SOAFEE’s Post

📢 #Livewebinar: the evolution of the automotive industry has brought about unique use cases, leading to new cybersecurity requirements for both hardware and software. In this 60-minute session, Rohan Pandit of ETAS and Infineon Technologies’s Michael Arzberger and Laurent Heidt will discuss the complexities of balancing #cybersecurity, performance, and cost-effectiveness in today’s competitive market. Key topics and takeaways: ⭐Gain insight into current automotive cybersecurity trends ⭐Understand how Infineon has set new automotive security standards with AURIX™ TC4x ⭐Learn more about next-generation ESCRYPT CycurHSM to leverage uC evolution ⭐Learn about different security use case examples: SecOC and PQC implementation on TC4x using ESCRYPT CycurHSM Register now: May 7th, 4-5 PM CEST: https://lnkd.in/eSx_nrdH May 16th, 9-10 AM CEST: https://lnkd.in/egCUcXvd

Achieving the highest level of security in automotive embedded systems requires a comprehensive approach that includes Secure Boot mechanisms, secure firmware updates, and strict adherence to international and local cybersecurity standards. Get our webinar recording to learn how security and reliability of automotive systems can significantly be enhanced. 💡 Key topics and takeaways: • Understand Secure Boot and its significance in automotive cybersecurity • Learn how secure software updates maintain integrity over time • Find out why these are critical for long-term security #Elektrobit #automotive #AutomotiveIndustry #cybersecurity https://okt.to/tDWiRH

Compliance to EU cyber resilience law is not option. Thanks for sharing with us your insights and clear guidance to manage this at best with Lattice Semiconductor FPGAs.

Device connectivity is enabling product manufacturers to make over-the-air (OTA) firmware and software updates that will improve the performance of devices in the field. But what’s really required to make this happen? 🤔 🗣 Mobica discusses this, along with six other solutions in its latest industry guide Seven simple solutions that are supercharging manufacturers’ products. When it comes to the above we cover what factors need to be considered, this includes cybersecurity. For example, we say: “Apart from the obvious security practices like encryption, authentication and authorisation, it makes sense to rethink on which level we really need OTA updates. If we make changes at lower levels, we increase the risk and complexity of the implementation.” To learn more about this, make sure you download this free industry guide ➡️ https://lnkd.in/gYDq7yfH #InternetofThings #TechInnovation #Manufacturing

Congratulations to Analog Devices wireless BMS team ! Cutting the chord is gaining higher focus with BMS. Going wireless is in vogue as it brings clear values of 👉 Total #cost optimization 👉 Reduction of failure ( harness elimination) 👉 Weight reduction 👉 Simplified 2nd life application 👉 Supporting new battery technologies related to thermal management and faster charging ...and more #wbms #electricvehicles #evbattery #Batteryintelligence 🔔 Follow me if topics connecting mobility's Tech-Business-Socioeconomics is of your interest

EUCLEAK Side-Channel Attack on the YubiKey 5 Series by Thomas Roche 💡 The EUCLEAK attack is a side-channel vulnerability that allows an attacker to extract the ECDSA secret key from devices using Infineon’s cryptographic library, such as YubiKey 5 Series. 🔍 Key Highlights: Vulnerability Uncovered: A non-constant time modular inversion flaw in Infineon SLE78, present in YubiKey 5 series and other secure systems. Practical Exploit: Just a few minutes of physical access to the device can extract the ECDSA secret key, making it possible to clone the hardware token. Impact in 2024: Affects not just YubiKeys but any product relying on Infineon cryptography (TPMs, secure systems in smart homes, cars, etc.). Responsible Disclosure: The vulnerability, unnoticed for 14 years, has been patched by Infineon as of July 2024, securing the future of digital authentication. ----- The core of the vulnerability lies in the non-constant time modular inversion during the computation of the ECDSA signature. The attacker uses this side-channel information to reverse engineer the ECDSA signature process. Specifically, they observe the timing differences in the computation of the modular inversion, which correlates with bits of the ECDSA nonce (the ephemeral key used during signing). The attacker collects a series of EM traces over multiple signatures to recover enough information about the nonce. if the attacker can recover just a few bits of the nonce through side-channel measurements, they can use this partial information to break the cryptographic security of the device and get access to the private key. 🛡 What to Do Now: Keep using YubiKeys (safer than no protection) but ensure your devices are updated to firmware 5.7 or higher. #PurpleHackademy #cybersecurity #SideChannelAttack #infineon #yubiKey #FIDO #ECDSA #DigitalSecurity

SALTO Systems takes cybersecurity seriously and we understand the importance of staying ahead of the curve. To keep our customers informed, we'll be regularly posting public advisories on our updated security page here: https://lnkd.in/gq9Dw8yS This week, we made an announcement about MIFARE Classic credentials. We recommend our customers to consider transitioning to the more secure NXP Semiconductors MIFARE #DESFire EV3 credentials. We understand that a transition may require support, and we've launched an updated line of credentials. These new credentials are designed to directly replace the use cases for the aging MIFARE Classic credentials previously offered. For more detailed information, please read the full advisory on our website here: https://lnkd.in/gS4YGCPS #saltosystems #accesscontrol #security #NXP

🚨 New Eucleak Attacks Lets Attackers Clone YubiKey FIDO Keys A new vulnerability in FIDO devices using the Infineon SLE78 microcontroller allows attackers to extract ECDSA secret keys and clone the device. Top 4 takeaways: ⚡️ The attack requires extended physical access, specialized equipment, and advanced knowledge of electronics and cryptography, limiting its risk to general users. 🔑 YubiKey 5 Series, YubiKey Bio Series, Security Key Series, and YubiHSM 2 are among the impacted devices. These are microcontrollers used to generate/store secrets and perform cryptographic operations, considered highly secure. 🛡️ Users are advised to use RSA signing keys instead of ECC signing keys and limit session durations to reduce risk. 🩹 New YubiKey firmware and Infineon patches address the vulnerability, but the patches are not yet Common Criteria certified. For more details, read: https://lnkd.in/e2Uam-VR #cybersecurity #news #YubiKey #FIDO #vulnerability #clone #kraven #KravenSecurity #adamgoss #cti #threatintelligence

The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel Boot Guard, and other security technologies by design." https://lnkd.in/gDzN3vge

By 2025, cybercrime costs could soar to $10.5T annually. Don’t let your electronics designs and project collaboration be at risk. Discover Altium 365 GovCloud security measures. Grab Your Free Copy of the Whitepaper 👉 https://bit.ly/3yxvAyZ #DataSecurity #CloudSecurity #DataProtection #Security #Electronics