The recent hacking of security firm Stratfor’s website as well as Specialforces.com by hacker group Anonymous has led to questions of how secure large firms are against data theft. One can logically extend the question to the embedded world as well. A prime example in the embedded context is the Stuxnet worm that set back Iran’s nuclear ambitions. As the number of connected devices increases exponentially, the quality of security incorporated into them can only become more paramount. With groups like Anonymous quick to exploit weaknesses, it will likely be a continuous quest to avoid embarrassing security failures at the embedded level.
The needs for this security are evident on many levels. On one hand, as embedded devices are increasingly connected, there are all manners of confidential data that may begin to pass through these embedded systems. For instance, as hospitals begin to incorporate more embedded technology, will patient records become increasingly vulnerable to hacking? Undoubtedly yes. On the other hand, there is the issue of intellectual property in the embedded device itself. An example is the on-chip memory in a processor which holds valuable code and possibly important data. Both the confidential data packets and the processor IP will require innovative security in the coming years.
So, what is the embedded industry doing about it? While power, price, and performance have been the classical drivers in the embedded market, there is no doubt that embedded designers are beginning to take security very seriously. The areas of virtualization, encryption, deep packet inspection, etc. are all technical areas that offer potential solutions to security concerns. As an example, embedded processor supplier Intel’s McAfee division has developed a technology called DeepSAFE, that functions beneath the operating system to protect against stealth rootkits and ATPs. This kind of technology offers a new level of protection for embedded hardware. In all likelihood however, as we move into 2012, new technologies will offer new weaknesses for hackers to exploit and for embedded security to defend against such attacks.