Hardware engineers are often experts at designing connected products within electrical and RF constraints to meet the requirements posed by the CE mark, the FCC, and other regional and international certification bodies. Embedded systems security, however, is a separate discipline and closely tied to new device designs, requiring not only advanced knowledge of how to mitigate security vulnerabilities in system design, but the ability to manage new and emerging threats as they occur.
Today, managing cybersecurity threats is critical in the full lifecycle of connected products — and cyber safety has therefore become as important as electrical or RF safety as a best practice.
In this article, we outline what’s changed around cybersecurity for embedded products, why there is little time left to respond to new regulations, and why engineers should consider a comprehensive solution to manage the challenge. The clock is ticking already!
What Is Embedded Systems Security?
Connected devices are equipped with embedded computing systems that allow them to run independently. They are often deployed outside of traditional network infrastructures protected with firewalls and other security tools, which means having integrated security features is critical. Embedded systems security is the holistic result of physical security measures as well as software and programming in a device’s integrated system.
These security measures may include, among others:
- Physical protection and surveillance to prevent access to connected devices.
- Encryption on data stores to prevent unauthorized access to protected information.
- Robust communication security protocols and authentication features that control access and device connections.
- Proactive and automated firmware and operating system updates to keep devices secure.
- Relentless monitoring and analysis of endless new vulnerabilities and exposures.
Ultimately, these measures should eliminate and remediate known weaknesses and protect a connected device’s hardware, software, and network links from unauthorized access. Embedded systems are comprised of a combination of compute resources and integrated software designed to carry out a specific function. A key challenge for developers and end users is that there are constraints — including limited memory and storage — that make it difficult to design in embedded security features that will work in the field for the complete lifetime of the product, bearing in mind the overwhelming number of new threats that incessantly emerge nowadays.
Embedded Systems Security: A Fast-moving Target
There is arguably a perception in the broader embedded devices market that designing for cybersecurity is good practice — but that cybersecurity is not as critical as electrical safety and electromagnetic compatibility, or that it is a problem left to the end-device customer. There are exceptions, such as medical devices, where cybersecurity has been at the front and center for recent years. Transactional systems such as ATM and lottery machines have also required robust embedded security for some time, though the moving target of evolving threats has made it difficult, in practice, for these systems to maintain resilient security over time.
To meet future requirements and provide more marketable products that are not at risk out of the box, OEMs building wireless products across all vertical industries will need to address cyberthreats with hardened devices, embedded cybersecurity technology, and ongoing monitoring and remediation.
Embedded Systems Security Vulnerabilities
Attack strategies that can impact security in embedded devices are broad, unpredictable, and growing. These threats run the gamut from extortion of money and intellectual property through phishing, distribution of malware, tampering with the function of connected systems such as vehicles, and even instigating an infrastructure collapse, for instance, temporarily affecting power or potable water supply.
Successful attacks may rely on just one insecure system crack and that entry point could be the most innocuous embedded component. So, how do hackers exploit operating system vulnerabilities?
There are many forms in which these attacks can be administered:
- Denial-of-service (DoS) attacks
- Denial-of-sleep (DoSL) attacks
- Application-based intrusions
- Physical tampering
- Brute-force attacks
- Digital eavesdropping
- Privilege escalation attacks
Let’s talk about strategies for addressing cyberthreats in embedded designs.
Tips to Strengthen Embedded Systems Security
The first key to thwarting tampering in computer security is to identify potential vulnerabilities. For example:
- Device theft is one way cybercriminals access improperly secured data.
- Out-of-date operating systems can leave device settings and functions vulnerable to attack or the injection of malicious code.
- Outdated hardware components can increase the risk of unauthorized access to protected networks, which not only puts data from local devices at risk but also your entire data and IT infrastructure.
- Poorly secured applications on embedded devices can allow access to encrypted data that wouldn’t normally be accessible to unauthorized users. Likewise, malware could escalate in privileges, monopolizing computing resources until leaving said devices completely unusable.
The next step is to build in the ability to manage new and emerging threats. Some best practices include:
- Restrict how devices access critical systems: With a secure embedded system-on-module, you can adopt enterprise-grade encryption to secure all your IoT device connectivity. Using these integrated building blocks also simplifies software development while still supporting custom applications.
- Follow industry best practices for embedded systems design: To avoid design security issues in hardware and software on IoT devices, organizations should prioritize long-term resilience and simplify device management by following industry best practices for embedded design principles.
- Implement digitally secure firmware updates: Organizations can implement over-the-air (OTA) firmware updates for remote devices already deployed in the field via secure network connections. Embedded devices must be able to receive, load and authenticate factory-signed update images before replacing the current version.
- Prevent stack or buffer overflow in embedded software: Cybercriminals can try to take advantage of the limited memory and storage in embedded systems, using stack or buffer overflows to forcibly replace executable code with malicious viruses or files. You can protect embedded systems from these attacks by integrating processors that must authenticate any code interacting with hardware at runtime.
Preparing for New Embedded Systems Security Regulations
Industry and government are catching up to the aggregate risk picture. That includes supervisory bodies around the world who are steadily introducing cybersecurity regulations to apply to embedded and connected IoT devices.
New regulations from General Data Protection Regulation (GDPR), Radio Equipment Directive (RED) for cybersecurity, National Institute of Standards and Technology (NIST), and others are a step shift away from the typical EMC or safety standards engineers are used to.
For example, in the EU, Article 3.3 clauses (d), (e), and (f) of the RED contain a range of non-electrical safety measures aimed at embedded hardware and software cybersecurity. All three articles come into force in August 2024 and products released after that date will need to be compliant.
The challenge in complying with the new regulation is two-fold. First, whereas RF and electrical safety regulations typically involve clear specifications that a hardware engineer can test and measure with lab equipment, cybersecurity practices can be much harder to pin down to design specifications. This is in part because the regulations don’t necessarily tell you exactly which steps or security best practices to employ, and in part due to the sheer number of attack strategies — and they will continually emerge.
The second challenge in complying with specific embedded cybersecurity regulation is the accelerated pace of change. Regulation is coming into place so fast and new threats appear so quickly that engineers are struggling to adapt within the confines of set production cycles that can easily be five years, with finished and tested products that can remain in use for decades.
Managing the Changing Requirements for Embedded Device Security
Engineers that are used to picking components based on a spec list can find cybersecurity a fresh challenge because it can be difficult to determine exactly what’s required from hardware vendors. That said, on-chip hardware and software security features are established as must-haves. Think about secure boot, digital signatures, protected ports, tamper detection, and encryption, for example.
How can embedded designs adapt to a changing cybersecurity landscape? One key is the ability to actively manage devices once they’re deployed, including updating core firmware functionality remotely when needed in a controlled and planned manner.
That means connecting devices to a flexible yet robust cloud platform for monitoring as well as establishing the ability to push device updates over the air to rapidly address novel security threats — as well as any bug fixes, enhancements in functionality or performance.
Large manufacturers can design online portals to accomplish these goals and can also afford to maintain them — and some have already done so. It is, however, intensive to set up and run and product developers can struggle to make a start.
How the Digi ConnectCore Ecosystem Can Help
At Digi we’ve been at the forefront of embedded systems security for many years. And we are continually innovating new methodologies and services to support OEMs in delivering ongoing comprehensive cybersecurity safety for embedded devices.
The Digi ConnectCore ecosystem of wireless and wired embedded system-on-modules offers an integrated solution for embedded device security — enabling developers to not only incorporate best practices in embedded systems security during the design phase, but to monitor device behavior and security threats in deployed devices and roll out firmware updates at any time to respond to fresh cybersecurity challenges.
Digi ConnectCore® Security Services are a collection of services and tools that enable customers to maintain the security of devices during their entire product lifecycle. This ensures customers can solve the ongoing challenge of keeping products secure after their products are released.
These services enable the analysis and monitoring of a custom software bill of material (SBOM) and binary image, running on Digi ConnectCore SOMs, for security risks and vulnerabilities. To help remediate identified issues, the services include a curated vulnerability report highlighting critical issues, a security software layer including patches for common vulnerabilities and consulting services.
Design, Build, Go to Market… and Support a Secure Product Lifecycle
New embedded security requirements and emerging cybersecurity risks require a solution-driven approach that augments OEM design skills with a third-party security solution that drives cybersecurity at the product design level, and throughout the lifetime of the product.
Turn to Digi’s robust embedded systems and ongoing security monitoring and management to safeguard your embedded systems now and for the future.
Next Steps