I. Key Points of Embedded Security
Key Point 1 – High Development Success Rate
The prevalence of security vulnerabilities in embedded systems underscores the serious security concerns they pose. With 95% of systems containing flaws that allow for device hijacking, and a 95% success rate, embedded system developers not only demonstrate the widespread security vulnerabilities in most systems but also underscore the need to consider the security risks inherent in their work.
Key Point 2 – Not RTOS, but user code
Security flaws often appear in user-developed code, rather than in the RTOS itself. One reason is that RTOSs are often a set of small functions that manipulate low-level hardware; instead, hackers prefer to look first at any network-based management code that might give them administrative access to the device.
Key Point 3 – Affordable Analytics Tools
Some might think that the tools needed to download, analyze, and discover security vulnerabilities are relatively expensive and out of reach for many potential hackers. Unfortunately, this is far from the truth. Most of the tools needed to accomplish these feats are free. For a hacker, the potential damage that just $1,000 and a couple of weeks of work could cause is undoubtedly well worth it.
Point 4 – Disabling WAN access is not enough
Embedded developers might assume their embedded devices are on a local network with WAN access disabled, so why worry about potential security flaws? If the device can't see the internet, then hackers can't access it, right? Not quite. There's an interesting technique that uses standard HTML, allowing potential hackers to gain WAN access from embedded devices using a webpage with only image tags. This gives them access to the device and other parts of the network.
II. How to improve the security of embedded systems
Category 1: Design and Software Configuration 1. Use a secure language. Before writing your first line of code, research embedded software development standards for your chosen language. For example, if you're going to use C or C++, learn MISRA-C/C++ first. 2. Enable Secure Boot. This feature allows the microprocessor to verify the encryption key and the firmware's location before executing it. To enhance this protection, you can also enable the processor's Trusted Execution Environment feature, which creates a secure area within the microprocessor to store the firmware. 3. Disable insecure and unnecessary services. To define such services, you need to analyze the system's operation. Typically, a list of such services includes Telnet and trivial file transfer protocols, debug agents, open ports, etc.
Category 2: Memory and Application Security 1. Limit Memory Allocation. Implement a memory management unit to allocate sufficient memory for buffers, the operating system, and applications. The memory management unit helps maintain the balance of the embedded system's operation and prevents memory buffer overflows. Additionally, switch memory to read-only mode whenever possible. 2. Create Partitions. Dividing critical parts of the embedded system (such as the operating system, GUI, and security applications) into different partitions helps isolate them from each other and contain potential attacks. Partitions can be physical partitions or virtual partitions.
Category 3: Communication Security 1. Implement access control. Unprotected access to any part of an embedded system is an open invitation to hackers. To protect your access points, use strong credentials and encrypt them, adhere to the principle of least privilege, and enable authentication wherever possible. 2. Secure communication channels. Implement IPsec, DNS-SEC, SSH, or SSL protocols, and use a VPN to protect any communication with the embedded system. Deploying a firewall to filter traffic is also a good practice.
Category 4: Data Protection 1. Encrypt all content. All firmware updates, data transferred and processed, and stored credentials must be encrypted. Use cryptographic signatures to verify files obtained from trusted sources and detect suspicious modifications.
2. Obfuscate the target code. Obfuscation is a process that entangles your code, making it unclear to hackers but executable in embedded systems. It can even speed up code execution. This measure makes it more difficult for hackers to reverse engineer your code.
Category 5: Release and Support 1. Conduct end-to-end threat assessments. A complete security assessment includes: a. Performing a full lifecycle analysis and identifying potential threats from the perspectives of device manufacturers, software developers, and end users; b. Creating a risk matrix and estimating the probability and success rate of attacks through each possible avenue; c. Simulating hacking attacks yourself or conducting black-box penetration tests. 2. Regularly update the software. No matter how difficult it is to develop software for older embedded systems, doing so is always beneficial. In new software versions, you can roll out additional security measures to counter new attacks or patch vulnerabilities (if a vulnerability is discovered after product release). Don't forget to add blacklist and whitelist protections as described above. These methods will prevent software installation from untrusted sources. With these practices, you can make it more difficult for cybercriminals to steal your software for embedded systems.
Finally, developing software for embedded systems is a significant challenge. Developers must implement all necessary functionalities while considering the limitations of multiple devices and protecting the software from attacks.
Of course, threats can come from different sources and channels, so it seems impossible to install protection against all of these threats in a microprocessor and a small amount of memory.
