EMBA: Open-source security analyzer for embedded devices
The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. It assists throughout the security evaluation procedure, extracting firmware, conducting static and dynamic analysis through emulation, and creating a web-based report.
EMBA features
EMBA identifies potential vulnerabilities and weak points in firmware, such as insecure binaries, outdated software components, scripts that might be susceptible to attack, or embedded hard-coded passwords. This command line tool also offers the option to produce a user-friendly web report for more in-depth analysis.
Michael Messner, the creator of EMBA, told Help Net Security that this is a fully-fledged firmware security analyzer that goes far beyond creating an SBOM. Some of the unique features are:
- Enhanced firmware extraction process
- UEFI analysis
- AI support
- Firmware diffing mechanisms
- User mode emulation
- System emulation
- Easy-to-read web report
Plans for the future
“Our goal is to establish EMBA in the community further and that more and more people are using it to enhance the security of products in the IoT field and the OT, ICS, and KRITIS environments. From a technical perspective, we will further improve EMBA as scanning the backend in every area,” Messner concluded.
EMBA is available for free download on GitHub.
Must read:
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time