A classic security breach vector involves exploiting weak authentication. As security researchers like to point out, failing to change default passwords for administrative access remains the top security issue for all types of IT systems.
But a related — and perhaps more devious — attack vector involves exploiting a weakness in a process that is supposed to help ensure device security in the first place: the remote system update.
We saw this security vulnerability in the headlines this week as the US Food and Drug Administration (FDA) issued a warning pertaining to the Medtronic pacemaker device update systems and process.
The FDA warned that a vulnerability associated with the Medtronic Software Distribution Network would potentially enable an attacker to push unauthorized updates to the control systems that are used by healthcare workers for monitoring and managing pacemaker configurations.
The vulnerability could have permitted, for example, rogue software to be installed, including updates to implanted device firmware.
“To date, there are no known reports of patient harm related to these cybersecurity vulnerabilities,” the FDA said.
To prevent any exploits of the vulnerabilities, Medtronic has shut off the software update process and network that is used for software updates and patching. As The Register points out, this action might seem counterintuitive, but it is an important security step that forces all updates to be handled locally by authorized technicians until the vulnerability can be addressed.
The irony of this case lies in the fact that the vulnerability pertains to a software update process that itself is intended to enhance security, among other benefits. If, say a Common Vulnerability and Exposure (CVE) is identified that affects a given device, the maker of that device could quickly respond and push patches and security updates to the affected systems if they have such a remote update process in place. But the vulnerability in this case affects the security of that very update process itself. And that attack vector mirrors one that is increasing common in recent years, as attackers use automatic update distribution networks to push malware into systems and gain control of them.
In our 20 years of helping device makers bring products to market, we’ve seen embedded system security become increasingly critical, especially as embedded systems have become widespread in Internet of Things deployments. Our focus on embedded Linux security, Internet of Things device security and embedded system security for open source software has given us insight into the security best practices such as making sure that a system update can be conducted securely.
Our Secure by Design offering includes device security auditing, which can help you to evaluate the security posture of your devices, including how they are configured and how updates and similar processes are handled. The device hardening support we offer can enable you to minimize the damage an attacker could do if they do succeed in compromising a device.
Timesys has extensive experience with embedded system development and lifecycle management. Timesys has been instrumental in working with global leader semiconductor manufacturers with smart, quick and quality solutions for highly complex systems with accelerated product innovation and multiple product variants.