security

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on Arrow launches PSA Certified PSoC 64 IoT Security Workshop Development Kit

Arrow launches PSA Certified PSoC 64 IoT Security Workshop Development Kit

PSA-Certified PSoC 64 IoT Security-Workshop Development Kit

In 2019, we wrote that Cypress PSoC 64 microcontrollers for Secure IoT applications was one of the first microcontrollers compliant with Arm’s Platform Security Architecture (PSA) designed to secure the Internet of Things. Arrow has now launched the PSoC 64 IoT Security Workshop Development Kit, its first PSA Certified platform, which happens to be based on Cypress PSoC 64, and developed in collaboration with Infineon who purchased Cypress Semiconductor last year. Designed to help developers quickly create PSA Certified solutions, the development kit includes the Infineon PSoC 64 Secure AWS IoT Pioneer Kit, Arrow PSoC 6 IoT Sensor Shield, Shield2Go kits, and AWS cloud enablement with certified functional APIs and integrated dashboard for monitoring and visualization. There are three levels for PSA certification: level 1 for device manufacturers involves the evaluation of an IoT device to assess whether it adheres to security best practice, level 2 with a laboratory evaluation […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on Hardware security flaw impacts Intel Apollo Lake & Gemini Lake processors

Hardware security flaw impacts Intel Apollo Lake & Gemini Lake processors

Hardware security flaw intel-atom, celeron, pentium Apollo Lake, Gemini Lake

A few years go the Spectre and Meltdown hardware security vulnerabilities impacted a wide range of processors from Intel, AMD, Arm, and others. But a newly discovered hardware security flaw impacts specifically the Atom, Celeron, and Pentium from the Apollo Lake, Gemini Lake, Denverton … low-power processors we often feature on CNX Software. Researchers have managed to activate test or debug logic at runtime for some low-power Intel processors, which they could use to escalate privilege, retrieve the “fuse encryption key” aka “chipset key fuse” unique to each processor, and access encrypted data. Most people do not need to panic though, as the hack would require physical access to the machine, and Intel says it is releasing firmware updates to mitigate the vulnerability. High-value targets should care though as the hack only takes 10 minutes, and if a laptop is stolen or lost, a skilled attacker should be able to […]

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on GPU-less NXP i.MX 8XLite Cortex-A35/M4 SoC is aimed at IIoT & V2X applications

GPU-less NXP i.MX 8XLite Cortex-A35/M4 SoC is aimed at IIoT & V2X applications

NXP i.MX 8XLite

NXP i.MX 8XLite SoC is a cost-optimized version of NXP i.MX 8X automotive processor with up to two Cortex-A35 cores, one Cortex-M4F real-time core, and in a GPU-less configuration since it lacks the Vivante GPU found in i.MX 8X family. The headless processor also comes with dedicated Hardware Security Modules (HSM) to enable telematics solutions, vehicle-to-everything (V2X) applications including vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) solutions, road infrastructure connectivity, as well as IIoT applications such as industrial equipment and building automation. NXP i.MX 8XLite key features and specifications: Processor complex 1x or 2x Arm Cortex-A35 cores @ up to 1.2 GHz with 256KB L2 cache with ECC 1x Arm Cortex-M4F core for real-time processing Memory I/F – 16-bit DDR3L-1866 and LPDDR4-2400 with ECC protection Storage I/F 1x FlexSPI for fast boot from SPI NOR flash 2x SD 3.0 card interfaces 1x eMMC5.1/SD3.0 NAND (62-bit ECC support) Networking – 1x Gigabit Ethernet […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on BrakTooth vulnerabilities impact closed-source Bluetooth stacks used in chips from Espressif, Intel, Qualcomm…

BrakTooth vulnerabilities impact closed-source Bluetooth stacks used in chips from Espressif, Intel, Qualcomm…

BrakTooth

BrakTooth is a family of new security vulnerabilities in commercial, closed-source Bluetooth Classic stacks that range from denial of service (DoS) via firmware crashes and deadlocks to arbitrary code execution (ACE) in certain IoT devices. A team from Singapore has discovered 16 new security vulnerabilities after evaluating 13 Bluetooth devices from 11 vendors, but after browsing through the list of certified Bluetooth devices with impacted processors, they estimate it could impact 1400 devices. We can see the list of BrakTooth-impacted SoCs include some familiar names like Intel AX200 (found in many laptops and computers through M.2 cards), Espressif Systems ESP32, Texas Instruments CC2564C, Qualcomm CSR8811/CSR8510, Bluetrum AB32VG1 board (based on AB5301A SoC) which I’ve just reviewed, and more… The good news is that most vendors have either already submitted a patch or working on it. Espressif, Infineon (previously Cypress), and Bluetrum already have released patchsets for their firmware. It’s really […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on OpenSSL 3.0 released with pending FIPS 140-2 validation

OpenSSL 3.0 released with pending FIPS 140-2 validation

OpenSSL 3.0

OpenSSL 3.0 has just been released after three years of development, and over 7,500 commits and contributions from over 350 different authors with a new FIPS module that awaits FIPS 140-2 validation by the end of the year, improved documentation, and a change to an Apache License 2.0. OpenSSL’s reputation took a serious hit in 2014 with the Hearbleed bug that allowed attackers to steal the information protected by the SSL/TLS encryption used for most secure Internet communication. The bug was introduced in 2012, and it took almost two years to be fixed. Yet, despite the fix, many projects switched to other SSL libraries like LibreSSL, WolfSSL, or mbedTLS. But it’s good the project is still very much active, and OpenSSL 3.0 succeeds OpenSSL 1.1.1 released in September 2018. Who knows what OpenSSL 2.0… One of the main changes is support for the Provider concept, and OpenSSL 3.0 comes with […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 28 Comments on OpenWrt 21.02 released with WPA3, HTTPS, TLS enabled by default

OpenWrt 21.02 released with WPA3, HTTPS, TLS enabled by default

OpenWrt 21.02

OpenWrt 21.02 has just been released with higher security with WPA3, HTTPS & TLS enabled by default, as well as initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches. OpenWrt is the most popular open-source Linux distribution for routers and entry-level Linux-capable embedded systems, and the latest release includes over 5800 commits since the release of OpenWrt 19.07 in January 2020. WPA3 was already supported in OpenWrt 19.07, but not enabled by default,  OpenWrt 20.02 changes that, together with TLS thanks to trusted CA certificates from Mozilla. That means LuCi interface, wget, opkg package manager can all support HTTPS out-of-the-box. Note that HTTPS redirection can be disabled for LuCI in the configuration files. Another security change is that SELinux is now supported by OpenWrt, but not enabled by default. OpenWrt 21.02’s DSA implementation replaces the current swconfig system, but not all targets have been […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

Realtek SDK vulnerabilities

The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles. An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can. Summary of the four vulnerabilities: CVE-2021-35392 – Realtek Jungle SDK version v2.x up to v3.4.14B provides a ‘WiFi Simple Config’ server called wscd or mini_upnpd that implements both UPnP and SSDP protocols. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. CVE-2021-35393 – Also impacts ‘WiFi Simple Config’ server (wscd […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 9 Comments on $23 N6110E NVR supports AI features, 10TB SATA drive, up to 10 video channels

$23 N6110E NVR supports AI features, 10TB SATA drive, up to 10 video channels

N6110E SigmaStar SSR621Q network video recorder

Network video recorders (NRV) typically cost a couple of hundred dollars, but in the past, we noted a low-cost, entry-level NVR with a single Ethernet port may sell for under $50. But now, I’ve been made aware that $20 Linux-based NVR’s had shown up on Aliexpress either based on XM8536D processor, or SigmaStar SSR621Q dual-core Cortex-A7 processor.  I’ll look at the N6110E model with the latter that sells for $22.99 plus shipping as it includes an enclosure and is said to support up to 10 channels, as well as AI features such as face & human body detection, “auto tracking” (vehicle tracking?), and mixed-traffic detection. N6110E NVR specifications: SoC – SigmaStar SSR621Q processor/DSP with two Cortex-A7 cores, 256MB DDR3 RAM according to linux-chenxing Video decoding – H.265 , H.264 up to 1x 8MP @ 30 fps, 1x 5MP @ 30 fps, 2x 4MP @ 30fps, 4x 3MP @ 20 fps, […]