Mender blog
Cyberattacks continue to proliferate in connected devices
The security challenge continues to grow in connected devices, or commonly referred to as Internet-of-things (IoT) devices. The hacking of a wide spectrum of smart devices such as smart fridges, and baby monitors to the infotainment system in your car are indicative of a security trauma being caused by the nature of these devices being online and vulnerable to attacks. As reported by Threatpost,...
Read the articleCVE-2021-35342 - useradm incorrect access control vulnerability
We recently discovered a vulnerability in Mender Enterprise, thanks to the security researcher Mubassir Kamdar, and we have now fixed it.
When the User Administration service was configured to cache the user's JWT token verification, the token wasn't fully invalidated on log out, making it possible to issue new API calls to the backend despite being logged out. The security issue affects Mender...
Read the articleNXP i.MX Processors in IoT Platforms - An Overview | Mender
A powerful and state of the art processor is the backbone of every IoT project. NXP’s i.MX family of processors offer efficient power and graphics processing, and have become the industry standard for embedded designs.
The i.MX 6 series are based on the ARM Cortex A9 solo, dual or quad cores (in some cases Cortex A7) and typically come with one or more Vivante GPUs. It is designed in CMOS 40 nm...
Read the articleNew hosted Mender release: Device Tags and Device Name
We are happy to announce that hosted Mender customers can enjoy two new features: Device Tags and Device Name. These features are available in all hosted Mender plans.
Device TagsThe new device Tags feature reduces the cost and time to maintain device information, while ensuring you have up-to-date source of truth about your devices in a single place.
Device Tags are simple key-value at...
Read the articleEditorial response to BBC Click article on IoT Device Security
Last week, we read in a BBC Click article how security researchers were able to access two different home EV chargers and take control of them. They were able to switch the devices on and off, remove access from the owners and they were also able to successfully demonstrate how these vulnerabilities could be used to access the home network, potentially eavesdropping, via the chargers.
Rpi Com... Read the article