back to article ARM’s embedded TLS library fixes man-in-the-middle fiddle

ARM's "mbed TLS" software can be tricked into an authentication bypass and needs a patch. Created by PolarSSL, which was acquired in February by ARM, mbed is a crypto library designed to make it easy for embedded system developers to add SSL/TLS capabilities to their products. As well as client-server models (that is, an …

  1. sitta_europea Silver badge

    [quote] mbed TLS also ships as part of some Linux distributions, including Debian and Ubuntu. ® [/quote]

    AFAICT it doesn't exactly ship with Debian, but it's available in the repositories if you want it.

    A more or less routine Debian installation would not have the libmbed* packages installed, and I would hazard a guess that the same applies to Ubuntu and most other Debian forks.

  2. john.jones.name

    CERT Number and disclosure ?

    Who discovered this, when was it discovered and remediated when ?

    nice of them to disclose but lacking a few details don't you think...

    1. Aodhhan

      Re: CERT Number and disclosure ?

      18 months ago by the NSA.

  3. David Roberts

    Fix works for servers

    Not for peer to peer which is the other IoT implementation.

    So if you don't get updates you are potentially screwed.

    If you rely on a 3rd party server to apply the update you are also potentially screwed, of course.

    1. GBE

      Re: Fix works for servers

      > Not for peer to peer which is the other IoT implementation.

      Remember: in "IoT" the 'S' stands for security!

  4. Claptrap314 Silver badge

    Optional security is optional?

    I really don't get that this is a bug. More like an IQ test.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like