How to securely handle time on embedded systems? Do you trust your time or not? What should you do if the certificate expires? Where do you sync your time from? Read More
Featured
How to handle time on embedded systems?
Featured
What is the Device Identifier Composition Engine (DICE)?
In this episode, I introduce the DICE (Device Identifier Composition Engine). I mentioned the motivation for the Trusted Computing Group (TCG) to make this standard and why its specifically tailored for embedded devices like MCUs and smaller controllers. Read More
Featured
Microchip SAMA7G54 EVK and ATECC608 & Spearf1sh and the SAMA7G54 EVK
In this episode I talk about the ATECC608 that’s on the SAMA7G Eval Kit and why, even though the SAMA7 includes TrustZone, you would want an external IC. Read More
Featured
fs-verity: Embedded Linux File Protection
Embedded Linux devices are generally lacking in security, but especially file system security. While I’m seeing the ship start to turn with respect to secure boot, there is still a wide lack of file system prevention and monitoring security. Read More
Featured
The UK Product Security and Telecommunications Infrastructure (PSTI) Bill
The UK is proposing some interesting device cybersecurity legislation that will impact more people than they realize. Read More
Featured
Mistakes in Custom Embedded Protocols
Having audited a few custom protocols, as nearly every embedded project decides to implement them, nearly every one has had a security issue. In this video I discuss the top three issues I’ve seen. Read More
Featured
Infosec’s Midlife Crisis
Using the latest issue of IEEE Security & Privacy as a front to discuss this topic, I talked about the different focus areas of information security. Read More
Featured
Cybersecurity gets no respect!
The article, “Design for Cybersecurity from the Start” in MIT Sloan Management Review, really nails the continued issue with security for product design. Read More
Featured
CWE 1277: Firmware Not Updatable
The title of this CWE sounds like an error you’d get trying to update your smart toothbrush. In this short video I go over the security issues with static firmware and quickly talk about update strategies with microcontrollers and embedded linux platforms. Read More
Featured
CWE 1272: Sensitive SRAM
In this video, I’ll tell you how to save money and build your own SRAM PUF instead of paying some licensing fees, why vulnerabilities in bitcoin hardware wallets are a good thing, and how forgetting to forget secrets can get you in stormy seas. Read More