security

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on ARM Introduces Secure Cortex-M23 and Cortex-M33 ARMv8-M MCU Cores, and Bluetooth 5 Cordio Radio IP for IoT Applications

ARM Introduces Secure Cortex-M23 and Cortex-M33 ARMv8-M MCU Cores, and Bluetooth 5 Cordio Radio IP for IoT Applications

ARM TechCon 2016 is now taking place in Santa Clara, California, USA, as ARM has made three announcements for the Internet of Things, the focus of SoftBank going forward, with two ARM Cortex-M ARMv8-M cores integrating ARM TrustZone technology, namely Cortex-M23 low power small footprint core, and Cortex-M33 core with processing power similar to Cortex-M3/M4 cores, as well as Cordio Radio IP for Bluetooth 5 and 802.15.4 connectivity. ARM Cortex-M23 ARM Cortex-M23, based on the ARMv8-M baseline architecture, is the smallest and most energy efficient ARM processor with TrustZone security technology,and targets embedded applications requiring both a small footprint, low power, and security. Its power consumption is low enough to be used in batteryless, energy harvesting IoT nodes, and is roughly a third of Cortex-M33 processor size, and offers more than twice its energy efficiency. Cortex-M23 is a two-stage pipelined processor, software compatible with other processors in the Cortex-M family. […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE) used for DRM & other security features. However, Frédéric Basse, a security engineer, worked with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box, namely Inphic i7, but any other device based on the processor would have made the same thing possible. He explains the steps they went through and how they managed to exploit vulnerability to bypass secure boot in a detailed technical blog post. They first started by looking for info in Amlogic S905 datasheet, but most info about TrustZone had been removed from the public version. So not that much help here except a potential address for BOM Root (ROMBOOT_START   0xD9040000). The next step was to connect the UART pins in order to access the […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 45 Comments on Routers, IP Cameras/Phones & IoT Devices can be Security Risks even with the Latest Firmware, and a Strong Admin Password

Routers, IP Cameras/Phones & IoT Devices can be Security Risks even with the Latest Firmware, and a Strong Admin Password

ZTE-ZXHN-F600W

I’ve just read an interesting article entitled “who makes the IoT things under attack“, explaining that devices connected to the Internet such as router, IP cameras, IP Phones, etc.. may be used by Botnet to launch DDoS attacks, and they do so using the default username and password. So you may think once you’ve updated the firmware when available, and changes the default admin/admin in the user interface, you’d be relatively safe. You’d be wrong, because the malware mentioned in the article, Mirai, uses Telnet or SSH trying a bunch of default username and password. That made me curious, so I scanned the ports on my TP-Link wireless router and ZTE ZXHN F600W fiber-to-the-home GPON modem pictured below, and installed by my Internet provider, the biggest in the country I live, so there may be hundred of thousands or millions of such modems in the country with the same default […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 22 Comments on Roqos Core AC Router Runs Debian on Intel Atom Bay Trail-I Processor for $19… Plus Monthly Subscriptions

Roqos Core AC Router Runs Debian on Intel Atom Bay Trail-I Processor for $19… Plus Monthly Subscriptions

Roqos Core router is interesting on several front. First it’s quite powerful and features-rich with an Intel Atom E3845 processor, five Gigabit Ethernet ports, 802.11ac WiFi, a USB 3.0 port, and even an HDMI port allowing you to use it as a Media Center too. It should also be quite customizable, software wise, since it runs Debian, and finally the business model is also different, as you only need to pay $19 for the router, with the catch that you need to subscribe Roqos Service with “advanced cybersecurity and parental control features” for $17 per month for at least 12 months, bringing the total to $223. After one year, you can opt out of the cloud service, and continue to use the router without the extra security features. Roqos Core RC10 router hardware specifications: SoC – Intel Atom Bay Trail-T E3845 quad core processor @ up to 1.91 GHz (10W […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on u-Blox Unveils SARA-R4 LTE Cat M1 and SARA-N2 NB-IoT Modules for Professional IoT Applications

u-Blox Unveils SARA-R4 LTE Cat M1 and SARA-N2 NB-IoT Modules for Professional IoT Applications

While I’ve mostly read about SigFox and LoraWan solutions for long range, low power, and low bitrate communications for the Internet of Things so far, there are many active of planned LPWAN standards for IoT applications, and 3GPP Release 13 standard stipulates two LTE LPWAN standards, namely LTE Cat M1 (eMTC) and LTE Cat NB1 (NB-IoT), with the former  supporting 1 Mbps downlink and uplink peak data rates, and the latter 250 Kbps downlink, and 250 Kbps (multi-tone) or 20 Kbps (single tone) uplink data rates. U-Blox has released modules for both standard with SARA-R4 LTE Cat M1  and SATA-N2 NB-IoT modules. SARA-N2 Cat NB1 cellular module specifications: LPWAN Connectivity – 3GPP Release 13 NB1; NB-IoT bands: 5, 8, 20; downlink: 227 Kbps, uplink: 21 Kbps Positioning – GNSS via Modem Interfaces – 1x UART, 1x SPI, 2x GPIO, 1x DDC(I2C) for GNSS Features – Antenna supervisor, embedded IPv4 & […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on Rockchip RV1108 Cortex A7 + DSP SoC is Made for Audio & Video Conference and Recording Applications

Rockchip RV1108 Cortex A7 + DSP SoC is Made for Audio & Video Conference and Recording Applications

[Update May 2017: Rockchip has renamed RK1108 to RV1108.] Rockchip has introduced RV1108 ARM Cortex A7 SoC with a 600 MHz DSP targeting visual communication, consumer electronics, automotive DVR, and security applications thanks to its 8-channel I2S audio codec and 1440p H.264 video encoder and decoder. Detailed specifications can be found on the official Rockchip Wiki: CPU – Single-core ARM Cortex-A7 Core processor with NEON and FPU,  32KB/32KB L1 I-Cache/D-Cache, Unified 128KB L2 Cache, and Trustzone Video/Image DSP – Up to 600 MHz, 32KB I-TCM and 32KB I-cache, 128KB D-TCM Memory 12KB internal SRAM DDR3/DDR3L interface – 16 Bits data width, 1 ranks (chip selects), up to 512 MB RAM NAND Flash Interface – 8-bit async NAND flash, 16-bit hardware ECC eMMC Interface – Compatible with standard iNAND interface, eMMC 4.51 standard. SD/MMC Interface – Compatible with SD 3.0, MMC 4.41 System Component 2x 64-bit timers with interrupt-based operation 8x […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on Google QUIC is a Secure UDP Protocol Aiming to Replace TCP + TLS

Google QUIC is a Secure UDP Protocol Aiming to Replace TCP + TLS

A lot of traffic over the Internet goes through  secure https connections. Under the hood this requires a 3-way handshake to establish a TCP connection, followed by even more packets exchanged between the client and server to negotiate TLS in order to establish a secure connection.  Google is now working one the new experimental QUIC protocol that uses the “send and forget” UDP protocol, together with its own crypto, and its own way to making sure the connection is properly establish. The whole idea about QUIC is to reduce the effect of latency (e.g. ping time) by exchanging less messages to achieve the same secure connectivity. For example, if there’s a 200ms latency between a server and a client, and if a TCP connection requires 4 packets, while a QUIC/UDP connection requires only 1 packet, you’ll save about 600ms. One downside with UDP according to Jim Roskind, designer of QUIC, […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Embedded Linux Conference & IoT Summit Europe 2016 Schedule

Embedded Linux Conference & IoT Summit Europe 2016 Schedule

Embedded Linux Conference & IoT summit 2016 first took place in the US in April, but the events are now also scheduled in Europe on October 11 – 13 in Berlin, Germany, and the schedule has now been published. Even if you are no going to attend, it’s always interesting to find out more about the topic covered in that type of events, so I had a look, and created my own virtual schedule with some of the sessions. Tuesday, October 11 10:40 – 11:30 – JerryScript: An Ultra-lightweight JavaScript Engine for the Internet of Things – Tilmann Scheller, Samsung Electronics JerryScript is a lightweight JavaScript engine designed to bring the success of JavaScript to small IoT devices like lamps, thermometers, switches and sensors. This class of devices tends to use resource-constrained microcontrollers which are too small to fit a large JavaScript engine like V8 or JavaScriptCore. JerryScript is heavily […]

UP 7000 x86 SBC