NXP LS1012A Is A Tiny IoT Chip With Built-In Security Features

NXP announced the LS1012A processor, which the company claimed is the smallest and lowest power 64-bit chip that comes with multiple built-in hardware security features.

The LS1012A chip is powered by a single-core 64-bit Cortex-A53 CPU, which makes it one of the most powerful IoT-focused chips around, and yet the chip is contained in that small 9.6 x 9.6 mm package.

NXP said that the LS1012A is the first chip small enough to be integrated directly onto the printed circuit board of an HDD, which means it enables the existence of “Ethernet drives” that have the same form factor as existing HDDs. These sort of drives can be used in data centers that employ
object-based file architectures that work across networks of intelligent HDDs.

At 2,000 CoreMark of performance, the chip consumes about 1 W of power. It has a Packet Forwarding Engine for acceleration of IP packet processing to reduce CPU load and power consumption. It also includes support for peripherals such as USB 3.0, PCIe, 2.5 Gbps Ethernet, and SATA3.

“The groundbreaking combination of low power, tiny footprint and networking-grade performance of NXP’s LS1012 processor is ideal for consumer, networking and Internet of Things applications alike,” said Tareq Bustami, senior vice president and general manager of NXP’s Digital Networking division.

“This unique blend of capabilities unleashes embedded systems designers and developers to imagine and create radically innovative end-products across a broad spectrum of high-growth markets,” he added.

One of the main selling points of the chip is its security features, which include built-in hardware root of trust, crypto acceleration, secure debug, secure manufacturing (the firmware is protected against malicious manufacturing employees), and an ARM TrustZone, where the cryptographic master keys are stored.

The software development kit supports Linux. NXP also offers “application solution kits” based on OpenWrt, the popular open source Linux-based embedded operating system. It’s typically used for routers, but it can also be used for IoT gateways and networked storage. The company said it supports other third-party operating systems, tools and development boards, too.

The development tools will include the full software development kit with Yocto support, CodeWarrior for the 64-bit ARMv8 toolchain, and a reference development board. NXP’s LS1012A chip will be available in April 2016, but you can order it now.


Another Flash Zero-Day Found: How to Protect Yourself

For the third time in two weeks, online criminals have won the race to find a new flaw in Adobe Flash Player. Security researchers didn’t know this flaw existed until the criminals were already exploiting it to infect Web browsers, most prominently to launch malvertising attacks staged from the popular website Daily Motion.

Adobe says the flaw affects Flash Player in Microsoft Internet Explorer and Mozilla Firefox browsers on Windows, OS X and Linux; the company promises to have a patch for it later this week. Meanwhile, people may want to disable Flash in these browsers to minimize the risk of attack.

Flaws that security researchers only discover once attackers have already exploited them are called zero-days, because the “good guys” have zero days to prepare a patch.

In this case, it was Tokyo-based security company Trend Micro that first noticed the exploit appearing on Daily Motion, possibly as a result of site infection by the Angler browser exploit kit, a package of cobbled-together browser attacks that cybercriminals use to install malware on people’s computers.

“It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself,”  wrote Trend Micro’s Peter Pi in a company blog post. 

Browser exploit kits are bundles of various exploits for known flaws in widely used Web browsers. When embedded or linked to in a Web page, an exploit kit will systematically try every attack at its disposal until it finds one that penetrates the visitor’s specific Web browser and operating system. Once the security hole is created, more malware — again tailored to the visitor’s OS — can be injected to infect the computer. Last month, security researcher Kafeine discovered an earlier Adobe Flash zero-day in the Angler exploit kit.

This third zero-day flaw affects Adobe Flash Player and earlier versions on Windows and OS X; and Adobe Flash Player and earlier versions on Linux, according to Adobe’s security bulletin.

The ads that were compromised to exploit this flaw seem to be down, according to Trend Micro, but until the flaw is patched, users may want to disable Adobe Flash in their browsers, or set it to click-to-run. Click-to-run disables the default automatic playing of Flash-based Web content,  ensuring that only content you specifically select (such as a YouTube video) will run in your browser.

To enable click-to-run on Firefox, click the Menu button in the upper right-hand corner (denoted by three horizontal lines). Then click Add-Ons to see a list of your browser’s add-ons. Change the settings of Adobe Flash, Adobe Flash Player or Adobe Shockwave Flash — the names may vary — from Always Activate to Ask to Activate.

To do so on Google Chrome, click the Menu button (also in the upper right, also denoted by three horizontal lines). Click Settings, then Show Advanced Settings. Scroll down to the Privacy section and click Content Settings. This will launch a pop-up window. In this window, scroll to the Plug-Ins section, and select Click to Play.

To do so on Internet Explorer 9, 10 and 11, click the gear icon in the top-right corner, then click Manage Add-Ons, which will launch a pop-up window. Click Toolbars and Extensions in the window’s left-hand navigation menu. In this right-hand results window, right-click Shockwave Flash Object, which will launch another pop-up window. Under the form field labeled “You have approved this add-on to run on the following websites,” click Remove all sites. (If there’s an asterisk in the form field, it means that all sites have been approved; you want to get rid of the asterisk.)



Source: Toms Guide


Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat