure Boot and pervasive blind trust in OEMs, many of whom consistently failed to adhere to best security practices. (details: https://lnkd.in/gqHTy5yi) Now, in 2025, history repeats itself. We've been brought in again to investigate another significant supply chain incident involving leaked Intel Boot Guard keys. (details: https://lnkd.in/gFVn7w6w) This sequence of events highlights critical, repeatable failures in cryptographic key management across the entire device ecosystem. OEM-developed firmware is widely deployed in network appliances, critical infrastructure, and numerous other locations where security should be taken much more seriously. It’s clear we urgently need to rethink our trust models concerning these "black boxes" and proactively uncover the hidden risks embedded within software supply chain.

Software supply chain attacks are now the fastest-growing security threat across the industry—outpacing even ransomware in both speed and impact. Every day, we see new incidents highlighting vulnerabilities in software dependencies and build environments. Yesterday (as always seems to happen on Fridays), another notable CI/CD attack targeted the widely-used GitHub Action?tj-actions/changed-files. Thanks to the swift detection by Varun Sharma and the StepSecurity team! (source: https://lnkd.in/gFBXPBGa) ?? A few thoughts that have been on top of my mind this morning: ?? Keeping software consistently updated is essential, but it can unintentionally amplify risks when malicious third-party software updates are rapidly consumed and distributed, potentially affecting thousands or even millions of targets. This scenario echoes the incident last year involving XZ Utils (xz.fail). ?? Ensuring verifiable artifacts and maintaining the integrity of build artifacts should be non-negotiable for any secure build environment. While this alone may not prevent a compromised GitHub Action, it can significantly reduce the potential impact. (GitHub guidance: https://lnkd.in/gRVnjv6e) ?? There is an urgent need to shift towards a proactive approach in combating software supply chain attacks. Currently, we often identify these attacks only after damage has already occurred. It's crucial for organizations to strengthen their CI/CD and software supply chain transparency now more than ever. Kudos to those vigilant in defending the software community!

Velocity is a startup's superpower! ?? Rapid innovation and efficient delivery of customer-driven features set successful startups apart. Just a few weeks ago, a customer shared new compliance requirements for Vulnerability Exploitability eXchange (VEX) reports. Within one week, we delivered an alpha version for immediate feedback. The full-scale feature will roll out in next month's release. Listen fast, build faster!??

At the end of February 2025 ??, we were asked to investigate the discovery of Boot Guard Key Manifest and Boot Policy Manifest private keys ?? in Clevo firmware update packages. The Binarly REsearch team quickly got to work, downloading the Clevo BIOS archive and uncovering two private keys embedded in the BootGuardKey.exe binary ??. Extracting the key modulus confirmed a match ? with the Boot Guard Key Manifest in the firmware image, essentially opening the door ?? for potential malicious firmware that could bypass Boot Guard. ??What’s even more concerning are the results of our ecosystem-wide scan ?? using the Binarly Transparency Platform: we identified these leaked keys ?? in 15 firmware images across 10 unique devices, including a recent release from Gigabyte ??. Although Clevo’s error wasn’t repeated by other vendors in our extensive dataset of over 200,000 firmware packages ??, the shared nature of these keys highlights a systemic risk ?? with far-reaching consequences. Our investigation underscores the critical need ? for robust firmware key management ???. We’re set to dive deeper into these issues at our upcoming RSA Conference 2025 presentation — “Repeatable Supply Chain Security Failures in Firmware Key Management.” ?? Curious to learn more about our findings and what this means for the UEFI ecosystem? Read the full blog post and join the conversation at RSA ??. ?? https://lnkd.in/gYVv52up

At the end of February 2025 ??, we were asked to investigate the discovery of Boot Guard Key Manifest and Boot Policy Manifest private keys ?? in Clevo firmware update packages. The Binarly REsearch team quickly got to work, downloading the Clevo BIOS archive and uncovering two private keys embedded in the BootGuardKey.exe binary ??. Extracting the key modulus confirmed a match ? with the Boot Guard Key Manifest in the firmware image, essentially opening the door ?? for potential malicious firmware that could bypass Boot Guard. ??What’s even more concerning are the results of our ecosystem-wide scan ?? using the Binarly Transparency Platform: we identified these leaked keys ?? in 15 firmware images across 10 unique devices, including a recent release from Gigabyte ??. Although Clevo’s error wasn’t repeated by other vendors in our extensive dataset of over 200,000 firmware packages ??, the shared nature of these keys highlights a systemic risk ?? with far-reaching consequences. Our investigation underscores the critical need ? for robust firmware key management ???. We’re set to dive deeper into these issues at our upcoming RSA Conference 2025 presentation — “Repeatable Supply Chain Security Failures in Firmware Key Management.” ?? Curious to learn more about our findings and what this means for the UEFI ecosystem? Read the full blog post and join the conversation at RSA ??. ?? https://lnkd.in/gYVv52up

???? Binarly is excited to announce that a brand-new presentation on ‘Repeatable Supply Chain Security Failures in Firmware Key Management’ has been accepted for the RSA Conference 2025. ???? Join Binarly research experts Alex Matrosov and Fabio Pagani for a no-holds-barred technical discussion on how systemic vulnerabilities undermine the very trust chain of modern computing. Mark your calendars! ?? April 29, 2025 ? 9:40 AM PDT ?? RSA Conference 2025 ?? https://lnkd.in/gh_98iuJ

“The Intel offering has the same foundational building blocks, carrying forward the same underlying issues as before, but now repackaged with a new flavor. Achieving true confidential computing is extremely challenging if companies continue building upon a stack that is inherently flawed by design. We need to fundamentally rethink and rebuild the foundation itself before we can credibly make such bold claims.” -- Alex Matrosov ?? https://lnkd.in/eqStBKnq