Blog Posts

post image

Secure deletion of data on littlefs

The EU RED Delegated Act requires from IoT manufacturers to include a secure deletion mechanism for personal data and sensitive security parameters. A similar feature is requested by EU CRA, IEC 62443-4-2 and ETSI EN 303 645. This post discusses problems that arise when implementing this requirement at the file level in copy-on-write filesystems such as littlefs, that are used in on-chip flash memory. The article also provides recommendations on how to achieve secure wiping on such filesystems.

Posted on 29 June 2026

post image

Cybersecurity requirements for products entering the EU market

In April 2026 intWave Director Dimitrios Glynos gave a short talk at the InfoCom Security 2026 conference entitled "Cybersecurity requirements for products entering the EU market".

Posted on 04 May 2026

post image

Improving Portainer Security

In November 2025 we discovered that Portainer, a popular open source project for container management, assigned excessive privileges to regular user accounts that could be abused for host takeover.

Posted on 26 February 2026

post image

Reporting vulnerabilities in the OSS ecosystem - the CVE-2024-6655 Case (OffensiveX 2025)

In June 2025 intWave Director Dimitrios Glynos gave a research talk at the Offensive X 2025 conference entitled "Reporting vulnerabilities in the OSS ecosystem - the CVE-2024-6655 Case".

Posted on 17 February 2026

post image

Desktop Vulnerabilities in the Year of the Linux Desktop?

As Linux distributions gained a significant standing in the desktop market in 2024, they also experienced vulnerabilities that were more common to the other desktop market contenders.

Posted on 29 January 2025

post image

Invited talks on Confidential Computing

In December we will be giving a set of invited talks on Confidential Computing at greek universities.

Posted on 13 December 2024