Definition

embedded device hacking

Contributor(s): Matthew Haughn

Embedded device hacking is the exploiting of vulnerabilities in embedded software to gain control of the device.

Attackers have hacked embedded systems to spy on the devices, to take control of them or simply to disable (brick) them. Embedded systems exist in a wide variety of devices including Internet and wireless access points, IP cameras, security systems, pace makers, drones and industrial control systems. The hacking may carried out on flashable ROM chips or – as is more commonly the current practice -- on firmware.

Traditionally, many of the hardware and hardware systems controlled by embedded software have not been easily interfaced with.  This fact, along with the number of embedded operating systems, once provided relative security through obscurity. Because they were not considered prominent attack targets, embedded system security has not always been a prime concern. However, as more and more embedded devices are exposed to the Internet because of driving forces like the Internet of Things (IoT) and remotely-controlled industrial systems, the number of  targets is increasing all the time.

Before the extensible firmware interface came about, flashable BIOS ROMs could be infected with viruses. However, live updating has made forged or forced flashing through code exploits more common.

The Misfortune Cookie flaw, discovered in late 2014, allows an attacker to hack routers and gateway devices. Even more serious is Stuxnet, a worm targeting a rootkit exploit designed to compromise logic controllers in SCADA systems, which are used for nuclear power, water and sewage plants, as well as in telecommunications and oil and gas refining.

This was last updated in February 2015

Continue Reading About embedded device hacking

Dig Deeper on Internet of Things (IoT) Security Threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close