Embedded device hacking is the exploitation of vulnerabilities in embedded software to gain control of the device. Why does it happen? Some hackers attack embedded systems to spy on the devices, take control of them, or simply disable them and render them dysfunctional. As more and more embedded systems are exposed to the Internet via the IoT, remotely-controlled industrial systems, and other connected applications, the embedded system attack surface is expanding.
One blogger pointed out the sources of inherent vulnerabilities in the embedded systems environment:
Physical access – Physical attacks are likely because the embedded devices are typically built in mass, making it easy for potential attackers to obtain the device, take time to study it, and ultimately break or repurpose the device for malicious intent.
Lack of monitoring – Embedded environments generally have no means of monitoring for tampering or illegitimate access. They reside and operate on their own in the field, whether it be in an industrial or consumer environment, with no ongoing or periodic monitoring of operational status.
Software updates – The majority of legacy embedded devices will never be updated, so whatever security holes or bugs exist in the first release live on throughout the lifecycle of the device. Allowing access to the device for remote updates can address the issue, yet expose the device to another vulnerability – a malicious actor replacing the code on the device with nefarious code.
Consider these potential simple scenarios where a hacker can infiltrate an embedded system:
- Attackers develop a “fake device” that closely resembles the original but whose functions have been altered for malicious purposes and could be installed, for example, as a replacement part during equipment service.
- Attackers develop their own software and run it by replacing the memory card in the embedded system.
- Attackers extract the memory card out of the embedded system, manipulate the software, and plug the card back into the system.
- Attackers modify the software on the embedded system by controlling the communication interfaces from the outside.
- Attackers monitor an embedded system while in use by the application in order to analyze it and to develop avenues of attack.
Recent attacks have become more sophisticated and viral in the number of devices that can be impacted in a single attack. Just look at the damages caused by the STUXNET computer worm, The WannaCry and NotPetya ransomware and malware attacks, and The Misfortune Cookie exploit to medical devices.
How to Protect Your Code
The question today is not whether you should take steps to protect your embedded software code, but rather how best to protect your code. There are many approaches. Wibu-Systems’ CodeMetertechnology encrypts and digitally signs the executable code, protects the booting and loading process of the embedded device, and ensures the integrity of the complete system. Download our whitepaper, Software Integrity Protection for Embedded Systems, and learn about the most modern technologies available to protect embedded systems from cyberattacks.
