security

Posted on by Jean-Luc Aufranc (CNXSoft) - 5 Comments on GearBest Database Was Left Unsecured For 2 Weeks

GearBest Database Was Left Unsecured For 2 Weeks

gearbest unsecured database

GearBest is one of the most popular Chinese online stores, and we often feature products sold by the company on the website. However, VPNMentor research team headed by Noam Rotem, a  hat hacker and activist, discovered a serious security breach in Gearbest, where their database was completely unsecured for a period of time. Specifically the research team was able to access the following databases in March 2019: Orders database with products purchased, shipping address and postcode, customer name, email address, phone number Payments and invoices database with order number, payment type, payment information, email address, name, IP address Members database with name, address, date of birth, phone number, (unencrypted) email address, IP address, national ID and passport information, (unencrypted) account password They discovered 1.5+ million records in total. They managed to login successfully to two accounts from the database breach for testing. Payment information included data related Boleta (used in […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on Cypress PSoC 64 Microcontrollers Target Secure IoT Applications

Cypress PSoC 64 Microcontrollers Target Secure IoT Applications

PSoC 64 Secure MCU

If you are like me, you probably don’t remember, but back in 2017 Arm announced the Platform Security Architecture (PSA) that defines a set of requirements to secure low cost Internet of Things devices. There’s now at least one PSA compliant microcontroller, as Cypress Semiconductor introduced their PSoC 64 Secure MCU at Embedded World 2019 last month. The press release claims that PSoC 64 MCU family is one of “the first Arm Cortex-M processors to be certified as Level 1 compliant within the Arm Platform Security Architecture (PSA) certification scheme, PSA Certified, utilizing a secure Trusted Firmware-M (TF-M) implementation integrated into the Arm Mbed OS open-source embedded operating system”. PSoC 64 secure MCU key features and specifications: Arm Cortex-M4F core with 22‑µA/MHz active power consumption Optional Arm Cortex-M0+ core with 15‑µA/MHz power consumption System Memory – 160KB to 1MB SRAM Storage – 512KB to 2MB flash Security HW Cryptography – […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on FOSSASIA 2019 Schedule – March 14-17

FOSSASIA 2019 Schedule – March 14-17

FOSSASIA 2019 Schedule

As its name implies, FOSSASIA is a Free and Open Source Software  event taking place every year in Asia, more specifically in Singapore. I first discovered it last year, and published a virtual FOSSASIA 2018 schedule last year to give an idea about the subjects discussed at the event. It turns out FOSSASIA 2019 is coming really soon, as in tomorrow, so I’m a bit late, but I’ll still had a look at the schedule and made my own for the 4-day event.  Thursday – March 14, 2019 10:05 – 10:25 – For Your Eyes Only: Betrusted & the Case for Trusted I/O by Bunnie Huang, CTO Chibitronics Security vulnerabilities are almost a fact of life. This is why system vendors are increasingly relying on physically separate chips to handle sensitive data. Unfortunately, private keys are not the same as your private matters. Exploits on your local device still have […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on $100 Reolink Argus 2 is a Wire-Free IP Camera with Optional Solar Panel

$100 Reolink Argus 2 is a Wire-Free IP Camera with Optional Solar Panel

Reolink Argus 2 Security IP Cam

This morning I had a look at battery-powered IP cameras since they avoid the hassle of wiring power and/or Ethernet around the house. I could remember I covered Immedia Blink IP camera with up to 2-year battery life back in 2014, and the company did very well since it got acquired by Amazon, and Blink IP security camera is now sold on Amazon US for $99.99 and up. It’s probably one of the best, if not the best options, for low-cost battery-powered cameras but the problem is that they only ship to a limited number of countries. Last year, there was a new entrant with Eufy Evercam outdoor IP camera with up to one year of battery life, but again it’s not easy to purchase from overseas, and the price starts at $279.99 for a single camera system. I also covered a solar and battery powered IP camera made by […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on BOXER-8120AI is a Compact Jetson TX2 Mini PC for Drones, Robots and Surveillance Applications

BOXER-8120AI is a Compact Jetson TX2 Mini PC for Drones, Robots and Surveillance Applications

Jetson TX2 Mini PC

AAEON has just launched BOXER-8120AI compact mini PC based on NVIDIA Jetson TX2 processor module with 8GB RAM, 32GB storage, and four Gigabit Ethernet ports. The fanless mini PC targets smart surveillance/ security/ parking, unmanned stores, drones and robotic controllers, or any applications that can leverage Jetson TX2’s 256 CUDA cores for A.I. workloads. BOXER-8120AI Jetson TX2 Mini PC specifications: Processor Module – NVIDIA Jetson TX2 with HMP Dual Denver 2 + Quad Arm A57, NVIDIA Pascal GPU with 256 CUDA cores, 4K (HEVC) video encoder, 4K 12-bit video decoder System Memory – 8GB LPDDR4 @ 59.7 GB/s Storage – 32GB eMMC 5.1 flash, MicroSD slot Display Interface – HDMI 2.0 type A Networking – 4x 10/100/1000Base-TX Ethernet USB – 2x USB 3.0 ports, 1x micro USB OTG port Serial – 2x COM ports (DB9) Misc – Power Button, Power LED, 2x SMA Holes, Remote Power On/Off Power Supply – […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on Adiantum Enables Faster File Encryption in Devices without AES Crypto Accelerator

Adiantum Enables Faster File Encryption in Devices without AES Crypto Accelerator

Adiantum performance

File Encryption is enabled – even required – by default in most Android devices, as it protects your data would you lose your phone, or have it stolen. Encryption in Android leverages the Advanced Encryption Standard (AES), and most modern 64-bit processors – like the ones based on Armv8 – come with a crypto accelerator that boosts performance several folds compared to a software only solution. But there are also many low end devices, for example based on Arm Cortex-A7, that lack crypto extensions, and enabling AES encryption would make the devices even slower than they already are. So in order to provide file encryption on entry-level hardware without comprising too much on performance, Google has developed Adiantum encryption optimized to run on targets without crypto accelerator. As explained in a Google Security blog post, Adiantum uses the ChaCha stream cipher – as used in HTTPS – in a length-preserving […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 11 Comments on GL-USB150 OpenWrt Microrouter Looks Like a USB Flash Drive

GL-USB150 OpenWrt Microrouter Looks Like a USB Flash Drive

GL-USB150 Microrouter

There are plenty of small low cost routers capable of running OpenWrt, including the TP-Link WR703N or Marstek MPR-N9 model which we covered several year ago. GL.inet also made several tiny routers that ended up being supported by OpenWrt, including their GL-USB150 microrouter that looks like a USB flash drive, but is really an Atheros AR9331 router that can be powered by any USB ports. GL-USB150 microrouter specifications: CPU – Qualcomm QCA9331 (Atheros AR9331) MIPS processor @ 400MHz System Memory – 64MB DDRII Storage – 16MB NOR Flash Connectivity – 2.4GHz 802.11b/g/n WiFi up up 150Mbps transmission rate Power input – 5V/1A via USB port Power consumption – <1W Dimension – 82x24x11mm Weight – 10 grams There’s no Ethernet port, no extra USB port to add 3G/4G connectivity, and the microrouter can either be accessed wirelessly when connected to a power bank, or via Ethernet over USB when connected to […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on FOSDEM 2019 Open Source Developers Meeting Schedule

FOSDEM 2019 Open Source Developers Meeting Schedule

FOSDEM 2019

FOSDEM – which stands for Free and Open Source Software Developers’ European Meeting – is a free-to-participate event where developers meet on the first week-end of February to discuss open source software & hardware projects. FOSDEM 2019 will take place on February 2 & 3, and the schedule has already been published with 671 speakers scheduled to speak in 711 events themselves sorted in 62 tracks. Like every year, I’ll create a virtual schedule based on some of the sessions most relevant to this blog in tracks such as  open hardware, open media, RISC-V, and hardware enablement tracks. February 2 10:30 – 10:55 – VkRunner: a Vulkan shader test tool by Neil Roberts A presentation of VkRunner which is a tool to help test the compiler in your Vulkan driver using simple high-level scripts. Perhaps the largest part of developing a modern graphics driver revolves around getting the compiler to […]