embedded device

Supply Chain Risk: Raspberry Pi Device Used for War Shipping

An interesting post on supply chain security over at Security Affairs. The post looks at a new approach to supply chain surveillance (and, presumably, attacks): ‘war shipping.’ War shipping is, of course, a play on the ‘war driving’ scene from the early days of consumer wifi, in which cars outfitted with antennae would canvas whole cities, documenting open wi-fi hotspots that could be used to grab some free Internet. In this case, Security Affairs notes a shippable board-sized package designed by security expert Larry Pesce of Paul’s Security Weekly (fka Pauldotcom). The device can be contained in a standard UPS shipping box and delivered to a target network to passively surveil or even attack it. The kit is built on a Raspberry Pi b_ with an AWUS051NH wireless card, a cheap battery charger, kismet and custom software. Pesce demonstrated the device at Derbycon, a Louisville, Kentucky based event last month. The device includes both […]

Continue Reading

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]

Continue Reading

DARPA Tech Identifies Counterfeit Microelectronics

The U.S. Defense Advanced Research Projects Administration (DARPA) announced on Wednesday that advanced software and equipment it developed to spot counterfeit microelectronics in U.S. weapons and cyber security systems has been handed over to military contractors to continue development. DARPA said the product of its Integrity and Reliability of Integrated Circuits (IRIS) program: the Advanced Scanning Optical Microscope (ASOM) technology was transferred to the Naval Surface Warfare Center (NSWC) in Crane, Indiana, where it will be used to inspect microelectronics for signs of tampering or compromise. The technology was developed with the help of SRI International, an IRIS contractor. Read more Security Ledger coverage of supply chain risks. “The ASOM technology housed at NSWC Crane will help engineers provide forensic analysis of microelectronics, including integrated circuits (IC) confiscated by law enforcement officials,” DARPA said in a statement. The DoD is a major buyer of integrated circuit chips, which are mainly manufactured outside the U.S. […]

Continue Reading

FDA Issues Guidance on Security of Medical Devices

The U.S. Food and Drug Administration (FDA) issued final guidance on Wednesday that are designed to strengthen the safety of medical devices. The FDA called on medical device manufacturers to consider cyber security risks as part of the design and development of devices. The document, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” asks device makers to submit documentation to the FDA about any “risks identified and controls in place to mitigate those risks” in medical devices. The guidance also recommends that manufacturers submit documentation of plans for patching and updating the operating systems and medical software that devices run. The document, which will be released on Thursday, does not contain specific requirements. Rather, it describes the kinds of things that medical device manufacturers should consider when preparing pre-market submissions for medical devices in areas such as information confidentiality, integrity, and availability, the FDA said. The release of the document follows the […]

Continue Reading

3G Module Just 26mm Wide OK’d by AT&T| ITworld

Steve Lawson at IDG News Service has an interesting article that notes AT&T’s certification of the U-blox SARA-U260 model, which is dubbed “the world’s smallest 3G module.” The 16 x 26 millimeter device is seen as a harbinger of the kind of low power device that will greatly expand the Internet of Things.   The SARA-U260 is designed to transmit small amounts of data over 3G networks and could enable a new generation of even smaller and smarter devices – from Smartmeters to wearable technology to connected cars. The U260 has features that support applications from voice calling to auto industry telematics to retail point-of-sale terminals and handheld devices, according to U-blox. It uses A-GPS (Assisted Global Positioning System) and a technology called CellLocate that uses nearby cellular towers to triangulate a location in situations where GPS isn’t available. 3G and 2G networks are being replaced by 4G and even 5G networks for most consumer smart phones. But the technology still works great […]

Continue Reading
1 9 10 11 12 13 28