April 22, 2022

Building a system of connected devices calls for a series of important security choices. All such devices - energy meters, vending machines, and grocery kiosks alike - face a unique set of challenges because they are active for long periods, often unattended, and vulnerable to both physical tampering and cyberattacks to access corporate networks.

After making your design choices, the next stage is to securely customize your connected devices.

Customization For Single-purpose Use

Operating systems allow you to customize your user interface to a degree. This can help defend against tampering attacks or accidental alteration by displaying custom boot screens that hide OS notifications, for example, or by ensuring the device automatically runs a single-purpose application without any human interaction.

Other methods to prevent an attacker from gaining unauthorized access can include:

Protecting against USB devices being inserted . Malicious users could insert a mouse, keyboard, storage device or even a specialist attack tool such as the USB Rubber Ducky or a Raspberry PI-based equivalent like P4wnP1.

. Malicious users could insert a mouse, keyboard, storage device or even a specialist attack tool such as the USB Rubber Ducky or a Raspberry PI-based equivalent like P4wnP1. Ignoring screen gestures or keypresses . If you have a screen or keyboard, make sure that there are no hidden screen gestures or ctrl-alt-delete type of key combinations that can provide a way to get outside the application and into the wider system.

. If you have a screen or keyboard, make sure that there are no hidden screen gestures or ctrl-alt-delete type of key combinations that can provide a way to get outside the application and into the wider system. Avoiding leaving any debug or maintenance accounts on deployed devices . Stumbling into an admin mode can be a great way to hack into a system.

. Stumbling into an admin mode can be a great way to hack into a system. Minimizing clues about which operating system is present. Ideally you want to give potential hackers no clues about the underlying operating system and technologies being used, as this can be used to indicate which attack methods may be most effective, or to exploit known vulnerabilities.

Ideally you want to give potential hackers no clues about the underlying operating system and technologies being used, as this can be used to indicate which attack methods may be most effective, or to exploit known vulnerabilities. Removing unused OS user interface and functionality to reduce the attack surface. This is an important step - remove any components you are not using to make yourself a smaller target. The fewer software components you have, the fewer common vulnerabilities and exposures (CVEs) will need to be patched. It also makes it more difficult to discover and move around the system (known as "lateral movement ") if an attacker does gain entry. One tactic, known as "living off the land," is to use existing utilities found on the system to gain access. This can be more difficult to detect than conventional techniques that rely on downloading files to the target system.

Device Hardening

Device hardening is the practice of configuring your intelligent device to minimize the attack surface. The aim is to reduce the amount of security weaknesses and attack methods that threat actors can exploit. We recommend taking the following critical steps to ensure your safety.

As part of a multi-layered security approach, device software should perform its work at the lowest possible privilege level on the local system. This minimises the time that code is running at a high-privilege level and makes it more difficult for an attacker to take advantage of this access to modify the system.

System segmentation, such as allowing a device access only to its own message queue, makes it difficult for an attacker to move from one compromised device to another, including the rest of the network.

Devices should be designed to be resilient to losing power or connectivity, operating as normally as possible when the network connection is lost and then recovering cleanly.

Secure boottechnology helps prevent malware from intercepting or changing low-level operating system processes, validating the digital signature of each component before the boot sequence can continue.

In today's connected world, security is paramount. With billions of devices talking to each other on our behalf, decision makers in industries from health and retail to energy and hospitality must anticipate risks and prevent them through rigorous design and implementation of connected systems.

