security

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on Upcoming ARM TrustZone Webinars Explaining Embedded Systems / IoT Security to Non-security Experts

Upcoming ARM TrustZone Webinars Explaining Embedded Systems / IoT Security to Non-security Experts

Most people understand that securing the IoT is important, but security is a highly a complex subject, and as seen with the many security breaches, even specialists – who in theory should now better – get their devices or online accounts hacked. So even if you are not a security expert, but are involved in the development of embedded systems, it’s important to get acquainted with online and offline security and understand how all this all work, at least from a high level perspective, without necessarily having to dig into the technical details. ARM is organizing two webinars catering to people who are not security experts, and explaining how they can secure embedded systems using the company’s TrustZone technology. The first webinar entitled “How to build trust and security into your embedded device” will allow participant to gain an understanding of the security that will need to be applied in […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on Raspberry Pi 3 To Get ARM TrustZone Support with Linaro OP-TEE Port

Raspberry Pi 3 To Get ARM TrustZone Support with Linaro OP-TEE Port

If you ever wanted to experiment with ARM Trustzone, and IoT security, you’ll soon be able to do so with the Raspberry Pi 3 board thanks to a port of Linaro OP-TEE (Open Portable Trusted Environment Execution) by Sequitur Labs. Broadcom BCM2737 SoC found in Raspberry Pi 3 board already had TrustZone hardware for isolation and protection for sensitive material such as cryptographic keys, algorithms and data, but the upcoming software release will mean the feature can now be used, and it’s free for trial/evaluation, and  education. Trustzone is also used for DRM (digital rights management), but in the case of Raspberry Pi 3 it will most likely used to teach how to secure the Internet of Things (IoT). The release is scheduled for July 11, with source code and documentation to be available in OP-TEE github account. All you’ll need to get started is a Raspberry Pi 3 board, […]

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on Synaptics Natural ID USB Dongle Brings Fingerprint Authentication to Older Laptops and Computers

Synaptics Natural ID USB Dongle Brings Fingerprint Authentication to Older Laptops and Computers

Many new smartphones features a fingerprint scanner, and some computers such as Kangaroo Mobile Desktop also include one, but you’ll soon be able to add a USB dongle to your existing notebook thanks to Synaptics USB dongle reference design featuring the company’s Natural ID secure fingerprint authentication module. The dongle will allow secure authentication with a single touch of a finger, and be compatible with Windows Hello and Microsoft Passport. So I’m not sure the press release claim that it will work “on any notebook PC” is valid if you use Linux or an older Windows operating system that is not Windows 10. The solutions is also FIDO Certified (Fast IDentity Online), so it will be compatible with other certified software, services, and devices. The company is now showcasing the solution at Computex 2016.  USB dongles will sample in Q3 2016, with mass production scheduled for Q4 2016. But if […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 10 Comments on Yubikey NEO is a $50 USB & NFC Key Used to Secure your Computer and Smartphone

Yubikey NEO is a $50 USB & NFC Key Used to Secure your Computer and Smartphone

YubiKey NEO is a dongle that supports both contact (USB) and contactless (NFC, MIFARE) communications to secure your Windows, Mac OS or Linux computers and/or Android/iOS smartphones using two factor authentication. It supports one-time password (OTP), smart card functionality (OpenGPG, PIV…), as well as FIDO Alliance’s Universal 2nd Factor (U2F) protocol. The key can be used in a variety of applications, such as logging into your computer, accessing gmail, github, dropbox, and other accounts, and disk encryption. It also works with password manager such as Lastpass or Dashlane. You’ll need to both enter your password, and connect the Yubikey to your computer to be able to login, and for NFC enabled smartphones, you’d need to tap the key on the device. In case you lose your key, online services usually have recovery mechanism in places, and some support registration of up multiple YubiKeys. The latter can probably be used for […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 13 Comments on Allwinner News – Root Exploit in Linux and Fake Pine A64 Boards

Allwinner News – Root Exploit in Linux and Fake Pine A64 Boards

There’s been a lot of buzz about a root exploit in Linux 3.4 kernel for Allwinner H3/H83T SoCs found by linux-sunxi & armbian developers in the last few days. Since the kernel for H3 / H83T is stuck to 3.4, and not always updated on the vast majority of hardware platforms, it’s quite likely there are many ways to breach into such systems, and even the majority of Android devices are not secure, not only the ones powered by Allwinner. So I did not really pay attention at first, but it went viral with  stories reporting a hidden backdoor, and hitting to ill-intent. But is that really the case? That’s the code from github, now removed from the master branch, but still in A83T branch. It’s now super easy to gain root access by simply running one command which works for any users:

That’s obviously pretty bad, but is […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 6 Comments on Mini Review of NextDrive Plug for Private Cloud Storage and Home Security

Mini Review of NextDrive Plug for Private Cloud Storage and Home Security

NextDrive Plug is an ARM based plug computer that’s used to store your photos or music, and/or as a security system using a webcam combined with Pixi motion sensor. They had a successful crowdfunding campaign, and now that they’ve sent rewards to backers, I’ve also received NextDrive Plug and Pixi for evaluation. The courier was not particularly gentle with the packages, but the devices themselves were not damaged. NextDrive Plus package included the box, a US plug, and a user’s manual in English. Pixi comes with two 3M stickers, and a user’s manual. There’s also a plastic film to avoid depleting the battery, that you’ll need to remove before using the sensor. The interfaces on the plug are minimal with a USB port for a USB mass storage device (HDD, flash drive…) and/or a UVC webcam, and the socket for the power plug adapter on the back.You can then plug […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 13 Comments on Samsung Artik IoT Boards and Devkits with WiFi, Bluetooth LE, and Zigbee Available, Partners Announced

Samsung Artik IoT Boards and Devkits with WiFi, Bluetooth LE, and Zigbee Available, Partners Announced

Samsung Artik IoT boards will finally start selling on February 22 via Digikey. With the many fascinating developments in the IoT space over the year, you’d be forgiven if you completely forgot about Samsung Artik boards. So let’s have a quick recap. The Korean company previously announced three boards all supporting Bluetooth LE: Artik 1 – Ineda Systems Dual Core microAptiv MIPS32 processor with 1MB on-chip RAM, no GPU, and 4MB SPI flash Artik 5 – Dual core Exynos ARM processor @ 1GHz with ARM Mali 400 MP2 GPU, 512MB RAM and 4GB eMMC flash (both on-chip), with WiFi & Zigbee/Thread connectivity Artik 10 – Octa core Exynos processor with 4x ARM Cortex A15 @ 1.3GHz, 4x ARM Cortex A7 @ 1.0 GHz with ARM Mali-T628 GPU, 2GB LPDDR3 (on-chip), 16GB eMMC flash, and WiFi & Zigbee/Thread connectivity Samsung also partnered with multiple companies working on: Operating Systems – Tizen, […]

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on Embedded Systems Conference 2016 Schedule – April 13-14

Embedded Systems Conference 2016 Schedule – April 13-14

The Embedded Systems Conference 2016 will take place in Boston on April 13-14, and the organizers have now released the schedule, minus some keynotes, which features four main tracks: Embedded Hardware, Embedded Software, Connected Devices and the Internet of Things (IoT), and the ESC Engineering Theatre. As usual, I’ve gone through the list of talks and composed my own little virtual schedule which ended up with sessions focusing on power management, IoT, and security, as well some optimization and drivers development talks among others, such as patents, and the origin of Gerber files. Wednesday 13 8:00 – 9:00 – Power Management in Embedded Systems by Colin Walls, Embedded Software Technologist, Mentor Graphics The importance of power management in today’s embedded designs has been steadily growing as an increasing number of battery powered devices are developed. In this session, we will discuss design considerations that should be made when starting a […]

EmbeddedTS embedded systems design