How to Secure Your Embedded Systems

More and more facets of our lives and work are becoming automated, or at least connected to the internet. We use embedded computers to manage this automation and connection. However, unlike your PC or Mac, which have plenty of protection from malicious attacks, these embedded computers tend to be simpler and less protected from exploits.

That’s why it is critical to approach your embedded systems responsibly and critically from the start. ADL Embedded Solutions which specializes in embedded systems shares some of the most important security features and practices that should keep your embedded systems safe.

ARM Trustzone

Embedded computers tend to use ARM architecture chips – it is less power-hungry, and gets the job done. Trustzone is available to most embedded systems users, and can immensely improve your security. Even if you cannot use the software itself, you can still learn from it, and write your code in a more secure manner.

Best Practices

Make sure that the code in your embedded system is written as clearly and as precisely as possible. That way, you should be able to find anything that is out of place quickly and resolve the issue with as little downtime as possible.

Each programming language has its own standards and practices, which means that you should familiarize yourself with the dataset which you intend to use.

If you’re unsure of the best practices, hiring a security consultant to check might be a good idea. Even though the services of security experts can be somewhat expensive, their knowledge and input can be invaluable to the security of your systems.

Digital Signatures on All Embedded System Updates

No matter how autonomous and independent your embedded system is, if it is connected to the internet, it will require some updates from time to time, mostly firmware updates, but you may also need to make some general tweaks to the system, or fix some bugs which cropped up.

In order to ensure that the updates installed on your devices are legitimate, it would be wise to implement digital signatures or even some form of encryption on your updates. This way, all of your developers will know that the update came from a reputable source and that it is safe. A simple fix, but very effective.

Keep a Close Eye on Stack and Buffer

One of the simpler ways an exploit can be created is by overflowing the stack or the buffer. Once the limit has been exceeded, malicious code can be inserted without notice. It has long been standard practice to have a stack overflow monitor in place.

However, it’s not enough to just have this turned on. Instead, make sure that there is code that can warn people on hand when an overflow is about to happen. With this advanced warning system, overflow can be prevented, and the system kept safe.

Locking the Flash Program Space

This is probably not as effective as most people think, but it can be an additional layer of protection against an intrusion – especially if the device is remote and you don’t have access to it. If there is a hacker with physical access to the device, they could just read the code and find an exploit and gain access to the device or even the whole system.

If you manage to lock the flash program space, you minimize the risk of this happening. Of course, a persistent hacker could find a work-around for this step, but closer monitoring of your device might tell you that something off is happening. 

Security of devices connected to the internet is more important than ever, as more devices are connected, and more processes rely on these devices. Don’t take it lightly, even if you are not running any critical tasks on such devices.