In this article we will discuss how we could apply fuzzing to software developed for embedded systems and IoT using techniques such as emulation and dynamic instrumentation, with the main goal of learning a new way of evaluating the security of devices like routers, smart lightbulbs, industrial IoT, etc.
While performing a STIC evaluation of a product, the evaluation team at jtsec thought that it would be interesting to analyze the communications between two embedded devices that were part of the product. The main objective was to determine whether those communications were properly secured with encryption and other important security measures when it comes to devices that communicate using radio frequencies such as protection against jamming, GPS spoofing or replay attacks.
A few days ago, the International Conference on the Eu Cybersecurity Act (EUCA) was held in Brussels, we were really looking forward to returning to face-to-face events. EUCA has been created to support the discussion among all the stakeholders in a key topic for the community: The EU Cybersecurity Act. One more year, it was attended by top-level speakers who addressed different areas such as IOT Challenges, cloud and GDPR Frameworks or innovations in assurance and standards, among others
These weeks have been very special, and there are projects that we are particularly excited to assume. The DIBA project (Digitalization of interlocks through low latency communications: Application to IFMIF-DONES) has been selected by the Next Generation EU funds to be carried out in the coming months, this first phase is scheduled to end in August 2022.
On several occasions we have commented in our blog on the process to be followed to include products or services in the CPSTIC catalogue. All products and services included in the CPSTIC catalogue are qualified, but not all of them are certified. Do you want to know the difference?
