By now, most engineers know that embedded applications are vulnerable to cyber attack. That knowledge, however, hasn’t necessarily translated into action.
”If you look at most embedded devices out in the world today, there’s little in the way of security,” Alan Grau, president and co-founder of Icon Labs, recently told Design News. “When you ask people about it, you get misleading answers. They’ll say, ‘Oh yeah, we’ve got security.’ But often, they don’t.”
At its recent DevCon, Renesas Electronics said it would use Icon Labs’ Floodgate security software for its Synergy embedded platform. Renesas hopes to integrate secure communication, intrusion detection, authentication, and other features into its hardware.
(Source: Icon Labs)
Security is funny that way. It’s one of those things people plan to do, like cleaning the basement. But it doesn’t always get the attention it deserves. A case in point is the epic Target cyber attack of 2013. According to a Bloomberg Businessweek story, Target Corp. installed a powerful security software six months before the December 2013 attack, but never finished establishing its corporate response mechanism. So when the cashier stations in all of its domestic stores were attacked, and the security system dutifully spotted the malware…nothing happened. Thieves made off with 40 million credit card numbers. Target learned of the attack two weeks later, when notified of the breach by the US Department of Justice.
It could be argued that Target was more proactive than the designers of many of today’s embedded applications. At least the retailer was trying. According to a 2014 study by Hewlett-Packard, the same cannot be said for many Internet of Things (IoT) applications. HP’s study revealed that 70% of the most commonly used IoT devices contain gaping security holes. On average, such devices have 25 vulnerabilities, the study said. Problems include insufficient authorization, lack of encryption, insecure web interfaces, privacy concerns, and inadequate software protection.
READ MORE SECURITY ARTICLES ON DESIGN NEWS:
Experts have been aware of embedded vulnerabilities for years. As far back as 2009, a Columbia University study, Brave New World: Pervasive Insecurity of Embedded Network Devices, clearly predicted the problem. Using a simple set of intrusion tests, researchers concluded that embedded consumer devices were about 18 times more vulnerable to attack than enterprise devices, such as office laptops.
”If you try to connect your laptop to an (office) network, it will typically verify, authenticate, and run security software before it lets you on,” Grau told us. “The embedded world needs to migrate toward that type of model.”
To be sure, suppliers are trying to make that happen. At its recent DevCon, Renesas Electronics rolled out an embedded platform called Synergy that includes security software suppliers Icon Labs and Cypherbridge Systems in its Verified Software Add-on program. Using Icon’s Floodgate security products, Renesas hopes to integrate secure communication, intrusion detection, authentication, and other features into its embedded hardware.
”Our goal is to bring enough intelligence to these devices so they can detect when they’re under attack,” Grau told us. “Hopefully they can block the attack. Or at least report it. If they can report it, then it’s possible to take some action.”
The key is for companies to overcome the inertia, Grau said. Saying that security is important isn’t enough by itself. They have allow their engineers to act.
”We try to stress to customers, ‘You don’t have to do everything today,’” Grau told us. “Just get started. Do something.”
Senior technical editor Chuck Murray has been writing about technology for 31 years. He joined Design News in 1987, and has covered electronics, automation, fluid power, and autos.
Like reading Design News? Then have our content delivered to your inbox every day by registering with DesignNews.com and signing up for Design News Daily plus our other e-newsletters. Register here!
Design News will be in Minneapolis and Orlando in November! Design & Manufacturing Minneapolis will take place Nov. 4-5, while Design & Manufacturing South will be in Orlando Nov. 18-19. Get up close with the latest design and manufacturing technologies, meet qualified suppliers for your applications, and expand your network. Learn from experts at educational conferences and specialty events. Register today for our premier industry showcases in Minneapolis and Orlando.