• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • Automotive
    • Connectivity
    • Consumer Electronics
    • Industrial
    • Medical
    • Security
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Videos
    • TI Microcontroller Videos
  • EE Resources
    • DesignFast
    • eBooks / Tech Tips
    • FAQs
    • LEAP Awards
    • Podcasts
    • Webinars
    • White Papers
  • EE Learning Center
    • Design Guides
      • WiFi & the IOT Design Guide
      • Microcontrollers Design Guide
      • State of the Art Inductors Design Guide
      • Power Electronics & Programmable Power

The security of connected devices

February 24, 2017 By Scott Thornton

Take an MCU and add Bluetooth or Wi-Fi connection to the internet and you have an Internet of Things (IoT) device, and smart devices that are connected to the internet are everywhere. Smartphones, home automation, fitness bands, and products like the Amazon Echo are all examples of IoT. The problem with millions of internet-connected MCUs is that they can be hacked. A Distributed Denial of Service (DDoS) attack is when hundreds, thousands, or even millions of independent IoT devices are hacked and instructed to ping or query a single server or collection of servers belonging to a single entity within the same time frame. The receiving server cannot answer legitimate traffic because it’s busy investigating every knock on the door. In essence, DDoS is internet censorship at the least and the shutdown of vital services at its worst.

Source: Infographic: Internet of Things Top 10, https://www.owasp.org

It’s up to manufacturers, designers, and developers of IoT devices to make them resistant to hacking by providing security. Many IoT devices in current operation, including connected automotive devices, have no security in place (not even a password.) Devices can be in operation for years and continue to operate normally even when they have been compromised. A CCTV camera that records license plate data to a database in a cloud via a wireless internet connection could be sending spam in between snapshots and uploads. Essentially, the connected MCU becomes a bot on the net and may or may not operate as intended, once hacked.

Source: Infographic: Internet of Things Top 10, https://www.owasp.org

What can you do? Choose to apply a difficult-to-guess password (the longer the better and use symbols if possible.) Brute force hacking is a common tactic as a hacker’s computer program tries to guess passwords based on words in the dictionary. A computer that is set up to brute force hack at high speeds can crack a simple password by trying every word in the dictionary. Another tool in the anti-hacking toolbox is secure boot. Secure boot makes sure that an MCU is designed to run only secure software. Firmware updates ae signed with a key that requires authentication by the MCU chip, so the MCU knows whether that firmware is safe to run. The code can be intercepted and examined, but it cannot be run on the MCU without authentication. Code can also be encrypted so that it cannot be examined. However, the code must be decrypted by the processor before running it.

Make sure your connected device has firmware that can be updated. Security has to start from the ground up, since adding security to an existing design is much more difficult to implement. Security is also an ongoing operation; firmware updates may be necessary later as new hacks are discovered. The new rule of thumb is to update the firmware of any internet connected device as soon as it comes out of the box.

What kinds of attacks are possible to contaminate internet connected MCUs? Physical hardware access is one way to compromise your device. Internet access isn’t always necessary, since an attack could be local to your network or as simple as inserting a contaminated SD card. Another type of attack is termed “Man in the Middle,” or MITM attack. A MITM attack occurs when anything in between your device and the server it’s trying to communicate with is the attack vector. The attack could also come from the server (cloud) that your internet-connected MCU is doing business with or uploading data to, which means that security on the server-side is also imperative. Therefore, simple web security practices are necessary.

Source: Infographic: Internet of Things Top 10, https://www.owasp.org

If you are creating a personal, one-off project, simple password and secure boot may be enough. But if you plan to deploy many, or sell an IoT product, don’t store anything on external memory that isn’t encrypted and disable debug interfaces before you deploy devices to the field. Debug interfaces like JTAG leave your device open to physical hacking.

As a consumer of electronics products, you can mitigate being an IoT hack server by staying current; get on a mailing list, register your product, buy only from reputable manufacturers, and generally follow security news regarding your electronics. The Open Web Application Security Project (OWASP) is “…an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.” The OWASP IoT Project is an effort to make it easier for everyone to understand the security issues regarding the IoT and to enable users to make better decisions regarding IoT. Material from the OWASP IoT Project is free to use and distribute.

 

 

You may also like:


  • Security for embedded systems – Virtual Roundtable (part 1 of…
  • Embedded systems software and programming
    Embedded systems software and programming for a safer world

  • Securing embedded systems in a hostile world

Filed Under: Applications, FAQ, Featured, Industry Experts, IoT, Security Tagged With: basics, FAQ, owasp.org

Primary Sidebar

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

EE Training Center Classrooms

EE Classrooms

CURRENT DIGITAL ISSUE

A frequency you can count on There are few constants in life, but what few there are might include death, taxes, and a U.S. grid frequency that doesn’t vary by more than ±0.5 Hz. However, the certainty of the grid frequency is coming into question, thanks to the rising percentage of renewable energy sources that…

Digital Edition Back Issues

Subscribe to our Newsletter

Subscribe to weekly industry news, new product innovations and more.

Subscribe today

RSS Current EDABoard.com discussions

  • 3.7v to 5v dc to dc boost converter
  • Thyristor - Reverse Diodes and Reverse Blocking
  • Calculation of FET switch ON time for Boost PFC?
  • Inverting Preamp schematic
  • Suitable Stackup required for a high current carrying PCB

RSS Current Electro-Tech-Online.com Discussions

  • looking for resistor for my treadmill.
  • alternate of 80386/486 microprocessor
  • Right channel distortion on vintage fisher rs-2010
  • Basic questions about MOSFETS, Gate Drivers and Diodes
  • Neon Transformers for sale

Footer

Microcontroller Tips

EE World Online Network

  • DesignFast
  • EE World Online
  • EDA Board Forums
  • Electro Tech Online Forums
  • Connector Tips
  • Analog IC Tips
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • Wire and Cable Tips
  • 5G Technology World

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us
Follow us on Twitter Add us on Facebook Follow us on YouTube  Follow us on Instagram

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy