Print Print  
Award Information
Proposal Number: FY18.1-H-SB018.1-008-0010-II
Proposal Title: Firmware Automated Analysis at Scale with Testing
Topic Number: H-SB018.1-008
Phase: Phase II
Topic Title: Automated & Scalable Analysis of Mobile & IoT Device Firmware
Organization: Red Balloon Security
Address: 336 West 37th Street
Suite 1024
New York, NY 10018-4592  
Abstract: The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.
Award/Contract Number: 70RSAT19C00000006
Period of Performance: 05/01/2019 - 11/01/2020
Award/Contract Value: $999,797.00
Award/Obligated Amount: $999,797.00