GBittencourt Consulting

Security on Embedded Systems and Internet of Things (part I)

Embedded system

Embedded systems are electronic and software systems that perform specific tasks, which make they different from general propose computers like smartphones, notebooks, desktops e servers. Every day, we make use of those devices without noticing, they are everywhere and doing almost everything. There are embedded systems in cars, TV, decoders, routers, switches, printers, radios, phones, etc.

Internet of Things

Internet of Things (IoT) is a network of embedded systems where each system is able to interoperate with Internet infrastructure. Such capacity brings integration opportunities between computer systems and the real world.

Security challenges

The security challenges of embedded systems and of the IoT are similar to the conventional computers. Almost all attack technique used on conventional computers could be used to disrupt embedded systems. However, some embedded systems limitations make harder, or even unfeasible, the use of some common security controls.

The biggest barriers to apply effectively security controls in embedded systems are the memory, storage and processing constrains of those devices. Some security controls widely used in conventional computers, such as antivirus, IDS and even some complex cryptographic mechanisms, require more resources than the most of the embedded systems can provide.

Another huge restriction on embedded systems are their user interfaces. When exist, the user interface on embedded systems has huge limitations which make hard to implement highly interactive security controls. An example is the security update process where interaction with user is usually necessary.