Skip to content ↓ | Skip to navigation ↓

FireEye filed an injunction against German IT security research firm ERNW GmBH last month in order to protect its intellectual property.

According to CIO, ERNW first contacted FireEye, a former intern of which recently pleaded guilty to selling Dendroid malware on Darkode, back in April of this year after its researchers discovered five vulnerabilities in the company’s Malware Protection System (MPS).

“The vulnerabilities presented here could allow an attacker to compromise virtual machine-based malware detection systems such as a FireEye device by triggering the analysis of a crafted exploit,” reads an advisory released by ERNW about the vulnerabilities on Thursday. “Such an analysis can be triggered by sending an email to an arbitrary corporate address or by embedding the exploit code in a document (to-be) downloaded via HTTP.”

ERNW founder Enno Rey goes on to explain in a blog post that ERNW subsequently established communication channels with FIreEye and submitted a draft of the document that it wished to publish on the vulnerabilities to the firm following a 90-day disclosure period. FireEye was of the opinion that the initial document revealed too many technical details about the inner workings, including the source code, of its MPS product. ERNW disagreed, but as explained by Ray, the company did make some changes and redacted several passages of the document.

ernw newsletter fireeye
Source: ERNW

On August 5th, representatives of the two companies met to review the revised disclosure document. Rey feels that at the time the two firms had reached a consensus on what should be released. Less than 24 hours later, however, FireEye sent a cease-and-desist letter to ERNW, citing intellectual property protection as a means to block the release of some of the contextual technical information provided in the document. Allegedly, ERNW was given until August 10th (one working day) to sign the letter. When Rey stated that his company would not be able to sign the letter until August 17th, FireEye filed an injunction against ERNW on August 13th. This injunction was in part motivated to prevent ERNW security researcher Felix Wilhelm from discussing the vulnerabilities in a presentation at 44Con.

According to Rey, ERNW did not comply with the injunction, and Wilhelm’s presentation went forward as planned.

FireEye has since published a bulletin about the vulnerabilities discovered by ERNW and issued the following statement:

“We tried to conceal from the researchers to publish our IP.  No company in the world would want their IP revealed. We did that to protect our customers. We openly worked with them to fix the vulnerabilities, and patches have been available for months now. Our Customers are protected. This was not about stopping them from issuing a report neither the vulnerabilities, it was about protecting intellectual property that they didn’t have a legal right to publish.”

Rey has responded that ERNW never had the intention of threatening FireEye’s IP and that he felt the company was unfairly targeting the security research community.

News of this spat follows a disagreement with another researcher who demanded that he be paid for four zero-day vulnerabilities he found in FireEye’s products earlier this week.