In this new world of "Internet of Things" and billions of networked embedded devices, it is crucial for device manufacturers to bake security into their new designs before they leave the factory. Here are five tips from a team of security researchers who make a living reverse engineering (hacking) into IoT devices on behalf of industry clients.
| 1) Disable Unused Debug Interfaces Turn off JTAG if you don't need it. Disable consoles or password protect them. If devices get taken by an attacker they will use these interfaces to reverse engineer the device/firmware and weaponize remote exploits against your targets. |  |
| 2) Protect Your Bootloaders! If you think of a device as a car, the firmware would be the engine and the bootloader is the starter/ignition. It's the thing that starts your firmware when your device boots. Attackers can use unprotected bootloaders to easily extract firmware from devices. Once an attacker has access to the firmware, they can bypass all other protection mechanism. |  |
| 3) Figure Out Firmware Updates Firmware updates are a touchy subject in some of the safety- and compliance-heavy market segments but they are important. If you don't have a firmware update policy, implement one. If you implement one, make sure it is secure. Your cell phone stays up to date and more secure than your desktop because of its ability to receive regular updates. |  |
4) Implement Continuous Monitoring
Continuous monitoring is paramount but traditional monitoring/IDS/IPS solutions don’t work well with embedded devices and allow attackers to fly under the radar. You should deploy and use tools specifically designed for monitoring embedded devices. These systems pay for themselves quickly as they provide actionable insights for multiple parts of the organization: operations, security, and IT. These tools may detect and prioritize security events but can also detect device misconfiguration or other operational issues. Think of them as a "security camera" for your networked embedded devices.
Continuous monitoring is paramount but traditional monitoring/IDS/IPS solutions don’t work well with embedded devices and allow attackers to fly under the radar. You should deploy and use tools specifically designed for monitoring embedded devices. These systems pay for themselves quickly as they provide actionable insights for multiple parts of the organization: operations, security, and IT. These tools may detect and prioritize security events but can also detect device misconfiguration or other operational issues. Think of them as a "security camera" for your networked embedded devices.
Continuous monitoring of devices provides actionable insights for Incident Response, but are also valuable tools for daily operations.
| 5) Train All Your Staff The attack vector emanating from firmware and embedded devices is very different from traditional cyber threats. Include ALL your developers in trainings that teach how to understand this: from hardware designers and firmware authors to business logic coders that use higher-level languages such as PHP, Python, and Perl. Having everyone in your stack aware of attack vectors is important because it’s the “uncanny valley” between hardware and software that creates gaps and opportunities for attackers. | |
RSS Feed