Good embedded security technology is readily available, so why are smart products still vulnerable to security breaches? Security and hacking are an economic game involving risk and reward for every endeavor.
Take, for example, the Jacquard loom – one of the first programmable devices, which used punch cards to program a mechanical loom’s weaving patterns to create complex designs. We don’t have stories of Jacquard looms being attacked because hacking Jacquard looms involved relatively high risk. The devices were rare and generally inaccessible, leaving attackers little opportunity to execute an attack. What’s more, the value of an attack was low. What is to gain from an attack on a Jacquard loom? Sabotage from a competing textile manufacturer? The desire to see comical loom patterns implemented by a machine? If the attack is hard to execute and the results are unrewarding, then the target is not attractive to hackers.
Fast-forward over a hundred years. Room-sized computers were starting to serve government, military, and big business applications. These were certainly juicier targets for attackers. The reward side of the equation was increasing. However, access to these machines was still extremely limited, as the machines were rare and they required specialized skill to program and manage. From a risk-reward perspective, risk was still high even though reward was increasing. That isn’t to say that hacking in the era didn’t exist. (Remember the Enigma machine?)
Jump to today. Most of us carry devices products with intelligence and sensors – and phones are just the beginning. Smart watches and fitness trackers log data about our bodies. Smart home devices know when we come home and what we like for entertainment. Our automobiles know our travel patterns and our behavior. The proliferation of sensors means that data is always being gathered around us, whether we consent or not. In our modern era, information is power and money, and all of the smart devices we surround ourselves with are creating value by monitoring us.
The risk of attacking most devices is today is extremely low because when they become connected, they also become easy to access. The reward isn’t always spectacular, such as when programmable street-warning signs are hacked to promote political points of view or convey humorous messages, but there is the potential for more harmful attacks with higher payoff. For instance, the Stuxnet attack on an Iranian nuclear processing facility allowed the perpetrators to destroy important nuclear processing equipment of a political adversary. The attack was complex, designed to take advantage of the connected nature of things to propagate without detection until it was too late and the centrifuges had already been reprogrammed to damage themselves. The reward was high, and the nature of our connected world lowered the risk side of the equation to a point where advanced actors could carry out a successful attack.
Why aren’t we secure?
Implementing security into a design means that the engineering team needs to consider and understand security issues, and there is a potential expertise gap with any team. More importantly, stringent security based on advanced hardware will cost more money than simpler security measures based on software measures. Some industries, such as finance or government, are naturally inclined to think about security. Others build it in after they’ve discovered fraud or other problems.
There is little incentive for designers, especially at startups, to add even minimal time and cost by designing security into their devices. Time to market is critical, and designers are usually under the gun to release. There are two big issues with delaying security:
Effective security is hard to achieve when it is applied to an existing product (the “bandaid” approach) if it isn’t included in the design from the start.
In reality, engineers are never available to go back and fix things later. Instead, business development demands that they move on to their next projects and get them to market quickly.
How can we move forward?
There is no such thing as an unbreakable security system, even given infinite time and resources, but the game of security is to build something that will practically keep people with bad intentions out. Attackers will always look for the weakest system with highest reward, so even moderate improvements in the security of your system can move your application into the realm of “too tough to hack.” In short, a moderate amount of security will probably solve most of your problems, and a thoughtful security design will likely make you safe for a long time.
There are plenty of available technologies that ease the effort of designing in security. Many IC companies also offer components such as secure microcontrollers that provide a foundation for creating smart products that are also protected against hacking, cloning, counterfeiting, and other nefarious activities. With these technologies available, there’s really no reason not to build security into your IoT design early on.