security

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on Foscam SPC WiFi Spotlight Camera Review – Part1: Unboxing and Teardown

Foscam SPC WiFi Spotlight Camera Review – Part1: Unboxing and Teardown

WiFi Spolight camera

I’ve been reviewing a few IP cameras with built-in AI features with Vacom Cam, Reolink RLC-810A, and Annke CZ400 AI security camera which had by far the most advanced features going beyond human detection with luggage monitoring, line crossing-detection, and many more. Today, I’ve received another model with basic human detection. But Foscam SPC security camera also happens to come with a motion-activated spotlight, and it is the first camera I’ve ever received with support for dual-band WiFi meaning 2.4GHz or 5 GHz WiFi can be used as needed. In the first part of the review, I’ll go through the specs, do an unboxing, and go through teardown photos to check the internals. Foscam SPC key features and specifications Some of the highlights listed in the user manual and package: Camera 4MP camera up to 2560×1440 resolution @ 25 fps, 156° view of view (diagonal) HDR support 2x white LED […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 16 Comments on TPM 2.0 modules quadruple in price, run out of stock following Windows 11 announcement

TPM 2.0 modules quadruple in price, run out of stock following Windows 11 announcement

TPM 2.0 module price

Microsoft announced Windows 11 with new system requirements that include having hardware with a TPM 2.0 chip. Yesterday, we noted that could be an issue, as not all computers, laptops, and tablets may come with a Trusted Platform Module (TPM), especially if version 2.0 is required. Microsoft explains it’s for a good reason, name improved security, but the requirement has already had an impact on the market, even though Windows 11 is not officially available just yet, as TPM 2.0 modules have quadrupled in price according to a Tweet from Shen Ye, senior director, global head of hardware products for HTC. Note that while the bottom scale shows dates, it only shows dates when the price changes and the price was indeed $24.90 before Microsoft’s announcement, and gradually went up to $99.90 within 12 hours. At the time of writing, that module is out of stock on Amazon. Shen further […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Software bills of materials (SBOM) could help improve cybersecurity

Software bills of materials (SBOM) could help improve cybersecurity

Software bill of materials

There have been some widely publicized hacks in recent months including the SolarWinds hack and the Colonial pipeline cyber attack. Those two were particularly costly and disruptive, and the US government issued an executive order that lists some of the requirements to stretch cybersecurity. Since there are many attach vectors, the list of requirements is fairly long, but one that caught my eyes in the “Enhancing Software Supply Chain Security” section reads as follows: (vii) providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website; Bills of materials (BoM) are commonly used for hardware design, but the idea behind a software bill of materials is to make sure outdated software libraries with known vulnerabilities are not included in a specific program. The 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on Edge AI system combines Foxconn FXN3102 Arm SoC with Hailo-8 or Lightspeeur 2801S AI accelerator

Edge AI system combines Foxconn FXN3102 Arm SoC with Hailo-8 or Lightspeeur 2801S AI accelerator

Foxconn FXN3102 edge ai computing system

Did you know Foxconn makes processors now? Well, they do, or at least can pretend they do to as we’ll see below. Foxconn FXN3102 24-core Arm Cortex-A53 processor is found in Vecow VAC-1000, a compact Edge AI computing system, that also features either an Hailo-8 AI accelerator or Gyrfalcon Lightspeeur 2801S NPU. The Ubuntu 18.04 server system also comes with up to 16GB DDR4-2133 memory, optional NX Witness VMS (Video Management System) supported, and targets intelligent surveillance applications such as public surveillance or traffic monitoring, as well as smart retail, factory automation, and any other AIoT/Industry 4.0 applications. Vecow VAC-1000 specifications: SoC – Foxconn FXN3102 24-core Arm Cortex-A53 processor @ up to 1.0 GHz System Memory – 8GB or 16GB DDR4 2133MHz ECC SO-DIMM Storage 64GB eMMC flash, 512MB SPI Flash, up to 512KB EEPROM 1x SATA III port up to 6 Gbps 1x M.2 2280 Key M socket for […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Sonoff & Tuya smart plugs found to transmit unencrypted passwords

Sonoff & Tuya smart plugs found to transmit unencrypted passwords

Sonoff Tuya security vulnerability

There are many low-cost smart plugs based on ESP8266 that provide a convenient way to control lights or home appliances with your smartphone. But cybersecurity firm A&O IT Group found vulnerabilities in ITEAD’s Sonoff S26 and Ener-J Wi-fi (Tuya) smart plugs that would allow an attacker to easily access your wireless network. The first security vulnerability is pretty common and hard to exploit since it’s only a concern during the setup.  Sonoff S26 starts itself into access point mode with ITEAD-1001xxxxxx SSID, and is set up through the eWelink app with the user not needing to know the password. But with older firmware is was needed, so ITEAD still shares the default password: 12345678 in the user manual, and it can be used to connect to the smart plug by anyone. But once configured, it’s not accessible anymore as the smart plug should be in client mode connected to your […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Android 12 Beta released with revamped user interface

Android 12 Beta released with revamped user interface

Android 12 Beta

Google has just announced the release of Android 12 Beta. We already covered the first Android 12 developer preview with changes including support for AVIF image format, trust and safety improvement, and enhanced media transcoding. But with the release of Android 12 Beta, Google also introduced significant changes to the user interface created with a design language called Material You, plus some new features that we’ll explore in this post. The most notable user-facing changes include: Personalization – Your phone can now be personalized with a custom color palette and redesigned widgets. This is done automatically using color extraction from your wallpaper images, and Android 12 applies those colors across the entire OS including the notification shade, the lock screen, the volume controls, new widgets, etc… Fluid motion and animations – Google optimized the system to make animations more fluid by reducing the CPU time needed for core system services […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on MYS-8MMX i.MX 8M Mini SBC runs Yocto 3.0 Linux or Ubuntu 18.04

MYS-8MMX i.MX 8M Mini SBC runs Yocto 3.0 Linux or Ubuntu 18.04

i.MX 8M Mini SBC

MYiR Tech has just launched MYS-8MMX single board computer powered by NXP i.MX 8M Mini Cortex-A53/Cortex-A4 processor with 2GB RAM, 8GB eMMC flash, and designed for embedded applications in areas of consumer electronics, industrial automation, smart healthcare, security monitoring, etc… thanks to its video and graphics capabilities. MYS-8MMX SBC specifications: SoC  – NXP i.MX 8M Mini Quad quad-core Cortex-A53 processor @ 1.6 GHz (industrial temp.) or 1.8 GHz (commercial temp.), Arm Cortex-M4F realt-time core @ 400 MHz, Vivante 2D and 3D GPU’s, and 1080p VPU System Memory – 2GB DDR4 (supports up to 4GB) Storage – 8GB eMMC flash (supports up to 128GB), 32MB QSPI flash, MicroSD card slot, M.2 NVMe SSD support Video Output 40-pin FPC connector for LVDS & capacitive touchscreen interface 1x HDMI output up to 1080p60 Camera I/F – 24-pin FPC connector with MIPI-CSI Connectivity Gigabit Ethernet RJ45 port 2.4GHz/5GHz dual-band WiFi 5 and Bluetooth 5.0 […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 45 Comments on PhD students willfully committed known malicious changes to mainline Linux

PhD students willfully committed known malicious changes to mainline Linux

Open source project vulnerabilities

We just reported about the Linux 5.12 changelog with a focus on Arm, MIPS and RISC-V targets on Tuesday, and at the time, the expectation was a delay of about one week after Linux 5.12-rc8 was outed on Sunday,  April 18. But Linux 5.12 could be further delayed due to shenanigans from two Ph.D. students doing a research project on open-source vulnerability at the University of Minnesota. This was announced by Greg Kroah-Hartman on the Linux kernel mailing list. Commits from @umn.edu addresses have been found to be submitted in “bad faith” to try to test the kernel community’s ability to review “known malicious” changes. The result of these submissions can be found in a paper published at the 42nd IEEE Symposium on Security and Privacy entitled, “Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits” So their work at to be reverted with 190 reversions so far. It also […]