From cyber threat to real-world danger

11 December 2015

The rapid expansion of digital connectivity in the computing era has always been closely followed by security breaches. But what started out as simple spam has expanded, over the decades, to include serious, expensive and in some cases potentially deadly threats.

These risks will only increase as we move into the era of the IoT.

One of the key issues, of course, is in the code. Software code is long and complex. In addition, software across applications and industries typically contains a large number of errors and faulty instructions, which are later fixed via patches. The result is not pretty. In fact, it’s been said that if the Golden Gate Bridge was made of software, you wouldn’t want to cross it. 

Hackers, on the other hand, gleefully climb right on. That’s because every mistyped instruction or back door for patches creates another window of opportunity for viruses to enter networks and attack individual computers.

This means there’s really no constraint on the development of intrusive or malicious code. If a patch fixes one vulnerability, hackers simply move on to the next.  

Not only are the hackers staying ahead of the game, they are also getting better at it. If a security company creates a new firewall or sandbox, hackers simply find new ways around it that are harder to discover or stop.

The cost of these attacks is also growing. A 2011 study commissioned by Symantec estimated computer viruses create some $114 billion in damage every year. A more recent study published in 2014 by the Center for Strategic and International Studies and funded by cybersecurity firm McAfee, estimated the figure could now be as high as $575 billion. This rapid growth becomes even more frightening when you take into account the explosive and disruptive new Internet of Things.

Enter the IoT

The Internet of Things (IoT) adds sensors and digital connectivity to everyday objects, enabling a rich exchange of information. This makes the objects both smarter and more useful. Unfortunately, these same systems can be manipulated or implanted with viruses and exploits that can compromise their integrity, potentially causing serious harm. This is precisely where cyber threats move from being “virtual problems” that may impact some corporate balance sheet or other, to very real and dangerous threats to human life.

What’s really concerning here is that IoT devices are already being deployed by the millions in cars, hospitals, airlines, water systems, electrical grids and more; many without adequate security. Why aren’t people slowing down to ensure IoT safety first? Because virtually anything to which you can attach can be improved by IoT technology. In fact, Cisco CEO John Chambers has said he believes the IoT will represent a $19 trillion economic opportunity by 2020.

Part of this revenue will come from the sales and installation of IoT chips and software, but most will be made by effectively analysing the data that is extracted from these devices. IoT in retail environments will help businesses discover your preferences and instantly deliver them to your smart phone, for example. Or the data can be used to discover new ways of diagnosing patient health and potential remedies.

The point is, IoT is a big opportunity, and no one wants to be late to the table. As a result, IoT end points are quickly becoming a target of hackers looking for the next open door. Unfortunately, the potential for harm is staggering. And there are plenty of examples.

For instance, researchers Charlie Miller and Chris Valasek recently exposed the vulnerabilities of an IoT system in a 2014 Jeep passenger vehicle by hacking the Uconnect 8.4AN/RA4 system to remotely control its steering and brakes. Whilst Billy Rios reverse engineered Internet-connected Hospira drug infusion pumps, ultimately enabling him to discover flaws that could allow tampering of dosage volumes. 

Clearly, these are examples created by security researchers to prove a point rather than cause harm. There are clues, however, that it won’t be long before IoT hacking will move out of controlled test labs to real world situations. 

Security experts note that firmware binary code - the tool of the hacker trade - is usually available online if you know where to look. JTAG hardware debuggers can also be used to extract copies of source code, and interactive disassemblers like IDA can generate assembly language code from machine-executable code. So we already have a pretty good sense of where they are starting from.

Additionally, many other hacks are created through simple social engineering – such as spam emails and telephone calls to vulnerable employees of manufacturing corporations. Further, some hackers actually sell their exploits online, which at least gives experts a chance to assess their potential for harm. Regardless, we continue to connect new devices to the Internet, increasing the probability that attackers will find still more weaknesses and exploit them for gain – and pain.

Security defenses that were once considered strong and highly efficient are proving to be inadequate to the task. In many cases, IoT developers are simply relying on someone else’s technology to protect their data, and that’s not always happening.

In fact, many of the engineers tasked with designing and building IoT systems are not experts in network protocols and even less in network security. They may know how to put together hardware components, but implementing TCP/IP protocols is a rarefied discipline which requires expert knowledge and extensive debug and testing. It’s unfair to expect mechanical and electrical engineers to shoulder this burden and stay up-to-date with the latest secure development best practices. But their lack of subject matter expertise is leaving systems wide open to attack. Weak implementation of network protocols enabled Miller and Valasek to infiltrate the Jeep’s D-BUS via port 6667 left inexplicably open and unauthenticated, for example.

And the problem doesn’t just rest with software. Many IoT and embedded devices don’t even have a means to be updated. Others have flawed update delivery systems, too easily accessible by anyone and everyone.

Miller and Valasek exploited this weakness to modify TI OMAP-DM3730 chip firmware inside the 2014 Jeep and reflash the image, allowing them to reboot and execute arbitrary code. You can install the best alarm system money can buy to protect your house, but if a robber can come along and merely replace it with their own, what’s the point of having one? A similar issue has enabled hackers to run a malicious backdoor on various Cisco router models – by inserting an implant the same size as the legitimate Cisco router image.

The issue with this kind of attack is that it gives the hackers complete control of the device and it is persistent – it can’t be undone via a system reboot, for example. And it gives them privileged access to an affected device. In the case of incidents targeting network router and home gateways, this means an attacker gets to see and control all the traffic flowing in and out of the corporation or home network.

Notably, all of the attacks mentioned above were made possible by a lack of internal security controls to limit lateral movement inside targeted systems. It’s a strategy used by cybercriminals frequently to target attacks to data centers. They gain an initial foothold into an endpoint via malware download, made possible by a spearphishing email or by simply cracking or stealing user credentials. Then they move around laterally inside the network, escalating privileges until they find the real prize – typically a database full of sensitive IP or customer information. 

Meanwhile, airline security expert Chris Roberts allegedly managed to reach a part of an aircraft which should have been isolated – its on-board flight systems – by infiltrating the in-flight entertainment facility. Separation is one of the fundamental principles of security, so it’s not only dispiriting to see it ignored in so many cases, it’s also downright dangerous. 

Traditional security solutions will be largely ineffective against this emerging threat landscape. 

Security and reliability have become ‘must-haves’ in embedded systems. It is important in many applications, and is especially critical for connected products. Security software must be complemented with stronger hardware-level security, existing trusted execution architectures won’t scale in new multicore / multitenant scenarios. Silicon-level virtualisation is the next frontier in hardware security. MIPS architecture and IP, such as that from Imagination, are suited to multi-domain security.

Just as we have in the past seen a focus on low power, the next wave of IT security will drive the next wave of IT innovation. Trusted execution architectures are CPU-centric and limited to two zones. A multidomain approach protects all SoC processors for truly heterogeneous processing. Silicon-level virtualisation is the next frontier in hardware security.

Cross-industry collaboration is going to be the key to driving the next-generation security the world needs. Within the prpl security group, developers; corporate members; individual and students all contribute to creating a security definition which is usable in any digital communications application, extensible for multiple generations and scalable for multiple processors.

IoT security cannot just be added at the end. It starts with the system design objectives, is enhanced over time as new threats are identified and expands with each use-case. The way IoT devices will be used means that they need to be always-on, always-connected, always-protected. IoT everywhere means we have to think about not just the security of the device but the data it holds.  

If we are going stop our connected future from being torn apart before it even starts, we must act now to lock down the risks that come from software vulnerabilities. 


Contact Details and Archive...

Print this page | E-mail this page