We often hear how insecure embedded devices around us are. What are the design constraints that often lead to these devices being insecure? What are the common security problems? And, what can organizations and developers do to make them more secure? Let’s try to answer these questions.

Cisco predicts that there will be 50 billion devices connected to the Internet by 2020 . Gartner’s prediction is 25 billion Internet-connected devices by 2020 . Regardless of which number proves to be more accurate, the number of connected devices has been rising quickly over the past several years and the growth does not appear to be slowing down.

A large part of future growth will likely come from the Internet of Things (IoT) as devices from appliances to automobiles get connected to the Internet. One thing all of these devices have in common is that they contain software.

As safety-critical systems such as cars get connected, we need to consider the safety impact of security vulnerabilities inside the software. Researchers recently showed that they were able to control an automobile remotely by exploiting vulnerabilities , and these types of issues will become commonplace unless software is designed and implemented securely.

4 design constraints of IoT devices
There are some unique design constraints in IoT devices and simply using traditional security controls is generally not an option. Some common constraints are:

1. Low cost and time to market. Adding security features to the system increases short term costs and time to market. This is the primary reason many IoT devices include little to no security.

2. Limited resources. In comparison to general purpose computers, IoT devices typically have limited memory, storage and processing power. Security mechanisms like cryptographic operations may require increased resources, especially when hardware is not available to support the software. If a system is designed with the lowest cost components that meet normal use, the addition of security features may cause the system performance to degrade.

3. Limited user interfaces. People interact differently with IoT devices because the user interfaces are limited and the systems are often deployed in home environments. End users are not IT staff and therefore these systems are not supported in the same manner as enterprise systems. Most users will not perform software updates or create secure configurations for these systems, which places additional responsibility on the manufacturer of the system.

4. Unpredictable characteristics. Predictability of IoT devices is required for these devices to be reliable and useful in their deployed environments. Many security protection mechanisms such as anti-virus software and Address Space Layout Randomization have unpredictable characteristics that may require additional development effort.

3 common pitfalls of IoT device design
It is a challenge to design and implement software given these constraints. To overcome these constraints, developers often write very low-level code without any safety nets. Traditional security controls are left out because they would use up precious resources. Some common pitfalls that we see are:

1. Lack of protection rings and other basic operating system/hardware controls. All code that runs on the device can do anything, and a vulnerability in the code can result in complete device compromise. Protections such as Address Space Layout Randomization and Data Execution Prevention that we rely on in traditional platforms are generally non-existent on IoT devices.

2. Weak proprietary cryptographic algorithms. Standard cryptographic algorithms are often seen as creating an unacceptable performance overhead. Weak proprietary algorithms are often created in an attempt to secure information without sacrificing performance. These algorithms are almost always insecure.

3. Issues around update mechanisms. Software in many IoT devices cannot be updated when new vulnerabilities are discovered. In other cases, the update mechanisms are insecure and allow unauthorized software to be remotely installed.

Moreover, IoT devices are often deployed in environments where attackers can exploit the above issues from the Internet. The remotely controllable automobile mentioned earlier is just one example of a widespread problem.

What can organisations do to create more secure IoT devices?

– Build security in. The most cost-effective way to address security is to start at the feasibility or prototype stage. Security needs to be evaluated and given equal consideration along with reliability and usability. Efforts to add security at later development stages will encounter challenges related to the performance and usability of the system and therefore increase the cost and time to market.

– Executive leadership is crucial. The Building Security In Maturity Model (BSIMM) looks at executive leadership as a special role. Without executive support, individual projects will neglect security in favour of other criteria, such as cost and time to market. The effectiveness of the Secure Development Life Cycle is dependent upon this executive leadership.

2 key areas every developer should prioritise

– Secure updates. A secure update mechanism that uses proper cryptographic controls is required to respond to vulnerabilities discovered after a system is released.

– Reduce exposure. Limit the exposure of the system by removing all non-required functionality such as testing or debugging functionality.

While the Internet of Things provides many possibilities for improving our lives, the reality of how dependent we are upon these systems for our well-being must be accepted. For the manufacturers creating the systems, this means accepting responsibility and ensuring the safe and secure operation of their deployed systems.