504,114 active members
5,545 visitors online
Register for free
Login Register
WIBU-SYSTEMS Blog

Should You Protect Your Embedded Code?

May 2019
21
med_wibu-systems
Author: med_wibu-systems
Company: WIBU-SYSTEMS AG
Should You Protect Your Embedded Code?

Embedded device hacking is the exploitation of vulnerabilities in embedded software to gain control of the device. Why does it happen? Some hackers attack embedded systems to spy on the devices, take control of them, or simply disable them and render them dysfunctional. As more and more embedded systems are exposed to the Internet via the IoT, remotely-controlled industrial systems, and other connected applications, the embedded system attack surface is expanding.

One blogger pointed out the sources of inherent vulnerabilities in the embedded systems environment:

Physical access – Physical attacks are likely because the embedded devices are typically built in mass, making it easy for potential attackers to obtain the device, take time to study it, and ultimately break or repurpose the device for malicious intent.

Lack of monitoring – Embedded environments generally have no means of monitoring for tampering or illegitimate access. They reside and operate on their own in the field, whether it be in an industrial or consumer environment, with no ongoing or periodic monitoring of operational status.

Software updates – The majority of legacy embedded devices will never be updated, so whatever security holes or bugs exist in the first release live on throughout the lifecycle of the device. Allowing access to the device for remote updates can address the issue, yet expose the device to another vulnerability – a malicious actor replacing the code on the device with nefarious code.

Consider these potential simple scenarios where a hacker can infiltrate an embedded system:

  • Attackers develop a “fake device” that closely resembles the original but whose functions have been altered for malicious purposes and could be installed, for example, as a replacement part during equipment service.
  • Attackers develop their own software and run it by replacing the memory card in the embedded system.
  • Attackers extract the memory card out of the embedded system, manipulate the software, and plug the card back into the system.
  • Attackers modify the software on the embedded system by controlling the communication interfaces from the outside.
  • Attackers monitor an embedded system while in use by the application in order to analyze it and to develop avenues of attack.

Recent attacks have become more sophisticated and viral in the number of devices that can be impacted in a single attack. Just look at the damages caused by the STUXNET computer worm, The WannaCry and NotPetya ransomware and malware attacks, and The Misfortune Cookie exploit to medical devices.  

How to Protect Your Code

The question today is not whether you should take steps to protect your embedded software code, but rather how best to protect your code. There are many approaches. Wibu-Systems’ CodeMetertechnology encrypts and digitally signs the executable code, protects the booting and loading process of the embedded device, and ensures the integrity of the complete system. Download our whitepaper, Software Integrity Protection for Embedded Systems, and learn about the most modern technologies available to protect embedded systems from cyberattacks.

Blog Archiv

September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016