The Blind Spot in Embedded Systems
From the cars we drive and the appliances we use to the sophisticated security systems protecting our homes and workplaces, networked embedded systems are everywhere. Are they secure? A better question, perhaps, is how would you even know?
For most of us, the best-case scenario is keeping our devices patched and applying basic access restrictions. Beyond that, we often take manufacturers at their word. As long as the smart TV is streaming and the smart lock is locking, we don’t ask the difficult questions. There is a collective discomfort with the reality that we are surrounded by embedded systems that are highly vulnerable to compromise, yet largely operate in a security blind spot.
As consumers, we have limited control over the security of devices in our own homes, let alone the systems implemented by the businesses and agencies we entrust with our data and security. Think about the times you’ve been notified of a breach—after the compromise occurred. Reactive measures are implemented only once it’s already too late. And you have to wonder, how many breaches go unreported or remain undiscovered and active right now?
The Need for a Proactive Stance
How can we make these systems more secure? Zero-trust architecture offers a good starting point for enhancing system security. However, its comprehensive application across the sprawling ecosystem of embedded devices is a practical impossibility, leaving behind weak links that can be targeted. A layered approach, incorporating digital forensics, is likely the most effective answer.
Consider the steps Microsoft has taken with Windows Defender. They’ve adopted a proactive, digital forensics-based approach, giving them the ability to analyze anomalous files and processes running on personal computers. This capability helps to detect active threats before they become catastrophic breaches.
In stark contrast, no such tooling exists for the vast majority of embedded systems.
The Manufacturer’s Dilemma
The reason for this gaping hole in security is simple: there’s no immediate incentive for manufacturers to perform rigorous vulnerability assessments and develop thorough forensic tooling. This process, and mitigating the inevitable vulnerabilities it would uncover, is burdensome. Instead, device security often becomes a compliance exercise—implementing a minimum set of best practices that satisfy a checklist.
Maintaining a reactive posture, or even willful ignorance toward vulnerabilities, is the least expensive path in the short term. Complicating things further, manufacturers can be reluctant to admit the existence and severity of vulnerabilities due to the impact to their corporate image – not to mention the potential liabilities.
However, forensic tooling can be developed for embedded systems to safely and securely acquire data from storage and memory in live operation. Automated analysis can be conducted on these “snapshots” to detect and assess Indicators of Compromise (IOCs)—the clues left by an attacker. Examples of such IOCs include:
- Unusual Network Traffic: Communication with known malicious IP addresses or unexplained connections and data flows.
- Modified System Files: Operating system files that deviate from “known good”.
- Anomalous Process Execution: Unexpected processes running in device memory.
- Unauthorized User Accounts: Creation of new administrative or remote access accounts.
- Bypassed Security Features: Changes implemented by an attacker to bypass built-in device security while maintaining the appearance that settings are still in place.
Implementing these measures would significantly raise the bar for would-be attackers, but few manufacturers have taken the steps to either implement a proactive stance for themselves or to engage third party expertise.
The Stakes of Insecurity
The lack of security assurance in embedded systems is not just a manufacturer’s problem; it is a profound risk to everyday life. While we may often take them for granted, embedded systems are the silent foundation of our modern world, and their compromise can have far-reaching, personal consequences:
- Physical Safety: A breach can extend beyond data theft to control over physical systems, from tampering with the sophisticated electronics in your car to disabling or misusing smart medical devices, security cameras, and home access controls.
- Critical Infrastructure: Many industrial control systems, utility grids, and traffic management systems rely on embedded technologies. The failure or malicious control of a single, insecure component could cascade into a widespread service disruption, a public safety hazard, or a compromise of national security.
The blind spot in security for embedded systems is a risk we all bear, making the call for proactive assurance a universal concern.
Illustration by Inkinetic Studios.
