In today's Coredump Session, Memfault’s François Baldassari and Chris Coleman unpack the sweeping impact of new IoT security regulations like the CRA and the Cyber Trust Mark. From shocking real-world exploits to smart compliance strategies, they explore what these changes mean for hardware teams and the future of connected devices. If you ship firmware or build IoT products, this one’s essential listening.
Key takeaways:
- IoT security is no longer optional—new regulations like the CRA and Cyber Trust Mark make it mandatory.
- Most connected devices today are still dangerously undersecured, with outdated stacks and poor OTA support.
- Open source platforms like Zephyr can make compliance easier by pooling security resources across companies.
- OTA (over-the-air) updates are now a requirement in both US and EU regulations.
- The CRA introduces SBOM (Software Bill of Materials) requirements to track vulnerabilities in dependencies.
- Observability, encryption, and secure boot need to be built in from the start—not as last-minute add-ons.
- Compliance will vary based on device criticality, but self-certification will be the norm for most companies.
- Ignoring security costs more in the long run—both in reputation and risk.
Chapters:
00:00 Episode Teasers & Intro
01:03 Meet the Hosts: François and Chris from Memfault
03:40 Why IoT Security Is Still So Behind
07:15 Vulnerabilities, Legacy Chips, and Who’s to Blame
10:12 Wireless Protocols: Still a Huge Attack Surface
13:28 If You Ship Without OTA, You're Asking for Trouble
20:50 Introducing the CRA and Cyber Trust Mark
23:38 What the CRA Actually Requires
31:45 Reconciling Security Monitoring with GDPR
34:07 Cyber Trust Mark vs CRA: US vs EU Approaches
41:05 What You Can Do Today to Prepare
46:33 How Long Do You Have to Support a Device?
52:19 Attack Surfaces: Even a Projector Isn't Safe
56:06 Lifecycle Support and Product Lifespan Realities
58:51 Observability in Low-Resource Devices
1:00:34 Connected Architectures & Multichip Compliance
1:01:43 IoT Devices with Limited Bandwidth & OTA Constraints
Watch this episode on YouTube
Follow Memfault
Other ways to listen:
iHeartRadio.css-j9qmi7{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;font-weight:700;margin-bottom:1rem;margin-top:2.8rem;width:100%;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:start;justify-content:start;padding-left:5rem;}@media only screen and (max-width: 599px){.css-j9qmi7{padding-left:0;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;}}.css-j9qmi7 svg{fill:#27292D;}.css-j9qmi7 .eagfbvw0{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;color:#27292D;}
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Bookmarked by Reese's Book Club
Welcome to Bookmarked by Reese’s Book Club — the podcast where great stories, bold women, and irresistible conversations collide! Hosted by award-winning journalist Danielle Robay, each week new episodes balance thoughtful literary insight with the fervor of buzzy book trends, pop culture and more. Bookmarked brings together celebrities, tastemakers, influencers and authors from Reese's Book Club and beyond to share stories that transcend the page. Pull up a chair. You’re not just listening — you’re part of the conversation.