By Brian Russell, advisor, VDOO
The line between physical and digital has blurred.
Cyberattacks against digital assets have an effect on the physical world and increase risk exposure for both manufacturers and implementers. Security incidents such as the VPNFilter attack on the only Ukrainian chlorine plant for water treatment or the discovered vulnerabilities on police body worn cameras shine a light on the extent to which connected devices are insecure.
The lack of security in the Internet of Things, combined with the sheer number of devices deployed, has created a widespread problem that is becoming increasingly difficult to overcome. As a security community, we need solutions that give manufacturers the tools they need to build connected products securely from the start and to aid them in understanding exactly where they should start.
The Need for Secure Design
For a manufacturer of connected products, security can be a maze of threats and best practice security recommendations making it difficult to understand what specific controls should be applied to a product. Product managers and development teams must wade through mountains of advice describing sometimes conflicting methods for securing the hardware, software, firmware, interfaces, cloud services and mobile applications associated with their IoT products.
There are critical design choices that must be made during the design phase and these choices affect the security posture of the product over the life of the device. These choices must be revisited regularly via feedback loops that inform the design team of flaws in product security design based on testing and even real-world operations. In an ideal world, these design choices are being made by seasoned security professionals with decades of cybersecurity experience. Unfortunately, not all manufacturers are able to hire such highly-experienced personnel, potentially resulting in gaps in their product security architecture.
The Benefits of Automated analysis
Automated analysis can help manufacturers by augmenting their already strained cybersecurity staff. Static and dynamic security tools have already proven their value in the IT world - identifying vulnerabilities in code prior to deployment. In the IoT market, automated firmware analysis tools are being introduced and adapted to support production quality and security.
These automated firmware analysis tools can be easily integrated into a teams’ secure development lifecycle (SDL). SaaS-based firmware analysis tools provide integration with Continuous Integration (CI) platforms, JIRA and similar tools to enable a feedback loop within the IoT development process. Scans can be run upon each new firmware build. For example, a scan of IoT device firmware might find that read access to password files was not restricted properly within the device.
The results of the scan inform the developer of the need to implement proper privileging within the file system, along with instructions on how to do so. The results would also open an issue within JIRA to revisit the design of the access control model for the product, providing applicable design recommendations from standardization bodies. For example, IoTSF’s guidance to “Only allow root access to password storage” and “Store application passwords in encrypted form”, allowing the design team to make informed updates to the security architecture as issues are found during automated scans.
The mapping to industry-best practices is a powerful enabler for product teams, giving them the tools they need to sort through the confusing task of deconflicting guidance from dozens of industry organizations. Product teams can take advantage of the knowledge amassed by leading cybersecurity organizations such as the IoTSF, ENISA, Cloud Security Alliance (CSA) as security guidance from these organizations is mapped directly to the automated analysis output.
Automated firmware security analysis can even be used as a tool to create a customized protection layer that immediately mitigates priority vulnerabilities and provides ongoing protection. By enabling the creation of a protection layer tailored directly to the identified weaknesses of a device, automated tools can now give precious time to manufacturers to revisit their secure design approaches and lock down their devices methodically, while simultaneously being protected against the vulnerabilities that are being worked by the development team.
Designing a security architecture for a connected product is an iterative process that requires security expertise and experience. Although there are best practices and security control recommendations available from industry organizations, it can be difficult to make sense of these controls, prioritize them and at times deconflict them to meet the unique needs of a product. Automated firmware analysis tools can introduce a valuable feedback loop into manufacturers’ secure development lifecycle that can inform not only on the tactical updates required but also the need for strategic design updates based on well vetted best practices. As a result, connected products being deployed to the market would be better secured, reducing their exposure to vulnerabilities and limiting the possibilities for future cyberattacks.