All Stories
Follow
Subscribe to ONEKEY GmbH

ONEKEY GmbH

ONEKEY: New Release of Cybersecurity Software finds the most dangerous IoT Vulnerabilities

ONEKEY: New Release of Cybersecurity Software finds the most dangerous IoT Vulnerabilities

Upgrading in the war against cybercriminals with expanded protection from zero-day attacks

Düsseldorf/Germany, December 8, 2022 – ONEKEY, a company specializing in the security of industrial control systems and IoT devices, is responding to the increasing activity of criminal hackers with its new software release. ONEKEY offers an extensive software-supported automated analysis of binary code to detect previously unknown vulnerabilities, especially the so-called zero-day vulnerabilities. ONEKEY's automated firmware analysis identifies all device-internal software components and comprehensively matches them against international vulnerability databases, such as CVE. In addition to the known vulnerabilities, however, the software examines for other potential and yet undiscovered security problems. These can include configuration conflicts, hard-coded credentials, outdated or invalid cryptographic usages and assets. The new automated 0-day analysis identifies previously unknown vulnerabilities in the applications such as code, SQL or command injection issues that could be exploited by an attacker. This 0-Day detection significantly expands the type and number of vulnerabilities that are automatically detected by the ONEKEY platform.

Localization of zero-day threats

In addition to detecting 0-day vulnerabilities, the platform also provides information as to where each vulnerability is located in the code. This helps customers to quickly isolate the problem and reduces the time and effort required to fix it. The new version of ONEKEY software has been massively enhanced to provide the highest level of protection: "In recent months, industrial companies have been attacked more frequently, including numerous medium-sized businesses. We are actively helping to ensure that hackers – whether criminally or politically motivated – can no longer gain access to networks via connected devices or industrial control systems," says ONEKEY CEO Jan Wendenburg regarding the latest innovations of his cybersecurity platform.

Transparent listing of software components in SBOMs

The new variable software composition analysis enables to list and scan all components from internal development and external sources to be screened for unwanted components and risks. The integrated “Software-Bill-of-Materials (SBOM)” generator helps to increase transparency and reduce efforts and software supply chain risks. This will become more important with the upcoming EU Cyber Resilience Act. Even very large firmware images are no problem as the platform supports extended file sizes.

Extended detection of private keys

The new release introduces numerous additional features that further increase the cybersecurity level for users in industry and business. These include automatic detection of private keys, which can easily be exploited as a potential backdoor and can lead to man-in-the-middle attacks. The threat level classification has also been expanded to include "critical" and "informative" to better represent identified issues. "Currently, cyberwar is developing faster than the IoT/OT industry in general. Therefore, a high level of protection is urgently needed for businesses that have a lot of network-connected technology in use. Our research team is thus working intensively on our automatisms to be able to not only find known risks, but especially detect those not yet discovered, based on our innovative software," explains Jan Wendenburg, CEO of ONEKEY.

About ONEKEY:

ONEKEY is a leading European specialist for automatic security & compliance analyses for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations via automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, completely without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the entire product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Further Information: ONEKEY GmbH,  
Sara Fortmann, E-Mail:  sara.fortmann@onekey.com,
Kaiserswerther Straße 45, 40477 Düsseldorf, Germany,  
Web:  www.onekey.com
PR Agency: euromarcom public relations GmbH,
Mühlhohle 2, 65205 Wiesbaden, Germany,
Phone: +49 611 9731 50, E-Mail:  team@euromarcom.de,
Web:  www.euromarcom.de

- - - -

More stories: ONEKEY GmbH
More stories: ONEKEY GmbH
  • 24.10.2022 – 14:05

    Importers and distributors are considered manufacturers: EU Cyber Resilience Act raises stakes

    Importers and distributors are considered manufacturers: EU Cyber Resilience Act raises stakes OEM products become a cyber risk for chain stores, buying cooperatives and many more Düsseldorf/Germany, October 24, 2022 – The Cyber Resilience Act aims to close gaps in cybersecurity across the entire supply chain of products and protect consumers and companies from ...

  • 10.10.2022 – 14:20

    EU Cyber Resilience Act becomes a Tour de Force for the Industry

    EU Cyber Resilience Act becomes a Tour de Force for the Industry Time-to-market becomes a gamble without automated analysis routines Düsseldorf/Germany, October 10, 2022 – All products with digital elements – from routers to smart refrigerators to televisions and, above all, any modern industrial equipment – should no longer pose cyber risks to users in the future. This is what the EU Commission is demanding, and ...

  • 29.09.2022 – 14:05

    ONEKEY announces automated detection of zero-day vulnerabilities

    ONEKEY announces automated detection of zero-day vulnerabilities New platform for automated discovery of unknown 0-day vulnerabilities for producers of connected devices and operators of industrial control systems Düsseldorf/Germany, September 29, 2022 – For the first time, European IoT/OT security specialist ONEKEY is enabling software-based automated detection of ...