Understanding the critical vulnerabilities of edge devices deployed in the wild.
Physical assets are often deployed in the wild, beyond the security of a data center.
Defining WHO is responsible for securing these edge assets is an obvious first step, but one that is often deferred.
Undetected access to edge compute devices makes digital assets highly vulnerable.
Key credentials, software IP and critical process data can be easily exposed without detection.
The impact of breaching a five dollar SD card can easily run into millions of dollars, even loss of life.
Physical access exploits also can include intercepting open wireless communications at short range.
Every physical asset should be uniquely identifiable, provisioned and managed.
Management of these devices should be consistent with and integrated into existing enterprise security frameworks and functions.
First think and get organized
Many operational assets have been deployed outside the security of a data center and the purvue of IT management. The responsibility for securing these ‘edge assets’ is often unclear within an organization; should development, operations, IT or maintenance take the lead? Getting clarity on this responsibility is an important starting point. Upcoming legislation and showcase criminal negligence trials are sure to drive closer attention in coming years to this important organizational factor .
Life in the wild is very different from a secured data center.
In contrast, a typical edge asset’s security might look like this application which is physically vulnerable, easy to access, yet likely in a low traffic area with minimal effective surveilance.
For an exposed product like this we would hope to see several layers of physical access controls with tamper detection at the outer and very inner layers. (Stock photo, actual design unknown)
Motivation & Context
Often it’s most instructive to consider the value of commodity or utility conveyed by the edge asset. This can be many times the face value of the underlying asset. In other cases the value is in the data collected by the assets, or a proprietary algorithm, or simply the keys and credentials to upstream digital services and assets.
Don’t waste too much time asking WHY someone might want to compromise your edge device. Someone will – whether a lone hack, state actor or cyber terrorist – it’s just a matter of when and how. Do spend your time considering what the impact of that breach could be and what mitigation you can build into your product design upfront. Cleaning up after the fact can be painful or lethal to your organization, especially if best and obvious practises were not followed.
Anatomy of CyberPhysical exploits
Medical Device Exploit
On March 21, 2019, the US Department of Homeland Security reported a vulnerability in the Medtronic Conexus Radio Frequency Telemetry Protocol, impacting medical devices.
This is an example of a wireless exploit that took advantage of close promixity and lack of a basic authentication of authorization protocol within the devices.
“The Conexus telemetry protocol utilized within this ecosystem does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.” Read the full report >
SD Card Exploit
The SD card on many single board computers is easily removable, by design, for the convenience of developers and manufacturing. Unfortunately this convenience is also on offer to hackers. Within just a few minutes, they can easily remove the card, clone and or modify the contents, then re-insert – without detection.
This attack vector can be mitigated by encrypting the SD card with device unique credentials, such that a cloned copy cannot easily be decrypted on another system under the attackers control and timeline.
An additional layer of physical tamper detection can significantly raise the barrier to an attack – as it slows the timeline and lowers the chances of successfully removing and re-installing an SD card. Learn how to encrypt an SD card >
NIST Internal Report 8259
Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers
Applied Cybersecurity Division, Information Technology Laboratory, et al
This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8259-draft
“For example, if a device has local interfaces on its external housing and the device is likely to be deployed in public areas, approaches include offering a tamper-resistant enclosure to prevent physical access to the interfaces, and offering a configuration option that logically disables the interfaces.” Read NIST report >
Critical infrastructure companies and the global cybersecurity threat. McKinsey Article, April 2019
Operational technology assets are increasingly being connected to IT networks and they are often physically exposed and sometimes remote. Authorized logical and physical access is required by good actors for installation, field service and lifecycle management. Yet sufficient logical and physical security needs to be in place to keep out bad actors.
Exposure to third-party risk: “The electricity, oil-and-gas, and mining sectors have been rapidly digitizing their operational value chains. While this has brought them great value from analysis, process optimization, and automation, it has also broadened access to previously isolated ICS and SCADA devices by users of the IT network and third parties with physical and/or remote access to the OT network. In many cases, this digitization has allowed access to these OT devices from the wider internet, as well. ” Read McKinsey report >
Zymbit adopts a layered approach to cyberphysical security – sometimes called ‘defense in depth’. Our modular security products are designed to work with popular single board computers, providing file encryption, physical security, a measured device identity and secure cryptographic engine. These layers of defense work together seamlessly to extend the security envelope from cloud service to sensors.