A decade ago, embedded device security was primarily overlooked and confined to specific use cases such as payment, connectivity, and identification. However, the surge in embedded technology across various sectors, including IoT, automotive, and energy, has made security a critical issue for both consumers and manufacturers.
Cybersecurity discussions frequently focus on threats like viruses and ransomware, which dominate headlines. For instance, in August 2022, South Staffordshire PLC, a British water company, fell victim to a Cl0p ransomware attack. Although the water supply remained unaffected, the incident exposed the susceptibility of IoT devices in vital sectors to cyber extortion and data breaches. Similarly, in March 2021, a hack of 150,000 Verkada surveillance cameras revealed vulnerabilities at high-security sites, prompting calls for stronger security measures.
Beyond these visible threats lies a less discussed yet equally damaging risk: code theft. A Thales 2020 study revealed that 30% of cybercrime revenues stem from Intellectual Property (IP) theft. Losing or having this code copied can severely impact a company’s revenue and reputation.
The Sega versus Accolade case illustrates this issue. Accolade reverse-engineered Sega’s Genesis console to publish games without paying royalties. Initially, a court ruled in Sega’s favor, forcing Accolade to recall its games. However, Accolade’s appeal succeeded, arguing that their reverse engineering was fair use, leading to a decision questioning the enforcement of IP rights on innovations.
These incidents underline the urgent need for standardized security protocols and heightened awareness to combat the evolving landscape of cyber threats, protecting both the technology and the intellectual property that drives innovation.
Creating innovative devices without secure software makes them vulnerable to espionage and counterfeiting, risking your R&D efforts and investments. The possibility of competitors cloning or stealing your technology highlights the crucial need for IP protection. Once IP is stolen, it’s challenging to prove the theft. Launching a successful application not only puts you ahead of competitors but also attracts unwanted attention. Competitors, tech providers, and customers may try to access and reverse engineer your source code, potentially bypassing security measures or license checks for their benefit.
Your code faces greater risks in certain scenarios, necessitating heightened IP protection, especially when exporting your app, sharing it with third parties, publishing it on platforms like the AppStore or Google Play, or after significant R&D investment has made your app highly valuable.
Cybersecurity isn’t just about protecting data in transit; it’s also crucial to safeguard data on devices to prevent theft or tampering. For embedded devices, ensuring data confidentiality and integrity – keeping information secret and unchanged – is vital during transmission and storage.
Take a smart home system: encryption keys across devices like smart locks and cameras need secure management. If a hacker gets a key from one device, they could access data across the network, risking personal information.
Similarly, in a manufacturing plant, if a sensor is hacked to change its readings, it could lead to wrong decisions, damage, or safety hazards.
The diversity in embedded devices’ capabilities makes a universal solution for security difficult. Devices vary in processing power and connectivity, affecting their support for advanced security. Throughout a device’s lifecycle—from manufacturing to decommissioning—each phase has its own security needs. Secure setup of credentials is crucial at the start, and managing updates and revocations is key during use. Devices in public places risk physical tampering, so security must also protect against physical threats to keep data and device integrity intact.
