Embedded system security is the reduction of vulnerabilities and protection against threats in software running on embedded devices.
Like security in most IT fields, embedded system security involves a conscientious approach to hardware design and coding as well as added security software, an adherence to best practices and consultation with experts.
In the past, the large number of embedded operating systems and the fact that these systems did not typically have direct Internet communication provided some degree of security, both through obscurity and the fact that they were not convenient targets.
Traditionally, many of the hardware and hardware systems controlled by embedded software have not been easily interfaced with as they had little need to be exposed. Trends like machine-to-machine (M2M) communication, the Internet of Things and remotely-controlled industrial systems, however, have increased the number of connected devices and simultaneously made these devices targets.
The similarities between embedded OSes and live firmware updating in conjunction with the increased number of communication points create a large increase in the attack surface: Each communication point is a potential point of entry for hackers. A device’s firmware may be hacked to spy on and take control of everything from Internet and wireless access points, USB accessories, IP cameras and security systems to pace makers, drones and industrial control systems.
While trends like BYOD, the IoT and automation speed ahead, the security of embedded systems often lags. As attacks on embedded systems and firmware become more common, however, it becomes increasingly crucial to protect these ubiquitous devices.