How to securely handle time on embedded systems? Do you trust your time or not? What should you do if the certificate expires? Where do you sync your time from? Read More
Featured
How to handle time on embedded systems?
Featured
What is the Device Identifier Composition Engine (DICE)?
In this episode, I introduce the DICE (Device Identifier Composition Engine). I mentioned the motivation for the Trusted Computing Group (TCG) to make this standard and why its specifically tailored for embedded devices like MCUs and smaller controllers. Read More
Featured
Microchip SAMA7G54 EVK and ATECC608 & Spearf1sh and the SAMA7G54 EVK
In this episode I talk about the ATECC608 that’s on the SAMA7G Eval Kit and why, even though the SAMA7 includes TrustZone, you would want an external IC. Read More
Featured
fs-verity: Embedded Linux File Protection
Embedded Linux devices are generally lacking in security, but especially file system security. While I’m seeing the ship start to turn with respect to secure boot, there is still a wide lack of file system prevention and monitoring security. Read More
Featured
Announcing the Cryptotronix Podcast
Announcing the Cryptotronix Podcast! Read More
Featured
The UK Product Security and Telecommunications Infrastructure (PSTI) Bill
The UK is proposing some interesting device cybersecurity legislation that will impact more people than they realize. Read More
Featured
Mistakes in Custom Embedded Protocols
Having audited a few custom protocols, as nearly every embedded project decides to implement them, nearly every one has had a security issue. In this video I discuss the top three issues I’ve seen. Read More
Featured
Infosec’s Midlife Crisis
Using the latest issue of IEEE Security & Privacy as a front to discuss this topic, I talked about the different focus areas of information security. Read More
Featured
Cybersecurity gets no respect!
The article, “Design for Cybersecurity from the Start” in MIT Sloan Management Review, really nails the continued issue with security for product design. Read More
Featured
CWE 1277: Firmware Not Updatable
The title of this CWE sounds like an error you’d get trying to update your smart toothbrush. In this short video I go over the security issues with static firmware and quickly talk about update strategies with microcontrollers and embedded linux platforms. Read More
Featured
CWE 1272: Sensitive SRAM
In this video, I’ll tell you how to save money and build your own SRAM PUF instead of paying some licensing fees, why vulnerabilities in bitcoin hardware wallets are a good thing, and how forgetting to forget secrets can get you in stormy seas. Read More
Featured
CWE 1240: Risky Crypto
CWE 1240, a top 2021 Hardware CWE deals with using risky cryptographic primitives. Read More
Featured
CWE 1231: Improper Prevention of Lock Bit Modification
In this video Josh discusses what this lock bit could do and provides a RISCV example as well. Read More
Featured
CWE 1191: On-Chip Debug and Test Interface With Improper Access Control
In this video we discuss CWE 1191: On-Chip Debug and Test Interface With Improper Access Control. Read More
Featured
CWE 1189: Improper Isolation of Shared Resources on a System-on-Chip (SoC)
osh discusses the Most Important Hardware Weaknesses of 2021. In this video he goes over CWE 1189, Improper Isolation of Shared Resources on System-on-a-Chip (SoC). Read More
Featured
Veterans Day 2021
Happy Veteran’s Day y’all. Read More
Featured
Toorcon: San Beagle eCTF
CTF at Toorcon is next week! Check it out at advsec.io/ctf. Read More
Featured
Season 1 Episode 4 of Bytes, Boards, and Books
In this video, I go over my favorite and not-so-favorite RISCV dev boards and RISCV books. Not surprisingly, the best boards IMHO are coming from SiFive right now. Read More
Featured
Josh Will Be Featured on the Microchip Shields Up! Series
SHIELDS UP! Season 2 Episode 2 with Cryptotronix CEO Josh Datko is scheduled on September 22nd at 8:00 a.m. PDT. He will share how his consulting firm starts with a threat model discussion and how they help strengthen trust on non-TLS networks. https://mchp.us/3BGDbHY Read More
Featured
Security Logging and Monitoring in the IoT
Insufficient logging and monitoring have been on the OWASP Top 10 for some time now, but is this applicable to IoT deployments as well as web apps? Read More
Featured
Sniffing TPM Buses: All the Kids Are Doing it Now
A few weeks ago there was a blog post about sniffing the SPI bus that had a TPM to decrypt a bit locker-encrypted laptop. Reactions ranged the typical response on the classic watering holes. Read More
Featured
Advanced Security Intro to Hardware Hacking and Reverse Engineering Preview
In this video Josh gives a small taste of what you can expect in the Introduction to Hardware Hacking and Reverse Engineer Course at Advanced Security. Specifically, he shows the run-time interpreter used to directly PEEK and POKE memory address. Read More
Featured
What is PKCS#11, why does it suck, and why will you keep using it?
In this video, Josh discusses about the PKCS#11 standard. Read More
Featured
Cryptocurrency Hardware Kinda Sucks
In this video, I confuse “Big Time” with “Sledgehammer.” Those music videos are still pretty epic. Then, I go into a bit of a rant of why cryptocurrency hardware, mainly for wallets, is different than normal cryptographic hardware. Read More
Featured
Introduction to RISCV Security
On Aug. 26/27, I’ll be giving a RISCV Security Class! We’ll look through the hype of RISCV and look at the security model. Read More
Featured
Memorial Day Message 2021
Happy Memorial Day from Cryptotronix with some Navy submarine stories. Read More
Featured
Bytes, Boards, and Books s1e2
Episode 2! I show the tools around my favorite chip, the Xilinx Zynq 7000, and then we get into some military-industrial themed books! Read More
Featured
Introduction to Hardware Hacking and Reverse Engineering Trailer
Next week, Dmitry Nedospasov and I are giving a 4-day live-streamed course on Intro to Hardware Hacking and Reverse Engineering. Read More
Featured
Josh on Colorado = Security Podcast
Thanks Jason Jaques for the honor to be on the Colorado = Security podcast this week! I’m impressed with how this community has grown — it’s a great resource for anyone in or wanting to be in infosec in Colorado. Read More
Featured
Bytes, Boards, and Books: April 2021 Reading List
In this monthly show, Josh talks about computer security (bytes), development kits and hardware (boards), and books! Read More
Featured
What is a TEE?
What is this Trusted Execution Environment? What problems does it solve? What problems does it introduce? Why am I asking so many questions?! Read More
Featured
Using the Quartermaster with Hashicorp’s Vault
In this video, we go over the following use cases for Vault, and then announce that our product, the Quartermaster, runs HashiCorp’s Vault as an appliance to help bridge the embedded world development patterns into a more modern, secure, devops world. Read More
Featured
What Is a Secure Element?
We are going back to the “What is” line of videos here now that I’ve explored some IoT architecture. This video tackles the question of secure elements, which unsurprisingly, the definition differs a bit depending on what vendor you ask. Read More
Featured
Mobile Device Security in the IoT
Last part of this IoT mini-series! In this video we discuss how the mobile can impact security. Read More
Featured
Security Options on Battery Powered MCUs
What security options do we have for battery-powered MCUs? Read More
Featured
Mutual TLS and Cloud IoT Security
In this video I quickly try to break down mutual TLS and device specific credentials. Read More
Featured
Architecture of IoT Security
What does an IoT system security architecture look like? Find out in this short video. Read More
Featured
What is Secure Boot?
What is Secure Boot? View this short training video to find out.
Read More
Featured
Cryptotronix is Officially a Microchip Design Partner
We are excited to announce that we recently became an official CryptoAuthentication Design Partner Specialist with Microchip Technology. As a Design Partner Specialist we are part of a team of companies developing key expertise using the Microchip security devices and libraries. We’ve been designing and using these parts since 2014 when we released with SparkFun… Read More
Featured
Josh on Advanced Security Training
Josh is now providing training services with Advanced Security Training, which offers the best online format for live video streaming InfoSec training. He recently completed a 2-day class focusing on building secure designs for the Xilinx Zynq 7000. The exercises started with integrating XADC and concluded with a Buildroot based embedded Linux bringup with a… Read More
Featured
Josh on Stacey on IoT Podcast
Last week I had the opportunity to be on the Stacey on IoT podcast. I started listening to Stacey and Kevin a few months ago and I was impressed with their industry news coverage. It was fun chatting with Stacey on why an embedded security engineer is an important, but often missing role on design… Read More
Free the CPU! An introduction on how hackers liberate computers!
I gave a talk for the High Plains IEEE Chapter last week. The requested topic was an introduction to computer security. So I gave it go. The original abstract I came up with was a bit boring, so I asked chatgpt to re-write it in a kind of activist tone. There was no burning of… Read More
ascon: Light as a feather
NIST announced in February the winner of the lightweight cipher competition. In this video I motivate WHY we even need lightweight ciphers in the first place using my favorite watch!