Skip to content

Commit

Permalink
Fixed typos in src/03_test_cases/memory/README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@FlorianMerkle
FlorianMerkle authored Aug 14, 2024
1 parent 2b3045e commit bc50f67
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/03_test_cases/memory/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ This test case is based on: [ISTG-FW[INST]-INFO-001](../firmware/installed_firmw

## Secrets (ISTG-MEM-SCRT)

IoT devices are often operated outside of the control space their manufacturer. Still, they need to establish connections to other network nodes within the IoT ecosystem, e.g., to request and receive firmware updates or to send data to a cloud API. Hence, it might be required that the device can provide some kind of authentication credential or secret. These secrets need to be stored on the device in a secure manner to prevent them from being stolen and used to impersonate the device.
IoT devices are often operated outside of the control space of their manufacturer. Still, they need to establish connections to other network nodes within the IoT ecosystem, e.g., to request and receive firmware updates or to send data to a cloud API. Hence, it might be required that the device can provide some kind of authentication credential or secret. These secrets need to be stored on the device in a secure manner to prevent them from being stolen and used to impersonate the device.

### Unencrypted Storage of Secrets (ISTG-MEM-SCRT-001)
**Required Access Levels**
Expand Down Expand Up @@ -268,7 +268,7 @@ The usage of weak cryptographic algorithms might allow an attacker to recover th

**Remediation**

Only strong, state of the art cryptographic algorithms should be used. Furthermore, these algorithms must be used in a secure manner by setting proper parameters, such as an appropriate key length or mode ofoperation.
Only strong, state of the art cryptographic algorithms should be used. Furthermore, these algorithms must be used in a secure manner by setting proper parameters, such as an appropriate key length or mode of operation.

**References**

Expand All @@ -283,4 +283,4 @@ This test case is based on: [ISTG-FW-CRYPT-001](../firmware/README.md#usage-of-w

[iot_pentesting_guide]: https://www.iotpentestingguide.com "IoT Pentesting Guide"
[iot_penetration_testing_cookbook]: https://www.packtpub.com/product/iot-penetration-testing-cookbook/9781787280571 "IoT Penetration Testing Cookbook"
[iot_hackers_handbook]: https://link.springer.com/book/10.1007/978-1-4842-4300-8 "The IoT Hacker's Handbook"
[iot_hackers_handbook]: https://link.springer.com/book/10.1007/978-1-4842-4300-8 "The IoT Hacker's Handbook"

0 comments on commit bc50f67

Please sign in to comment.