Skip to content

Security: m-1-k-3/emba

SECURITY.md

Security Policy

EMBA is a platform for optimizing our research and testing tasks in the field of IoT, OT, ICS and general embedded analysis. Because of this, we include code quite early and sometimes in a very raw state. We do not recommend setting up EMBA as a productive environment or in an unprotected environment! If you are using EMBA you should know what you are doing.

WARNING

EMBA is using multiple protections layers like chroot, docker, read-only filesystem, non executable mounts and disabled networking functionality. Nevertheless, EMBA should only be used on test systems! It should not be installed/deployed on production systems.

There are multiple reasons for that:

  • The EMBA docker container is running in privileged mode which will result in full system compromise if you are testing malicious firmware.
  • EMBA automatically executes untrusted code from the firmware which could lead to breakouts that are able to compromise the host system.
  • EMBA automatically builds and boots a firmware image based on the untrusted firmware under test.

Reporting a Vulnerability

If there is a security problem within EMBA please open an issue or contact us via one of the following ways:

There aren’t any published security advisories