Mender blog

Cyberattacks continue to proliferate in connected devices

13th Sep 2021

The security challenge continues to grow in connected devices, or commonly referred to as Internet-of-things (IoT) devices. The hacking of a wide spectrum of smart devices such as smart fridges, and baby monitors to the infotainment system in your car are indicative of a security trauma being caused by the nature of these devices being online and vulnerable to attacks. As reported by Threatpost,...

Read the article

CVE-2021-35342 - useradm incorrect access control vulnerability

30th Aug 2021

We recently discovered a vulnerability in Mender Enterprise, thanks to the security researcher Mubassir Kamdar, and we have now fixed it.

When the User Administration service was configured to cache the user's JWT token verification, the token wasn't fully invalidated on log out, making it possible to issue new API calls to the backend despite being logged out. The security issue affects Mender...

Read the article

NXP i.MX Processors in IoT Platforms - An Overview | Mender

18th Aug 2021

A powerful and state of the art processor is the backbone of every IoT project. NXP’s i.MX family of processors offer efficient power and graphics processing, and have become the industry standard for embedded designs.

The i.MX 6 series are based on the ARM Cortex A9 solo, dual or quad cores (in some cases Cortex A7) and typically come with one or more Vivante GPUs. It is designed in CMOS 40 nm...

Read the article

New hosted Mender release: Device Tags and Device Name

12th Aug 2021

We are happy to announce that hosted Mender customers can enjoy two new features: Device Tags and Device Name. These features are available in all hosted Mender plans.

Device Tags

The new device Tags feature reduces the cost and time to maintain device information, while ensuring you have up-to-date source of truth about your devices in a single place.

Device Tags are simple key-value at...

Read the article

Editorial response to BBC Click article on IoT Device Security

9th Aug 2021

Last week, we read in a BBC Click article how security researchers were able to access two different home EV chargers and take control of them. They were able to switch the devices on and off, remove access from the owners and they were also able to successfully demonstrate how these vulnerabilities could be used to access the home network, potentially eavesdropping, via the chargers.

Rpi Com... Read the article