Firmware Scan

With firmware scan, you can scan the firmware of an IoT device and view its risk assessment report.

The Firmware Risk Assessment Report is generated based on static analysis.

Firmware File Prerequisites

  • To get the firmware file of the IoT device, visit the device manufacturer's website or contact the manufacturer. For example, support.hp.com.
  • The firmware file must not be password protected or encrypted.

  • The firmware file must be an archived Linux file system.

    The supported archive formats are:

    • gzip (.gz)

    • lzma (.7z)

    • xz (.xz)

    • bzip2 (.bz2)

    • tar (.tar)

    • rar (.rar)

    • arj (.arj)

    • lha (.lha)

    • iso 9660 (.iso)

    • cabinet archives (.cab)

    • stuffit (.sit)

    • OS X archives (.dmg)

    • lzo (.lzo)

    • intel hex (.hex)

    • motorola s-record (.srec)

    • zip (.zip)

    • squashfs (.squashfs)

    • cramfs (.cramfs)

    • EXT (.ext2)

    • romfs (.romfs)

    • jffs2 (.jffs2)

    • ubifs (.ubi)

  • To obtain a compressed firmware file:

    • On Windows, use 7-Zip.

    • On Linux, use tar to create a .tar.gz of the entire folder. For example, to compress everything under the folder /usr, run:

      ./tar --one-file-system -pczf ./firmware.tar.gz /usr

      On Linux, to compress everything under root and add exclusions for temporary or irrelevant runtime directories, run:

      ./tar --one-file-system -pczf --exclude=mnt --exclude=var --exclude=tmp --exclude=run --exclude=proc --exclude=sys ./firmware.tar.gz /

To scan a firmware and generate the risk assessment report:

  1. Go to IoTFirmware Scan.
  2. Enter:

    • Device Type

    • Vendor Name

    • Device Model

    • (Optional) Comments

  3. In Firmware File field, click Select and upload the firmware file.

  4. Select the I confirm that I own the firmware or have the permission from the owner to run the scan checkbox.

  5. (Optional) Select the Delete my firmware file after analysis checkbox.

    If you select it, the firmware file is deleted from the service's storage after the scan. Otherwise, the file is archived for future analytics or debug purposes.

  6. Click Scan.

  7. In the Recent Scans section, you can view the status of the file scan.

    When the scan is complete, the Firmware Risk Assessment report is available for download. If the scan fails, a Check Point representative will contact you.

  8. To download the report, in the Report column, click Download report.

    For a sample report, click here.

    The report shows:

    • Known Vulnerabilities - List of all CVEs classified based on their severity and attack vector (network/physical attack).

    • Weak Credentials - Credentials that are easy to crack or publicly available.

    • High Risk Domains / IP Addresses - Suspicious domains and IP addresses.

    • Action Items - Key recommendations to mitigate security flaws.

  9. Share the risk assessment report with the device vendor or manufacturer to take the required action.