Login    1.866.392.4897   sales@timesys.com   English Japanese German French Korean Chinese (Simplified) Chinese (Traditional)

A Timesys Deep Dive Embedded Systems Newsletter

November 2022

Cybersecurity in the News: The 5 CVEs You Need to Know About

According to IT Wire, multiple vulnerabilities in the Linux kernel WiFi stack were uncovered that can be exploited over the air via malicious packets. The impact ranges from denial of service to possible remote code execution.

“Five Wi-Fi vulnerabilities in the Linux kernel have been patched and a new stable kernel, 5.10.148, released by stable kernel maintainer Greg Kroah-Hartman. The patches have also been included in the latest release, 6.1, by Linux creator Linus Torvalds. 

In the course of their investigations, Soenke and Berg discovered four additional issues, three of the five could be used to effect remote code execution, while the other two could be used to cause a denial-of-service attack.”

Need more info on these vulnerabilities?

With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?

We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard

Tech 50 Recap

Pittsburgh Technology Council Annual Tech 50 Awards Celebrations

Each year, the Pittsburgh Technology Council celebrates the most successful and innovative companies in Southwestern Pennsylvania at their Tech 50 Awards event, and this year, Timesys was honored to have been nominated and named a Tech 50 Finalist for Cybersecurity! The 2022 Tech 50 Awards event was hosted at the Westin Convention Center in Pittsburgh, PA on Wednesday, November 9.

Timesys hosted a showcase of innovation table during the event, going over how Timesys embedded software and cybersecurity experts provide best-in-class tools, long-term maintenance support, and collaborative services for your Linux, Android, and RTOS devices.

Embedded Board Farm

NEW Feature: EBF 2.3 Release Enables Internet-Access Without VPN Connection for Anyone With Proper Credentials

Earlier this month, Timesys announced that the Embedded Board Farm (EBF) 2.3 release includes a new hosted feature that is expected to ease embedded development kit supply-chain issues and improve the workflow for work-from-home developers and engineers.

In the 2.3 EBF release, Timesys has expanded its on-premise Embedded Board Farm and Test Automation Infrastructure solution to enable a hosted Embedded Board Farm. The hosted feature allows anyone with the proper credentials to access hosted boards from anywhere over the internet without requiring a virtual private network (VPN) setup.

Timesys worked with its long-time strategic partner in Japan and Lineo over the past nine months to develop this capability, and Lineo is now delivering this service to their Japanese customers

“For our customers, the shortage of evaluation boards due to the lack of semiconductors was a serious problem, hindering development. However, they were able to solve the problem by introducing Timesys EBF and sharing a small number of evaluation boards over the network. They are also relieved of their transport problems, dramatically reducing their administrative burden.” Akira Kobayashi, President and Director of Lineo, said of the solution, adding, “Some companies prohibit connection to VPN due to security policy, but with hosted Embedded Board Farm, it is now possible to easily connect via the internet without setting up a VPN, making it easier to introduce. In addition, we can provide a separate mechanism to identify connected terminals for security concerns, so it is possible to limit the terminals that can be connected.”

ToS & EULA Updates

Updates to Timesys Terms of Service (ToS) and End User License Agreement (EULA)

As a valued Timesys customer, and we want to let you know that some updates are being made to the Timesys Terms of Service (“Terms”) and End User License Agreement (“Agreement”) which apply to your continued use of our services and software solutions.

Below is a summary of some key changes:

  • Increased Clarity: In order to make these legal documents easier to understand, Timesys has modified the language within both the Terms of Service and End User License Agreement.
  • Updated the Warranty and License Section: Changes in the Terms of Service will not affect the services or the User experience. Rather, these modifications will make it easier for Timesys and the User to understand each other’s expectations.

These changes will not have any impact on the Agreement between Timesys and the User. For a better experience, please take a moment to review and accept the newly updated Terms of Service here and the End User License Agreement here.

New Features, Changes, and Bug Fixes in November Vigiles Release

Vigiles

In the newest Vigiles update released earlier this month, Timesys implemented some exciting new features such as an option to apply a note to all CVEs when whitelisting a package or to receive an alert when a new package is added to a chain of linked SBOMs!

New Vigiles features also include: 

  • SPDX: Add support for downloading SBOMs in SPDX-lite format
  • SPDX: Add homepage to SPDX SBOM
  • CVE Report: Add an option to apply a note to all CVEs when whitelisting a package
  • Alerts: Add an option to receive an alert when a new package is added to a chain of linked SBOMs

Additional changes that were implemented included:

  • SBOM editor: Redirect to the latest report if the only change was to licenses instead of generating a new report
  • SBOM editor: Show license changes in the summary modal
  • CVE search: Remember the selected search type
  • CVE report: Improve page load time

And Bug Fixes for Vigiles were as follows:

  • Search SBOMs: Remove duplicate package entries
  • Notifications: Fix an error that prevented some notifications from being emailed

 

Check out the full changelog on LinuxLink
Learn with Timesys

Manufacturing protection: Provisioning IoT device secrets

How to securely download secrets onto a device by using an OEM-specific public/private key pair generated on i.MX8/9 processors

As a device manufacturer, how can you provision trust and device secrets securely such as disk encryption keys, how can you protect the IP when using an untrusted contract manufacturer (CM), and how do you prevent product counterfeit or detect “unauthorized production” or “overproduction”? In one of our newest blogs, we go over how device manufacturers can use the NXP i.MX8 manufacturing protection (MP) feature to overcome each of these obstacles. 

 

Vulnerability Management for Embedded

Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

December 15 @ 12 PM EDT / 9 AM PT

In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:

– Why you need to manage your open-source software risks 
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!

 

Subscribe to our newsletter so you don’t miss a thing.