Tag Archives: Embedded system

Why Are Embedded Industrial Control Devices Now Vulnerable To TCP/IP Attacks?

Critical flaws found in embedded TCP/IP stacks may widely affect industrial control devices.
By John Blyler – Cybersecurity experts have found numerous vulnerabilities affecting a commonly used TCP/IP protocol network stack used in millions of Operational Technology (OT) devices. In contrast to IT systems – which manage data – OT devices control the physical world, especially in the industrial and manufacturing spaces.

Further, the affected OT devices are manufactured by hundreds of vendors and deployed in manufacturing plants, power generation, water treatment, and infrastructure sectors. For the most part, the OT devices are part of the industrial IoT marketplaces, all of which are highly susceptible to attacks and flaws that result from issues within the TCP/IP network communications architecture.

Since its inception, the TCP/IP network protocol stacks have formed the backbone of the Internet. Smaller, tailored versions of the full-up Internet stack were created decades ago for embedded systems later used in connected IIoT devices. The embedded TCP/IP stacks – sometimes called NicheStack – combine applications, transport, network, and physical components.

NicheStack is a closed source IPv4 network layer and application implementation for operating systems. It is one of three available from InterNiche Technologies, Inc., designed for use in embedded systems.

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack used by many OT vendors. The vulnerabilities are collectively tracked as INFRA:HALT, which targets NicheStack, potentially enabling an attacker to achieve remote code execution, denial of service (DNS), information leak, TCP spoofing, and even DNS cache corruption. more>

3 Reasons Embedded Security Is Being Ignored

By Jacob Beningo – The IoT has grown to the point that everyone and their brother is in the process of connecting their products to the Internet. This is great because it opens new revenue generating opportunities for businesses and in some cases completely new business models that can generate rapid growth. The problem that I am seeing though is that in several cases there seems to be little to no interest in securing these devices.

(I draw this conclusion from the fact that embedded conferences, webinars, articles and even social media conversations seem to draw far less interest then nearly any other topic).

I’m going to explore the primary reasons why I believe development teams are neglecting security in their embedded products and explain why security doesn’t have to be a necessary evil.

Reason #1 – The Perception That Adding Security Is Expensive

I believe that there is still a perception in the embedded space that security is expensive. Right now, if you were to survey the availability of security experts, you will find that there is a severe shortage at the moment.

Reason #2 – We Will “Add It Later”

Nobody wants to be on the front page due to a security breach. I believe in many cases, companies want to include security, but in the early stages of product development, when funds are short, security is often the lowest priority. With many good intentions, the teams often think they’ll add it later after we get through this sprint or this development cycle. The problem that is encountered here is that you can’t add security on at the end of the development cycle.

Reason #3 – Teams Are In Too Big A Hurry

Nearly every development team that I encounter is behind schedule and in a hurry. New start-ups, seasoned successful teams, there is always way too much to do and never enough time (or budget). In many cases, teams may be developing a new product and need to get to market fast in order to start generating revenue so that they can pay the bills.

Security is a foundational element to any connected device. Security cannot be added on at the end of a product and must be carefully thought through from the very beginning. Without thinking about it up front, the development team can’t ensure they have the right hardware components in place to properly isolate their software components or expect to have the right software frameworks in their application to properly manage and secure their product. more>

5 Techniques for Accelerating Engineering Development

By Jacob Beningo – Whether its a parts company, software supplier, or all the way to system integrators and even consultants, no one seems immunte to the ideas of decreasing costs and faster time to market, while improving product quality.

We want to do more at the same or better quality level, while also decreasing the resources we use to achieve our end goals.

That is not to say this is an impossible goal. In fact it’s quite obtainable. In many cases it all comes down to engineering development time and costs.

Here are my top five techniques for accelerating engineering development. These five techniques are just a few examples of low-hanging fruit that companies and developers can consider when trying to accelerate engineering development.

  1. Master Your Defects
    Embedded software developers on average spend 20 – 40% of their time debugging their software. That sounds outrageous, but if you look at the Aspencore 2017 Embedded Survey results or speak to developers at embedded systems conferences you’ll find that figure is accurate!
  2. Have the Right Tools for the Job
    If you want to go fast, you need to have the right tools.
  3. Focus on Your Value; Outsource the Rest
    For engineers (and any business for that matter), it’s important to recognize what value you are bringing to the table.
  4. Leverage Existing Software Platforms
    Leveraging existing software platforms, even ones that are certified, can dramatically accelerate engineering development.
  5. Leverage Existing Hardware Platforms
    For many embedded products, the core hardware features tend to be the same. In fact, probably 80% is the same or similar guts and the remaining 20% is where companies differentiate.

more>

Create ‘Machines That See’ Using Industry Resources

By Jeff Bier and Brian Dipert – In the way digital wireless communication technology became pervasive over the past 10 years, embedded vision technology is poised to become deployed widely over the next decade. High-speed wireless connectivity began as a costly niche technology. Advances in digital integrated circuits were critical in enabling it to evolve from exotic to mainstream. When chips got fast enough, inexpensive enough, and energy-efficient enough, high-speed wireless became a mass-market technology. Similarly, advances in digital chips are now paving the way for the proliferation of embedded vision into high-volume applications. more> http://tinyurl.com/o5z7ff4

Related>

What Is Embedded Vision & What Can I Do With It?

By Ann R. Thryft – “What the heck is embedded vision?” you may be asking when you see the title of our next Continuing Education Center course, Fundamentals of Embedded Computer Vision: Creating Machines That See.

Until recently, because of its cost, embedded computer vision was found mostly in low-volume applications like machine vision. There, it usually consists of visible light and maybe also infrared cameras, plus various types of inspection systems, attached to robots or not, on the manufacturing floor, the assembly line, or the warehouse.

But then one of those magic moments happened. CMOS image sensors got cheaper, smaller, and much more powerful, and cameras started appearing everywhere — for example, in tablet PCs, the iPhone, and driver safety systems. Those high-volume apps drove prices down even further. more> http://tinyurl.com/blqde5v