
How to securely handle time on embedded systems? Do you trust your time or not? What should you do if the certificate expires? Where do you sync your time from? Read More
How to securely handle time on embedded systems? Do you trust your time or not? What should you do if the certificate expires? Where do you sync your time from? Read More
In this episode, I introduce the DICE (Device Identifier Composition Engine). I mentioned the motivation for the Trusted Computing Group (TCG) to make this standard and why its specifically tailored for embedded devices like MCUs and smaller controllers. Read More
In this episode I talk about the ATECC608 that’s on the SAMA7G Eval Kit and why, even though the SAMA7 includes TrustZone, you would want an external IC. Read More
Embedded Linux devices are generally lacking in security, but especially file system security. While I’m seeing the ship start to turn with respect to secure boot, there is still a wide lack of file system prevention and monitoring security. Read More
Announcing the Cryptotronix Podcast! Read More
The UK is proposing some interesting device cybersecurity legislation that will impact more people than they realize. Read More
Having audited a few custom protocols, as nearly every embedded project decides to implement them, nearly every one has had a security issue. In this video I discuss the top three issues I’ve seen. Read More
Using the latest issue of IEEE Security & Privacy as a front to discuss this topic, I talked about the different focus areas of information security. Read More
The article, “Design for Cybersecurity from the Start” in MIT Sloan Management Review, really nails the continued issue with security for product design. Read More
The title of this CWE sounds like an error you’d get trying to update your smart toothbrush. In this short video I go over the security issues with static firmware and quickly talk about update strategies with microcontrollers and embedded linux platforms. Read More
In this video, I’ll tell you how to save money and build your own SRAM PUF instead of paying some licensing fees, why vulnerabilities in bitcoin hardware wallets are a good thing, and how forgetting to forget secrets can get you in stormy seas. Read More
CWE 1240, a top 2021 Hardware CWE deals with using risky cryptographic primitives. Read More
In this video Josh discusses what this lock bit could do and provides a RISCV example as well. Read More
In this video we discuss CWE 1191: On-Chip Debug and Test Interface With Improper Access Control. Read More
osh discusses the Most Important Hardware Weaknesses of 2021. In this video he goes over CWE 1189, Improper Isolation of Shared Resources on System-on-a-Chip (SoC). Read More
Happy Veteran’s Day y’all. Read More
CTF at Toorcon is next week! Check it out at advsec.io/ctf. Read More
In this video, I go over my favorite and not-so-favorite RISCV dev boards and RISCV books. Not surprisingly, the best boards IMHO are coming from SiFive right now. Read More
SHIELDS UP! Season 2 Episode 2 with Cryptotronix CEO Josh Datko is scheduled on September 22nd at 8:00 a.m. PDT. He will share how his consulting firm starts with a threat model discussion and how they help strengthen trust on non-TLS networks. https://mchp.us/3BGDbHY Read More
Insufficient logging and monitoring have been on the OWASP Top 10 for some time now, but is this applicable to IoT deployments as well as web apps? Read More
A few weeks ago there was a blog post about sniffing the SPI bus that had a TPM to decrypt a bit locker-encrypted laptop. Reactions ranged the typical response on the classic watering holes. Read More
In this video Josh gives a small taste of what you can expect in the Introduction to Hardware Hacking and Reverse Engineer Course at Advanced Security. Specifically, he shows the run-time interpreter used to directly PEEK and POKE memory address. Read More
In this video, Josh discusses about the PKCS#11 standard. Read More
In this video, I confuse “Big Time” with “Sledgehammer.” Those music videos are still pretty epic. Then, I go into a bit of a rant of why cryptocurrency hardware, mainly for wallets, is different than normal cryptographic hardware. Read More
On Aug. 26/27, I’ll be giving a RISCV Security Class! We’ll look through the hype of RISCV and look at the security model. Read More
Happy Memorial Day from Cryptotronix with some Navy submarine stories. Read More
Episode 2! I show the tools around my favorite chip, the Xilinx Zynq 7000, and then we get into some military-industrial themed books! Read More
Next week, Dmitry Nedospasov and I are giving a 4-day live-streamed course on Intro to Hardware Hacking and Reverse Engineering. Read More
Thanks Jason Jaques for the honor to be on the Colorado = Security podcast this week! I’m impressed with how this community has grown — it’s a great resource for anyone in or wanting to be in infosec in Colorado. Read More
In this monthly show, Josh talks about computer security (bytes), development kits and hardware (boards), and books! Read More
What is this Trusted Execution Environment? What problems does it solve? What problems does it introduce? Why am I asking so many questions?! Read More
In this video, we go over the following use cases for Vault, and then announce that our product, the Quartermaster, runs HashiCorp’s Vault as an appliance to help bridge the embedded world development patterns into a more modern, secure, devops world. Read More
We are going back to the “What is” line of videos here now that I’ve explored some IoT architecture. This video tackles the question of secure elements, which unsurprisingly, the definition differs a bit depending on what vendor you ask. Read More
Last part of this IoT mini-series! In this video we discuss how the mobile can impact security. Read More
What security options do we have for battery-powered MCUs? Read More
In this video I quickly try to break down mutual TLS and device specific credentials. Read More
What does an IoT system security architecture look like? Find out in this short video. Read More
What is Secure Boot? View this short training video to find out.
Read More
We are excited to announce that we recently became an official CryptoAuthentication Design Partner Specialist with Microchip Technology. As a Design Partner Specialist we are part of a team of companies developing key expertise using the Microchip security devices and libraries. We’ve been designing and using these parts since 2014 when we released with SparkFun… Read More
Josh is now providing training services with Advanced Security Training, which offers the best online format for live video streaming InfoSec training. He recently completed a 2-day class focusing on building secure designs for the Xilinx Zynq 7000. The exercises started with integrating XADC and concluded with a Buildroot based embedded Linux bringup with a… Read More
Last week I had the opportunity to be on the Stacey on IoT podcast. I started listening to Stacey and Kevin a few months ago and I was impressed with their industry news coverage. It was fun chatting with Stacey on why an embedded security engineer is an important, but often missing role on design… Read More
NIST announced in February the winner of the lightweight cipher competition. In this video I motivate WHY we even need lightweight ciphers in the first place using my favorite watch!