Why IoT security is broken, and how to fix it
As healthcare organizations connect more devices to their networks, IT executives must take aggressive measures to keep defenses up.
Because the Internet of Things is now integral to critical infrastructure, business and home environments—from hospitals’ infusion pumps and routers to refrigerators that can tell you when you’re out of milk—potentially disastrous cybersecurity implications must be addressed.
Standard operating procedure within the embedded computing industry makes security more of an add-on or an afterthought that relies on “security by obscurity.” But this can have dire consequences for data security, as malicious actors can easily reverse engineer unsigned firmware to give them complete remote control of a device. And far too often, lateral movement is allowed, meaning hackers can pivot inside a targeted system until they find what they’re looking for.
So what damage can actually be done by exploiting these firmware “design flaws?”
The so-called “SYNful Knock” attacks discovered in 2015 showed how nation-state actors managed to modify the firmware image of Cisco routers to achieve persistence inside victims’ networks. Compromising such a device at the gateway to the network could give attackers a perfect opportunity to steal data, monitor communications and install malware on parallel systems.
Remote control of a smart device or embedded computer could enable an attacker to turn that device into a bot to launch DDoS, click fraud, information-stealing attacks and much more. IoT devices are perfect for this purpose—they’re always on, always Internet-connected and with fatally flawed architectures that can be exploited.
In fact, we have already seen several cases where IoT devices have been taken over en masse to build botnets. As far back as January 2014, a global phishing and spam attack was traced back to a compromised network of smart household devices. And cybersecurity firms are predicting things will get worse in the coming year.
So what do we do about this? I propose the following:
As detailed in the prpl Foundation Security Guidance document, organizations seeking secure defenses need the following:
Secure boot. This ensures that IoT systems will only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. It needs to match on the other side with a public key or certificate that is hard-coded into the device, anchoring the “Root of Trust” into the hardware to make it tamper proof. This would have prevented the attacks on Cisco and others.
Hardware virtualization. This enables separation of each software element, where a system can be designed that keeps critical components in secure isolation from the rest, preventing lateral movement. This can enable products to be enhanced and modified, while crucially enabling regulators to prohibit and lock down modification of any function deemed too dangerous.
As the Internet of Things and connected embedded computing now permeate every part of our lives, we need to come together as an industry and rethink our approach to securing and managing these devices.
Standard operating procedure within the embedded computing industry makes security more of an add-on or an afterthought that relies on “security by obscurity.” But this can have dire consequences for data security, as malicious actors can easily reverse engineer unsigned firmware to give them complete remote control of a device. And far too often, lateral movement is allowed, meaning hackers can pivot inside a targeted system until they find what they’re looking for.
So what damage can actually be done by exploiting these firmware “design flaws?”The so-called “SYNful Knock” attacks discovered in 2015 showed how nation-state actors managed to modify the firmware image of Cisco routers to achieve persistence inside victims’ networks. Compromising such a device at the gateway to the network could give attackers a perfect opportunity to steal data, monitor communications and install malware on parallel systems.
Remote control of a smart device or embedded computer could enable an attacker to turn that device into a bot to launch DDoS, click fraud, information-stealing attacks and much more. IoT devices are perfect for this purpose—they’re always on, always Internet-connected and with fatally flawed architectures that can be exploited.
In fact, we have already seen several cases where IoT devices have been taken over en masse to build botnets. As far back as January 2014, a global phishing and spam attack was traced back to a compromised network of smart household devices. And cybersecurity firms are predicting things will get worse in the coming year.
So what do we do about this? I propose the following:
- Good security is at least half about good management of the product, yet in many cases, vendors prioritize the user experience over everything else. If a more secure product requires one more page of a user manual to read, or 30 seconds more brain power for the end-user to configure, the increased security benefit is often dismissed. As an industry, we must weight security more heavily when making product decisions.
- The recently discovered Samsung SmartThings flaws raise some important questions about smart home security. Do these systems really need a mobile app? Does the app need to connect to central server in the cloud? And, most importantly, is it right to have a smartphone control anything that is critical to your organization? In many cases, the app itself is developed not by the smart device OEM but a third party over which they might have little control or visibility. OEMs should implement open and interoperable standards in their devices, and IoT architecture should rely only on a local, secured hub.
- Building a secure infrastructure that extends into the device itself is essential.
As detailed in the prpl Foundation Security Guidance document, organizations seeking secure defenses need the following:
Secure boot. This ensures that IoT systems will only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. It needs to match on the other side with a public key or certificate that is hard-coded into the device, anchoring the “Root of Trust” into the hardware to make it tamper proof. This would have prevented the attacks on Cisco and others.
Hardware virtualization. This enables separation of each software element, where a system can be designed that keeps critical components in secure isolation from the rest, preventing lateral movement. This can enable products to be enhanced and modified, while crucially enabling regulators to prohibit and lock down modification of any function deemed too dangerous.
As the Internet of Things and connected embedded computing now permeate every part of our lives, we need to come together as an industry and rethink our approach to securing and managing these devices.
More for you
Loading data for hdm_tax_topic #better-outcomes...