Secure embedded software People, processes and technology are key when it comes to secure
embedded software development, as Steve Hanna explains
information. The only way to mitigate
these risks is to ensure smart
devices are properly secured and are
reliable and safe to use. If embedded
systems are not secured, they can
easily become infected and used as a
botnet for malicious purposes.
Learning from the past
Identifying what can go wrong in
each use case of a device is key to
understanding what is needed to
increase security to prevent the attacks
from happening in the first place.
With the use of technology growing
at a rapid rate and with security
developers struggling to keep up
with the levels of protection needed,
there have been multiple successful
attacks over the years which we have
learnt key lessons from.
For example, the Stuxnet virus in
stock.2010 was a serious attack on critical
infrastructure which compromised
computer software in the
Programmable Logic Controllers in the
Iranian nuclear programme. Similarly,
5 years later in 2015 hackers gained
access to the firmware within the
Ukrainian power grid which resulted
in a temporary loss of power to
225,000 individuals. In both cases,
the security of the systems involved
were adequate at the time of design,
however when attacked the systems
were compromised as they no longer
matched the sophistication of these
cyber-attacks.
With significant consequences
possible, it is vital to understand
what is necessary to prevent these
attacks from happening today and in
years to come. With attacks becoming
more sophisticated and more devices
providing more opportunities for
hackers, embedded systems must
In the last decade billions of
connected devices have been
created and adopted presenting
an endless number of security
challenges each day. With Internet of
Things (IoT) devices being integrated
into homes, businesses, healthcare,
factories and wearable technologies,
there are a growing number of risks to
our connected modern economy. With
billions of new connected devices
expected to enter the market in the
next decade, the number of security
risks is growing at an exponential rate
and we need to address them
The landscape has changed for
embedded system developers who
have to manage an increasing number
and variety of embedded systems
in the form of IoT devices that are
connected to the network, internet
or cloud. With IoT devices being
used in many different environments
for different purposes, there are a
host of use cases for embedded
systems which provide a wealth of
attractive opportunities for hackers.
The opportunities are also present in
vast quantities as IoT manufacturers
are producing IoT devices at a
rapid rate as they race to provide
the best products to the market at
competitive prices. This means that
the consideration of security in the
design often takes a back seat,
creating an environment of growing,
large quantities of connected devices
with poor security levels.
As a result, a whole new class of
attacks are now possible on smart
home equipment such as home
security systems and baby monitors
which, while seemingly mundane, are
a target for hackers.
These types of devices present a
vast array of risks to an opportunist
who knows how and wants to
gain access to private data on the
network. Smart connected fridges
that automatically order the food
vacant in a fridge, as well as home
security cameras, have previously
been a target for attackers to spy on
victims or gain access to financial
26 22 September 2020 www.newelectronics.co.uk
adobe.com
/www.newelectronics.co.uk
/adobe.com