Securing embedded devices is becoming a hot topic, especially as those devices begin to connect to the Internet. There is a real threat from hackers reverse engineering a connected device, and after Jacob Beningo, a UBM blogger, attended the "Reverse Engineering RTOS Backdoors" session at ESC Boston the realization struck that such an attack is simple to do. What can embedded software designers do to improve the security of their devices? Here are seven key takeaways from that session that developers need to be aware of.
- Takeaway #1 - Exploitation success rate is high
- Takeaway #2 - It's not the RTOS but the user code
- Takeaway #3 - Beware of third-party code
- Takeaway #4 - Analysis tools are cheap
- Takeaway #5 - Disabling WAN access is not enough
- Takeaway #6 - Watch out for text strings
- Takeaway #7 - Secure your firmware
Embedded software engineers need to get concerned about security. The pressure to get to market, to add product features, and to create a robust product often leaves developers scrambling to get a product out the door. But once that product enters the world there is no telling how long it will be out there or how it might be exploited for nefarious purposes. Ignoring the security implications on even the simplest connected device could thus result in providing hackers with the computing power they need to really cause some trouble. Security may not be the embedded software developers' highest priority, but it is time to at least put it on the priority list.
Read more about these takeaways on our sister site, EDN.
Atlantic Design & Manufacturing, the largest advanced design and manufacturing trade show serving the Northeastern US, delivers thousands of senior level design and manufacturing professionals who are looking for new ideas, innovations, and solutions. A Design News event, Atlantic Design & Manufacturing will take place in New York, June 9-11, 2015. It’s your chance to meet qualified suppliers, get hands-on with the latest technologies, and expand your network. Learn more here.