Sonoff & Tuya smart plugs found to transmit unencrypted passwords

Sonoff Tuya security vulnerability

There are many low-cost smart plugs based on ESP8266 that provide a convenient way to control lights or home appliances with your smartphone. But cybersecurity firm A&O IT Group found vulnerabilities in ITEAD’s Sonoff S26 and Ener-J Wi-fi (Tuya) smart plugs that would allow an attacker to easily access your wireless network. The first security vulnerability is pretty common and hard to exploit since it’s only a concern during the setup.  Sonoff S26 starts itself into access point mode with ITEAD-1001xxxxxx SSID, and is set up through the eWelink app with the user not needing to know the password. But with older firmware is was needed, so ITEAD still shares the default password: 12345678 in the user manual, and it can be used to connect to the smart plug by anyone. But once configured, it’s not accessible anymore as the smart plug should be in client mode connected to your […]

Android 12 Beta released with revamped user interface

Android 12 Beta

Google has just announced the release of Android 12 Beta. We already covered the first Android 12 developer preview with changes including support for AVIF image format, trust and safety improvement, and enhanced media transcoding. But with the release of Android 12 Beta, Google also introduced significant changes to the user interface created with a design language called Material You, plus some new features that we’ll explore in this post. The most notable user-facing changes include: Personalization – Your phone can now be personalized with a custom color palette and redesigned widgets. This is done automatically using color extraction from your wallpaper images, and Android 12 applies those colors across the entire OS including the notification shade, the lock screen, the volume controls, new widgets, etc… Fluid motion and animations – Google optimized the system to make animations more fluid by reducing the CPU time needed for core system services […]

MYS-8MMX i.MX 8M Mini SBC runs Yocto 3.0 Linux or Ubuntu 18.04

i.MX 8M Mini SBC

MYiR Tech has just launched MYS-8MMX single board computer powered by NXP i.MX 8M Mini Cortex-A53/Cortex-A4 processor with 2GB RAM, 8GB eMMC flash, and designed for embedded applications in areas of consumer electronics, industrial automation, smart healthcare, security monitoring, etc… thanks to its video and graphics capabilities. MYS-8MMX SBC specifications: SoC  – NXP i.MX 8M Mini Quad quad-core Cortex-A53 processor @ 1.6 GHz (industrial temp.) or 1.8 GHz (commercial temp.), Arm Cortex-M4F realt-time core @ 400 MHz, Vivante 2D and 3D GPU’s, and 1080p VPU System Memory – 2GB DDR4 (supports up to 4GB) Storage – 8GB eMMC flash (supports up to 128GB), 32MB QSPI flash, MicroSD card slot, M.2 NVMe SSD support Video Output 40-pin FPC connector for LVDS & capacitive touchscreen interface 1x HDMI output up to 1080p60 Camera I/F – 24-pin FPC connector with MIPI-CSI Connectivity Gigabit Ethernet RJ45 port 2.4GHz/5GHz dual-band WiFi 5 and Bluetooth 5.0 […]

PhD students willfully committed known malicious changes to mainline Linux

Open source project vulnerabilities

We just reported about the Linux 5.12 changelog with a focus on Arm, MIPS and RISC-V targets on Tuesday, and at the time, the expectation was a delay of about one week after Linux 5.12-rc8 was outed on Sunday,  April 18. But Linux 5.12 could be further delayed due to shenanigans from two Ph.D. students doing a research project on open-source vulnerability at the University of Minnesota. This was announced by Greg Kroah-Hartman on the Linux kernel mailing list. Commits from @umn.edu addresses have been found to be submitted in “bad faith” to try to test the kernel community’s ability to review “known malicious” changes. The result of these submissions can be found in a paper published at the 42nd IEEE Symposium on Security and Privacy entitled, “Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits” So their work at to be reverted with 190 reversions so far. It also […]

SiFive Core IP 21G1 release improves bit manipulation, floating-point unit, reduces code footprint

SiFive 21G1 Release RISC-V Cores

As SiFive has a portfolio of RISC-V cores ranging from low-power E2-series to high-performance U8-series cores with performance similar to Cortex-A7x cores, the company has not released new cores for a while, and instead focuses on improving their current RISC-V cores. We saw that last year with the SiFive 20G1 release that improved performance & efficiency, and lowered the silicon area for the same features set. SiFive further improved its cores and ecosystem with the latest SiFive 21G1 release. The main new  features brought by SiFive 21G1 release include: SiFive 2-Series and 7-Series processors are now available with the “Bit Manipulation” extension, RV32B, with Zba and Zbb extensions. This can accelerate Cryptographic Hash algorithms by up to 35% Support for FP16 half-precision floating-point computation in order to reduce memory size and power consumption, and for some AI workloads The memory map is now fully programmable SiFive RV64 processors support up […]

Armv9 architecture to focus on AI, security, and “specialized compute”

Armv9

Armv8 was announced in October 2011 as the first 64-bit architecture from Arm. while keeping compatibility with 32-bit Armv7 code. Since then we’ve seen plenty of Armv8 cores from the energy-efficient Cortex-A35 to the powerful Cortex-X1 core, as long as some custom cores from Arm partners. But Arm has now announced the first new architecture in nearly ten years with Armv9 which builds upon Armv8 but adds blocks for artificial intelligence, security, and “specialized compute” which are basically hardware accelerators or instructions optimized for specific tasks. Armv9 still supports Aarch32 and Aarch64 instructions, NEON, Crypto Extensions, Trustzone, etc…, and is more an evolution of Armv8 rather than a completely new architecture. Some of the new features brought about by Armv9-A include: Scalable Vector Extension v2 (SVE2) is a superset of the Armv8-A SVE found in some Arm supercomputer core with the addition of fixed-point arithmetic support, vector length in multiples […]

Annke CZ400 AI security camera reviewed with basic and smart events

Annke CZ400 ceiling installation

At the beginning of this month, I started the review of Annke CZ400 AI security camera by listing specifications, unboxing the device, and doing a partial teardown, notably to install a MicroSD card. In theory, the camera comes with more advanced AI features than Reolink RLC-810A 4K CCTV camera that only supports people and vehicle detection, as the Annke security camera can handle face detection, line crossing, unattended baggage detection, and other smart event detections. So let’s see how it performs Annke CZ400 installation The first challenge was the installation, as I told the company I would not be willing to install the camera on the ceiling since I’m renting, and preferred wall-mounting. after checking the user manual that included a wall mount, I decided to go ahead, and get the review unit. But sadly, the wall mount is not included in the package, and Annke even told me they […]

Zymbit HSM4 & HSM6 security modules work with embedded Linux hardware, Raspberry Pi, Jetson Nano

Zymbit HSM4

Zymbit Zymkey security modules, now called Zymkey4i, were first introduced several years ago. Based on the Microchip ATECC508A CryptoAuthentication chip, the modules were available as a USB stick, an I2C module for Raspberry Pi boards, or an SMT component, and designed to enable multifactor device ID & authentication, data encryption & signing, key storage & generation, and physical tamper detection. The company has now informed CNX Software they had launched HSM4 cryptographic protection module and HSM6 hardware wallet with a different form factor for easy integration into embedded applications, and devkits compatible with Jetson Nano and Raspberry Pi SBCs. Zymbit HSM4 cryptographic protection module & devkit HSM4 crypto module key features and specifications: HSM4 is built upon Zymkey4i module, and integrates an Arm Cortex-M0 microcontroller, as well as a secure element likely to be Microchip ATECC508A, or the more recent ATECC608B CryptoAuthentication chip if the company upgrade System Identity & […]

EmbeddedTS embedded systems design