In today's Coredump Session, Memfault’s François Baldassari and Chris Coleman unpack the sweeping impact of new IoT security regulations like the CRA and the Cyber Trust Mark. From shocking real-world exploits to smart compliance strategies, they explore what these changes mean for hardware teams and the future of connected devices. If you ship firmware or build IoT products, this one’s essential listening.
Key takeaways:
- IoT security is no longer optional—new regulations like the CRA and Cyber Trust Mark make it mandatory.
- Most connected devices today are still dangerously undersecured, with outdated stacks and poor OTA support.
- Open source platforms like Zephyr can make compliance easier by pooling security resources across companies.
- OTA (over-the-air) updates are now a requirement in both US and EU regulations.
- The CRA introduces SBOM (Software Bill of Materials) requirements to track vulnerabilities in dependencies.
- Observability, encryption, and secure boot need to be built in from the start—not as last-minute add-ons.
- Compliance will vary based on device criticality, but self-certification will be the norm for most companies.
- Ignoring security costs more in the long run—both in reputation and risk.
Chapters:
00:00 Episode Teasers & Intro
01:03 Meet the Hosts: François and Chris from Memfault
03:40 Why IoT Security Is Still So Behind
07:15 Vulnerabilities, Legacy Chips, and Who’s to Blame
10:12 Wireless Protocols: Still a Huge Attack Surface
13:28 If You Ship Without OTA, You're Asking for Trouble
20:50 Introducing the CRA and Cyber Trust Mark
23:38 What the CRA Actually Requires
31:45 Reconciling Security Monitoring with GDPR
34:07 Cyber Trust Mark vs CRA: US vs EU Approaches
41:05 What You Can Do Today to Prepare
46:33 How Long Do You Have to Support a Device?
52:19 Attack Surfaces: Even a Projector Isn't Safe
56:06 Lifecycle Support and Product Lifespan Realities
58:51 Observability in Low-Resource Devices
1:00:34 Connected Architectures & Multichip Compliance
1:01:43 IoT Devices with Limited Bandwidth & OTA Constraints
Watch this episode on YouTube
Follow Memfault
Other ways to listen:
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!