If you want to buy a cheap Android phones, one way is to go to some Chinese e-retailers and purchase the phone that matches your requirements. Most phones will work reasonably well, but one thing that’s common to most/all Chinese manufacturers is lack of firmware updates and concerns for security. So you may only get 2 or 3 firmware update during the lifetime of your phone, if any, and usually the Android security patch is rather old. But Dr.Web discovered several Android smartphone models that ships with a Trojan (Android.Triada.231), in other words, the stock firmware is already infected with malware. The company found over 40 injected models, but the list may still grow Android.Triada trojans infect the Zygote process, which is used to launch all applications in Android. Once the module is infected, it becomes possible to download and launch software without the user’s knowledge. The 231 variant of […]
NXP Unveils A71CH Secure Element Chip for Secure Peer-to-Peer or Cloud Connections
The industry clearly has an issue at hand with the security of the Internet of Things, and the problem is complex as some devices are easily accessible due to bad configuration (e.g. default username/password), while others may have security flaws at various levels of the software stack from the low level bootloaders to the operating systems, and applications. Nowadays, devices also need to be upgradeable, and communicate with the cloud, and that introduces other attack vectors in case malignant firmware is installed instead, or a man-in-the-middle attack occurs. While some people may claim security can be achieved by software only, we are seeing security evolving towards combined software and hardware solutions, for example with Arm Trustzone built into SoCs, but some companies are also introducing Secure Element chip, which Samsung has already done and integrated into their Artik modules to secure data from the hardware to the cloud. NXP has […]
AAEON FWS-2360 Denverton Desktop Network Appliance Supports up to 6 Ethernet Ports, SATA Storage
Last summer, we started to see products and motherboards based on Intel Atom C3000 series Denverton SoC, including GIGABYTE MA10-ST0 server motherboard and Axiomtek NA362 network appliance with up to 10 LAN ports. AAEON has informed me they’ve launched their own Denverton network appliance with AAEON FWS-2360 equipped with a pair of fiber/copper SFP GbE ports, four GbE ports and two Mini-card slots to accommodate WiFi and 4G LTE expansion. The device also comes with an mSATA socket and a 2.5” SATA bay for storage. AAEON FWS: SoC (one or the other) Intel Atom C3308 dual core Denverton processor @ 1.60 / 2.20 GHz with 4MB cache; 9.5W TDP Intel Atom C3558 quad core Denverton processor @ 2.20 GHz with 8MB cache; 16W TDP System Memory Dual core – 1x DDR4 SODIMM ECC DIMM Quad core – 2x DDR4 SODIMM ECC DIMM Storage – On-board eMMC flash up to […]
MINIX NEO N42C-4 Mini PC Review – Part 2: Windows 10 Pro
MINIX NEO N42C-4 is the first Apollo Lake mini PC from the company, which also happens to be their first one with a fan, using internal antennas for WiFi and Bluetooth, and offering user-upgradeable storage and memory thanks to M.2 and SO-DIMM slots. The device also features three video output via HDMI 2.0, mini DiplayPort, and USB Type C ports supporting up to three independent display. I’ve received a sample and already checked the hardware, and showed how to install an M.2 SSD and SO-DIMM RAM to the device in the first part of the review entitled MINIX NEO N42C-4 Triple Display Capable Mini PC Review – Part 1: Unboxing and Teardown, so I’ll report my experience with Windows 10 Pro in the second part of the review, and there should also be a third part specifically dealing with Linux support. MINIX NEO N42C-4 Setup, System Info, BIOS The device […]
Intel Apollo Lake Windows 10 Benchmarks Before and After Meltdown & Spectre Security Update
So this week, there’s been a fair amount of news about Meltdown & Spectre exploits, which affects all major processor vendors one way or another, but especially Intel, and whose mitigations require operating systems and in some case microcode updates that decrease performance for some specific tasks. Microsoft has now pushed an update for Windows 10, and since I’m reviewing MINIX NEO N42C-4 mini PC powered by an Intel Pentium N4200 “Apollo Lake” processor, and just happened to run benchmarks before the update, so I decided to run some of the benchmarks again to see if there was any significant difference before and after the security update. First I had to verify I had indeed received the update in the “installed update history”, and Windows 10 Pro was updated on January 5th with KB4056892, which is what we want, so let’s go ahead. Benchmarks before Update PCMark 10 is one […]
Intel Hardware Security Bug Fix to Hit Performance on Windows, Linux…
Many security bugs can be fixed without performance penalty , but according to reports Intel processors have a hardware bug – whose details have not been disclosed yet (embargo) – that seems to affect all operating systems including Windows, Linux, Mac OS, etc…, and the fix may lead to significant performance hits for some tasks. We know a bit more thanks to the Kernel Page Table Isolation (KPTI) patch for Linux that enables the fix/workaround with X86_BUG_CPU_INSECURE feature. The fix used to be called KAISER, and there’s an explanation on LWN about “hiding the kernel from user space” about the issue: On contemporary 64-bit systems, the shared address space does not constrain the amount of virtual memory that can be addressed as it used to, but there is another problem that is related to security. An important technique for hardening the system is kernel address-space layout randomization (KASLR), which randomizes […]
Help Testing TLS 1.3 Compatibility for a More Efficient & Secure Internet
Transport Layer Security (TLS) is the protocol that allows for secure websites (via https), and currently, TLS 1.2 is the version most commonly used today, with 1.0 and 1.1 still supported by many servers for backward compatibility with older browsers, including the one running this blog. TLS 1.3 is the next version, already supported in libraries and server software such as wolfSSL or nginx, and promises to be more efficient – important for battery operated devices (IoT) – thanks to features like zero-RTT (0-RTT) mode, speedy with a restructured handshake state machine, and more secure. However, changes in security protocol may mess up connection with some browsers or middleboxes, as I experience when I enabled https on CNX Software using Let’s Encrypt with nginx and Cloudflare, with around 0.5% of users losing access due to using older web browsers and operating systems such as Internet Explorer on Windows XP. According […]
Haven Open Source App Transforms Your Old Android Smartphone into a Smart Security Camera
About two years ago, I wrote a post asking what to do with old devices instead of throwing them away. My own proposals included giving them away, reselling them on eBay, recycling them for other purpose like servers or download clients, or scavenging some parts. Other people also comments what they did with theirs, for example setting up a Linux cluster with old TV boxes. Another way to recycling an old (Android) smartphone – albeit you could always buy an inexpensive one – is to install and run Haven, an open source app that transforms your phone into some sort of smart security camera, but instead of only using the camera from the phone, the app also logs audio events using its microphone (array), as well as data reported by sensors. One of you first reaction might be: “cool! somebody may an app that would allow hackers or government to […]