Fmse 23 Portable Review

Introduction: The Convergence of Three Critical Domains In the rapidly evolving landscape of digital security, the lines between mobile devices, traditional software, and embedded systems have blurred beyond recognition. A vulnerability in a smartphone's baseband processor can compromise cloud data; a bug in embedded medical firmware can expose an entire hospital network; a software supply chain attack can disable millions of IoT devices. Recognizing this convergence, the security community gathers annually at FMSE 23 —the 2023 edition of the Forum on Mobile, Software, and Embedded Security .

FMSE 23 was not merely an academic exercise—it was a call to action. As the proceedings are now freely available online (and the video recordings on the official FMSE YouTube channel), every security practitioner owes it to themselves to study the key papers and attack demos. fmse 23

Keynote speaker Dr. Elena Vasquez (MIT Lincoln Laboratory) opened FMSE 23 with “The Forgotten Cores: Securing Accelerators in Mobile SoCs.” She demonstrated a proof-of-concept attack using a malicious NPU workload on a Snapdragon 8 Gen 2 to leak cryptographic keys from the main CPU’s L3 cache. The audience of over 500 security engineers gave a standing ovation—and many left visibly concerned about their own product architectures. With NIST’s finalization of post-quantum cryptographic (PQC) algorithms, FMSE 23 dedicated an entire track to implementation challenges on resource-constrained devices. Presenters from Bosch, NXP, and the University of Twente compared CRYSTALS-Kyber and CRYSTALS-Dilithium against ECC and RSA on ARM Cortex-M and RISC-V cores. Introduction: The Convergence of Three Critical Domains In

FMSE 23 was not just another conference. It represented a watershed moment where researchers, industry leaders, and government agencies came together to address the escalating complexity of modern threat models. This article provides an exhaustive review of FMSE 23: its key themes, groundbreaking research, controversial debates, and lasting impact on the cybersecurity industry. Before diving into FMSE 23 specifically, it is essential to understand the pedigree of the event. The Forum on Mobile, Software, and Embedded Security began as three separate workshops in the mid-2010s. By 2019, organizers merged them into a single annual gathering, recognizing that mobile apps often rely on embedded sensors, and embedded devices run increasingly complex software stacks. FMSE 23 was not merely an academic exercise—it

The next edition, FMSE 24, is already being planned for Brussels in October 2024. But for now, FMSE 23 remains the definitive reference point for the state of mobile, software, and embedded security in the post-quantum, post-AI era. This article was originally published as part of the Cybersecurity Review’s annual conference retrospective series. For access to the full FMSE 23 proceedings, including slides and video recordings, visit the official FMSE website.

A standout paper, “Kyber on a Coin Cell: Measuring Power Side-Channels in Post-Quantum Embedded Crypto,” revealed that while Kyber-512 fits within 32KB of RAM, its non-constant-time operations leaked key bits via simple power analysis—a finding that sent hardware designers back to their drawing boards. FMSE 23 was the first major conference to release a post-mortem of the “Gradle Gift” incident, where a malicious plugin had been injected into over 2,000 Android apps via a common build script repository. Researchers from Google’s Android Security Team and Eset co-presented a methodology to detect such build-time injections using artifact provenance and SBOMs (Software Bill of Materials).