From bc50f67672bac22f40c7895eda167179874589ac Mon Sep 17 00:00:00 2001 From: FlorianMerkle <41249623+FlorianMerkle@users.noreply.github.com> Date: Wed, 14 Aug 2024 09:41:30 +0200 Subject: [PATCH] Fixed typos in src/03_test_cases/memory/README.md --- src/03_test_cases/memory/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/03_test_cases/memory/README.md b/src/03_test_cases/memory/README.md index 49bef6f..0bdbf93 100644 --- a/src/03_test_cases/memory/README.md +++ b/src/03_test_cases/memory/README.md @@ -195,7 +195,7 @@ This test case is based on: [ISTG-FW[INST]-INFO-001](../firmware/installed_firmw ## Secrets (ISTG-MEM-SCRT) -IoT devices are often operated outside of the control space their manufacturer. Still, they need to establish connections to other network nodes within the IoT ecosystem, e.g., to request and receive firmware updates or to send data to a cloud API. Hence, it might be required that the device can provide some kind of authentication credential or secret. These secrets need to be stored on the device in a secure manner to prevent them from being stolen and used to impersonate the device. +IoT devices are often operated outside of the control space of their manufacturer. Still, they need to establish connections to other network nodes within the IoT ecosystem, e.g., to request and receive firmware updates or to send data to a cloud API. Hence, it might be required that the device can provide some kind of authentication credential or secret. These secrets need to be stored on the device in a secure manner to prevent them from being stolen and used to impersonate the device. ### Unencrypted Storage of Secrets (ISTG-MEM-SCRT-001) **Required Access Levels** @@ -268,7 +268,7 @@ The usage of weak cryptographic algorithms might allow an attacker to recover th **Remediation** -Only strong, state of the art cryptographic algorithms should be used. Furthermore, these algorithms must be used in a secure manner by setting proper parameters, such as an appropriate key length or mode ofoperation. +Only strong, state of the art cryptographic algorithms should be used. Furthermore, these algorithms must be used in a secure manner by setting proper parameters, such as an appropriate key length or mode of operation. **References** @@ -283,4 +283,4 @@ This test case is based on: [ISTG-FW-CRYPT-001](../firmware/README.md#usage-of-w [iot_pentesting_guide]: https://www.iotpentestingguide.com "IoT Pentesting Guide" [iot_penetration_testing_cookbook]: https://www.packtpub.com/product/iot-penetration-testing-cookbook/9781787280571 "IoT Penetration Testing Cookbook" -[iot_hackers_handbook]: https://link.springer.com/book/10.1007/978-1-4842-4300-8 "The IoT Hacker's Handbook" \ No newline at end of file +[iot_hackers_handbook]: https://link.springer.com/book/10.1007/978-1-4842-4300-8 "The IoT Hacker's Handbook"