Need for Embedded System Security
The Internet of Things (IoT) is a popular buzzword right now. The explosive growth of the “connected devices” is changing our world. The rapid drop in price and demand for typical IoT components is allowing the market to innovate new designs and products. But this also increases the security vulnerabilities. The increase in connected embedded devices brings more interests to hackers/attackers.
The below table lists the popular security attacks, over the period.
|Sl.NO||Year of Attacks||Popular Attacks||Infected Devices|
|1||2018||Zwave Hack||100 million|
|2||2018||Meltdown Spectre||Nearly Every Computer|
|3||2017||Krack||Nearly Every WiFi|
|4||2017||Infineon ROCA||Chrome Book and windows devices created by Fujitsu, HP and Lenovo|
|5||2017||BlueBorne||8.2 Billion Devices|
|6||2017||WannaCry||300 K devices|
|7||2016||Mirai||2.5 M devices|
|8||2014||HeartBleed||200 K devices|
As per Symantec 2018 internet security threat report, the increase in percentage of internet security attack is 600.
Cost of security breach are not cheap
As per ww.ncxgroup.com,
“A new survey by Altman Vilandrie & Company finds that nearly half of U.S. firms using an IoT network have been hit by a security breach, which can cost up to 13% of smaller companies´ annual revenue”
“48% of organizations have experienced at least one IoT security breach.”
“Nearly half of companies with an annual revenue above $2 billion estimated that the potential cost of one IoT breach is more than $20 million.”
Federal Trade Commission (FTC) on Security
As per FTC,
“for systems with significant risk, companies should implement a defense-in-depth approach”
“companies should build security into their devices at the outset, rather than as an afterthought. As part of the security by design process, companies should consider:(1) conducting a privacy or security risk assessment; (2) minimizing the data they collect and retain; and (3) testing their security measures before launching their products. Second, with respect to personnel practices, companies should train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization”
End user wants,
Service provider wants,
Though it is everyone responsibility, OEMs brand will be seriously harmed in all these unsecure environments. So, it is the OEM's responsibility to address them all.