Obscure is not a synonym for secure
Many medical and industrial embedded devices have traditionally not been considered overly security aware. That’s mostly due to the fact that the technology used to build the devices was relatively advanced or obscure, and certainly not something that any random Joe off the street would be able to hack. The fact is, though, that embedded technology has recently become more mainstream, and to some extent, driven by the maker market, which takes away the relative “security” provided by the overall design obscurity. Add to that the ongoing drive to connect almost any device to the network, both internally and externally.
Whether intentional “design rule” or not, “security by obscurity” is a bit like hiding a key in the backyard; ultimately, someone will locate your secrets, and that’s when the real trouble begins. This isn’t a theoretical concern; it’s actually happened in numerous cases:
• The widespread Hospira IV pump issue that allowed an unauthorized party to update the firmware on the device and change its behavior.
• The incident related to the Johnson Controls HVAC system with an unsecured flash disk offering access to sensitive data.
• The well-known hack of the Chrysler Jeep because access to the vehicle’s cellular connection wasn’t sufficiently secured.
• Insulin pumps have been hacked utilizing maker hardware components such as Arduino.
• A hacker figured out how to deliver an 830 V shock using unsecured wireless connections to an individual wearing a pacemaker.
Organizations don’t want their names appearing on a list like this. It’s horrible publicity and can shake customers’ confidence, not to mention the potentially dire consequences these vulnerabilities represent to users of the end products.
So what’s the proper way to button up embedded systems? Below is a quick checklist of some of the key aspects that you should think about in the context of a secure embedded device design concept:
1. Secure ports: JTAG, USB, and serial all can and should be locked down. Use technology such as Secure JTAG in the case of JTAG, encryption/authentication, or even physical tamper-proofing countermeasures.
2. Secure boot: Embedded firmware should be digitally signed to prevent unauthorized updates.
3. Secure storage: Local storage on the device must be encrypted.
4. Secure connections: Strong authentication and encryption for wired and wireless connections is not optional.
5. Secure updates: This is necessary regardless of whether it’s using wired or wireless connections, remote and/or cloud-based updates, or even the venerable USB memory stick.
There are no real shortcuts; not fulfilling any of these measures threatens the others. The only way to make the device and its network secure is to implement a true embedded security concept.
The good news is that security technology is readily available. While the implementation and integration still requires significant expertise and effort, organizations should turn to partners and suppliers capable of providing a complete, secure solution.
Securing embedded devices will help maintain the value of the company brand by keeping it out of bad news headlines and deliver products that provide the unique benefits of a connected world.
Mike Rohrmoser is the director of product management for Embedded Systems at Digi International, where he’s responsible for the definition and delivery of Digi’s current embedded product solutions offerings and future direction.