The security of the Internet of Things is basically broken. Developers and manufacturers understandably are curious to get their new hi-tech products to market and unfortunately often overlook security, instead operating under the misunderstanding that security by default in their proprietary systems will do. The problem is that security researchers, and those with more harmful intent, can almost always extract binary code from the device memory via JTAG or similar in-circuit debugging facilities, or find it online in the form of updates, and reverse engineer via one of the many tools readily available.
WHO IS TARGETING THE INTERNET OF THINGS?
Anyone with an interest in breaking things is likely to try. Organized crime for profit, nation/states for unconventional warfare, commercial third parties for espionage are all likely to hack the Internet of Things. Of them all, white hat researchers are the only ones who disclose their findings.
From remotely taking control of devices, to using IoT devices for catalysts to a (Distributed Denial of Service) DDoS attack and causing havoc, there’s a scary amount of possibilities of what malicious actors could do by commandeering connected devices. IoT is in cars, smart cities, weapons, drones, hospital equipment, connected homes and all around us. If we don’t start making the necessary steps towards true interoperability and security in these devices, lives could literally be at stake.
HOW CAN IOT SECURITY BE IMPROVED?
We advocate three focus areas to make IoT more secure
- Open Source and Open Security With thousands of eyeballs on a piece of code rather than tens, we’ve got a much better chance of engineering something more robust. The open source community is 100% focused on quality and usability. There are no internal decisions made on feature sets for commercial reasons, politics or other corporate dynamics, in open source it’s all about doing what’s best for the software itself and the end-user community.Thanks to the strength, dedication, and sheer size of the open source community, security flaws are routinely fixed within hours of discovery.
- It’s In the Silicon The software in so many embedded devices contains a potentially fatal original sin: it’s not signed. This means that attackers can reverse engineer the code, modify it, reflash the firmware, and reboot to execute arbitrary code. So what can be done? After all, software on the device needs to be updateable so that vendors can apply security patches.The answer is to ensure that the system boots up only if the software to execute is cryptographically signed by a trusted entity i.e. the vendor. It needs to match on the other side with a public key or certificate which is somehow hard-coded into hardware, so it is virtually irreplaceable. By anchoring this root of trust into the hardware, it becomes extremely difficult to tamper with firmware. A determined attacker might still be able to extract the original firmware via JTAG, for example, reverse engineer and modify it, but it won’t match the public key burned into the hardware, so the first stage of the boot up will fail, and the system will refuse to come to life.
- Security by SeparationToo many embedded systems allow for lateral movement within the hardware, allowing attackers to jump across non-critical and critical subsystems inside until they find a way to exploit what they’re really after. From a software perspective, there’s no reason why these separate functional domains should be visible to each other. For example, it shouldn’t be possible to access an airplane flight control system via its on-board entertainment platform,Let’s make no mistake! It’s a journey the industry must take if it has any hope of managing the potentially fatal security issues which have broken the Internet of Things.