WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

Should You Protect Your Embedded Code?

MarketingWIBU-SYSTEMS AG on May 21, 2019 at 3:43 PM

Embedded device hacking is the exploitation of vulnerabilities in embedded software to gain control of the device. Why does it happen? Some hackers attack embedded systems to spy on the devices, take control of them, or simply disable them and render them dysfunctional. As more and more embedded systems are exposed to the Internet via the IoT, remotely-controlled industrial systems, and other connected applications, the embedded system attack surface is expanding.

One blogger pointed out the sources of inherent vulnerabilities in the embedded systems environment:

Physical access – Physical attacks are likely because the embedded devices are typically built in mass, making it easy for potential attackers to obtain the device, take time to study it, and ultimately break or repurpose the device for malicious intent.

Lack of monitoring – Embedded environments generally have no means of monitoring for tampering or illegitimate access. They reside and operate on their own in the field, whether it be in an industrial or consumer environment, with no ongoing or periodic monitoring of operational status.

Software updates – The majority of legacy embedded devices will never be updated, so whatever security holes or bugs exist in the first release live on throughout the lifecycle of the device. Allowing access to the device for remote updates can address the issue, yet expose the device to another vulnerability – a malicious actor replacing the code on the device with nefarious code.

Consider these potential simple scenarios where a hacker can infiltrate an embedded system:

  • Attackers develop a “fake device” that closely resembles the original but whose functions have been altered for malicious purposes and could be installed, for example, as a replacement part during equipment service.
  • Attackers develop their own software and run it by replacing the memory card in the embedded system.
  • Attackers extract the memory card out of the embedded system, manipulate the software, and plug the card back into the system.
  • Attackers modify the software on the embedded system by controlling the communication interfaces from the outside.
  • Attackers monitor an embedded system while in use by the application in order to analyze it and to develop avenues of attack.

Recent attacks have become more sophisticated and viral in the number of devices that can be impacted in a single attack. Just look at the damages caused by the STUXNET computer worm, The WannaCry and NotPetya ransomware and malware attacks, and The Misfortune Cookie exploit to medical devices.  

How to Protect Your Code

The question today is not whether you should take steps to protect your embedded software code, but rather how best to protect your code. There are many approaches. Wibu-Systems’ CodeMetertechnology encrypts and digitally signs the executable code, protects the booting and loading process of the embedded device, and ensures the integrity of the complete system. Download our whitepaper, Software Integrity Protection for Embedded Systems, and learn about the most modern technologies available to protect embedded systems from cyberattacks.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.