diff --git a/makefiles/cflags.inc.mk b/makefiles/cflags.inc.mk
index edd578b69d4a4693f1bf1f2485db7d19d0898e86..eabc6f0193a21cad85ef9782d766577e498469a6 100644
--- a/makefiles/cflags.inc.mk
+++ b/makefiles/cflags.inc.mk
@@ -58,6 +58,8 @@ CFLAGS += -fno-common
 
 # Enable all default warnings and all extra warnings
 CFLAGS += -Wall -Wextra
+# Enable additional checks for printf/scanf format strings
+$(foreach flag,-Wformat=2 -Wformat-overflow -Wformat-truncation,$(eval $(call cflags_test_and_add,$(flag))))
 
 # Warn if a user-supplied include directory does not exist.
 CFLAGS += -Wmissing-include-dirs
diff --git a/pkg/ccn-lite/Makefile b/pkg/ccn-lite/Makefile
index 04807bb4c4063dc4f2a341f21bdac931d6dbe955..4a3ba49aabc1c070de4c3692a8e1eccf1680ce1e 100644
--- a/pkg/ccn-lite/Makefile
+++ b/pkg/ccn-lite/Makefile
@@ -22,3 +22,6 @@ $(TOOLCHAIN_FILE): git-download
 	$(RIOTTOOLS)/cmake/generate-xcompile-toolchain.sh > $(TOOLCHAIN_FILE)
 
 include $(RIOTBASE)/pkg/pkg.mk
+ifneq (,$(filter -Wformat-nonliteral -Wformat=2, $(CFLAGS)))
+  CFLAGS += -Wno-format-nonliteral
+endif
diff --git a/pkg/lua/Makefile.lua b/pkg/lua/Makefile.lua
index f239722df0871014560df075d4cced5313ce314f..6294e58c0f5e95832b923f925feefd0a4c9c8408 100644
--- a/pkg/lua/Makefile.lua
+++ b/pkg/lua/Makefile.lua
@@ -10,3 +10,6 @@ CFLAGS += -DLUA_MAXCAPTURES=16 -DL_MAXLENNUM=50
 #          -Wstack-usage=128 -Wno-error=stack-usage=128
 
 include $(RIOTBASE)/Makefile.base
+ifneq (,$(filter -Wformat-nonliteral -Wformat=2, $(CFLAGS)))
+  CFLAGS += -Wno-format-nonliteral
+endif
diff --git a/pkg/oonf_api/Makefile b/pkg/oonf_api/Makefile
index 5be57bfc17141694170e00710ea738212a4b0c27..09e0bcca5e4c31c1658d4ecf1cabaf49c3dd8ed8 100644
--- a/pkg/oonf_api/Makefile
+++ b/pkg/oonf_api/Makefile
@@ -18,3 +18,6 @@ $(BINDIR)/$(MODULE).a: $(BINDIR)/oonf_*.a
 	mkdir -p $(BINDIR)/$(MODULE); cd $(BINDIR)/$(MODULE); for var in $?; do ar -x $$var; done; ar -r -c -s $(BINDIR)/$(MODULE).a *.o
 
 include $(RIOTBASE)/pkg/pkg.mk
+ifneq (,$(filter -Wformat-nonliteral -Wformat=2, $(CFLAGS)))
+  CFLAGS += -Wno-format-nonliteral
+endif
diff --git a/sys/cbor/cbor.c b/sys/cbor/cbor.c
index b081368bf8ec8d82cb3fa72c187c9be2f1b5b4ca..2376693bb3df0ecd07d654502ea0081e55f169c7 100644
--- a/sys/cbor/cbor.c
+++ b/sys/cbor/cbor.c
@@ -87,6 +87,7 @@
 
 /* Array size */
 #define MAX_TIMESTRING_LENGTH   (21)
+#define TIMESTRING_FORMAT "%Y-%m-%dT%H:%M:%SZ"
 
 #ifndef INFINITY
 #define INFINITY (1.0/0.0)
@@ -767,9 +768,8 @@ size_t cbor_deserialize_date_time(const cbor_stream_t *stream, size_t offset, st
     char buffer[21];
     offset++;  /* skip tag byte to decode date_time */
     size_t read_bytes = cbor_deserialize_unicode_string(stream, offset, buffer, sizeof(buffer));
-    const char *format = "%Y-%m-%dT%H:%M:%SZ";
 
-    if (strptime(buffer, format, val) == 0) {
+    if (strptime(buffer, TIMESTRING_FORMAT, val) == 0) {
         return 0;
     }
 
@@ -787,9 +787,8 @@ size_t cbor_serialize_date_time(cbor_stream_t *stream, struct tm *val)
     CBOR_ENSURE_SIZE(stream, MAX_TIMESTRING_LENGTH + 1); /* + 1 tag byte */
 
     char time_str[MAX_TIMESTRING_LENGTH];
-    const char *format = "%Y-%m-%dT%H:%M:%SZ";
 
-    if (strftime(time_str, sizeof(time_str), format, val) == 0) { /* struct tm to string */
+    if (strftime(time_str, sizeof(time_str), TIMESTRING_FORMAT, val) == 0) { /* struct tm to string */
         return 0;
     }
 
@@ -1017,7 +1016,7 @@ static size_t cbor_stream_decode_at(cbor_stream_t *stream, size_t offset, int in
                     char buf[64];
                     struct tm timeinfo;
                     size_t read_bytes = cbor_deserialize_date_time(stream, offset, &timeinfo);
-                    strftime(buf, sizeof(buf), "%c", &timeinfo);
+                    strftime(buf, sizeof(buf), TIMESTRING_FORMAT, &timeinfo);
                     printf("(tag: %u, date/time string: \"%s\")\n", tag, buf);
                     return read_bytes;
                 }