Endpoint

11/1/2016
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers

The Internet of Things has alarming holes in security. The industry should look to video games for some answers.

What's the most secure connected device in your house right now? Would you believe me if I told you it's your Xbox One or PlayStation 4? Criminals have been trying to find ways to hack video game consoles to run pirated software since the days of the original Famicom and Nintendo Entertainment System. To combat this, each new generation of game system has shipped with increasingly robust hardware and software security mechanisms, making consoles among the hardest computing devices to crack.

Since the tricks that pirates use to gain privileges on video game consoles are very similar to the exploits cybercriminals use to hack computers and Internet of Things devices, IoT device manufactures can learn a lot about effective security design from consoles. Here are seven security mechanisms used by video game consoles that could and should be applied to IoT devices.

  1. TPM/security coprocessors and crypto keys: A trusted platform module (TPM) is a microcontroller dedicated to security that is built into many modern computer processers. Among other things, these modules can securely store unique crypto keys for the devices they're installed on — both keys to identify the particular device and the vendor's public keys to validate vendor communications. Once the hardware has private and unique keys, it can use them to build security checks into the system.
  2. Secure boot: One way hackers attack embedded devices or video game platforms is to modify the boot or startup process, which might allow them to load malicious firmware or a different operating system. If you have a device with crypto keys stored in a protected place, you can use those keys to verify every step of the boot process, making it exponentially more difficult for attackers to load unsanctioned software. Validating each bit of software that the boot process loads makes it exponentially more difficult for attackers to influence or manipulate this process. 
  3. Signed firmware updates: A security module in the processor also allows devices to store and protect a manufacturer key, which a device vendor can use to sign all of the software with permission to run on the system. This prevents attackers from loading new firmware or an operating system, or even from loading illegitimate software, including malware. Some IoT device makers that want to keep their system open to modification may not want to implement this, but the approach should be considered for any device that involves sensitive customer data.
  4. Encrypted memory and storage: In the past, attackers have leveraged memory problems to learn secrets about a system they can then use to gain elevated privileges on video consoles. Badly implemented software sometimes stores sensitive information in memory (such as keys). If this information isn't encrypted, attackers could use RAM scraping techniques to learn some secret that might give them deeper access to the device. Again, a secure, unique digital key can help. IoT devices can use their private key to encrypt anything in memory or written to storage devices.
  5. Hypervisors: A hypervisor is the operating system on top of all your virtual operating systems. If you run a virtual version of Windows in Microsoft Hyper-V, that virtual version of Windows doesn't have direct access to the physical device's CPU, memory, or I/O systems. Rather, the hypervisor acts as a logical layer of separation between the virtual operating system and the actual hardware, and this also acts as a security feature. Even if an attacker finds a way to hijack a virtual machine, he won't immediately gain full access to the physical device unless he can also gain control of the hypervisor itself.
  6. Online checks: Online key validation and health checks successfully fight piracy. Modern software uses the Internet to securely call home to a vendor's domain and validate whether the software running is properly licensed and unmodified. IoT vendors can use these same secure mechanisms to require their devices to call home with health information. If the vendor detects anything out of the ordinary, it can ban that system remotely.
  7. Regular, over-the-air updates: The software and video game industries have adopted regular, cyclical software update schedules using automated tools. Some devices allow over-the-air updates (OTA), which are installed automatically without requiring input or approval from users. This makes it much easier for vendors to plug many of the vulnerabilities attackers might use to hack the system. IoT manufacturers need to build automatic update systems into their devices so they can quickly push security patches when necessary.

It's worth noting that game consoles have more resources than many types of IoT devices. While it may be cost-prohibitive for IoT manufacturers to have security coprocessors in all devices, they can still learn from the security evolution of video game consoles. The process may be slow, but I predict we'll see IoT device vendors begin to adopt basic security practices by limiting unnecessary network services and communications channels, becoming stricter with default credentials, and using encryption more often for storage, network traffic, and secure boot. With billions of IoT devices out there and more to come, hopefully manufacturers will follow the gaming industry's example and begin implementing these security best practices soon.

Related Content:

Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4. Click for information on the briefing schedule and to register.

Corey Nachreiner regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the WatchGuard Security Center blog, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dfroud
50%
50%
dfroud,
User Rank: Apprentice
11/3/2016 | 8:57:15 AM
Are we talking apples and apples?
This is actualy more of a question than comment, because I honestly don't know the answer.

The IoT will eventually involve billions of devices, some ridiculously small, so how many of your 'lessons' are practical outside of a device the size of a game console?

I'm not suggesting that IoT manufacturer's are TRYING to do these things, they will do the bnare minimum to get by. If that. I also assume you're not suggesting that this level go into every IoT device? So how, or who can determine the right level of security with the many variables at play?
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.