Many IoT device manufacturers are concerned with the security of their products. One common concern is to protect their products against malicious attacks that can compromise the device and affect their users. Besides that, there is a clear need to protect the devices from unauthorized access, which aims to copy the proprietary algorithms or other intellectual property present on the device. In order to implement and maintain effective security protection, a complex and thorough approach is required.
When analyzing an embedded device from the security perspective, one should consider every interface which is readily available or might be accessed with a certain effort, such as a JTAG connector, console, USB port, Bluetooth module, flash drive, or a network interface. An additional layer that is likely to be vulnerable is the software layer, with the subsequent OS and application layers that require a different approach. Security hardening of an embedded device that can be physically accessible by a potential hacker has to address all the interfaces, both physical and virtual, which are provided by the software. An effort of hardening the OS, for example, without addressing the application security, is similar to building a high fence around the house but leaving the front door unlocked. Moreover, the effort of maintaining a high device security level shouldn’t be considered as a one-time job. It is rather should be viewed as an ongoing process.
Secure boot and chain of trust
One of the most important hardware features available for ARM-based and other embedded device manufacturers is the feature of secure boot. A detailed description of security boot architecture is out of the scope of this article. Let’s focus, instead, on what can be achieved with the utilization of this feature on a proprietary device:
- Disabling access to certain hardware interfaces on the hardware level, such as the JTAG port
- Utilizing a trusted boot, which will prevent unauthorized firmware modification
- Encrypting persistent data, including file system contents, to avoid copying proprietary data from the device even if the flash drive or a hard disk is removed from the device and being accessed directly
- Implementing a secure firmware upgrade mechanism
The operating system running on the device, as well as the ecosystem of other third-party software it brings along, usually contains multiple vulnerabilities and security flaws. Taking the most popular OS for IoT devices, Linux, as an example, it can be said that despite a reputation of being a secure operating system, Linux Kernel, its common libraries, and other open-source software components typically present on Linux based device contain hundreds of known vulnerabilities (CVEs). Those vulnerabilities should be identified and patched by the vendor of the device. There are many other aspects of OS security that have to be treated as well. Such treatment is described in detail on a dedicated Linux security audit product page. Moreover, the process of initial OS hardening and subsequent maintenance must be done in an ongoing manner since vulnerabilities are discovered daily.
Last but not least comes the security of the proprietary application running on the device. Surprisingly enough, most real-life exploits into embedded devices are done through trivial security flaws in application logic or configuration. There is a variety of tools available on the market that address a need to maintain application security with different approaches and appliable to different technologies. Implementing secure coding methodologies, utilizing source code scanners, as well as various IAST or DAST tools, are possible ways to deal with this problem. In addition, manual penetration testing can be particularly useful in this domain since testing of proprietary solutions is hard to automate.