Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/1/2016
10:00 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers

The Internet of Things has alarming holes in security. The industry should look to video games for some answers.

What's the most secure connected device in your house right now? Would you believe me if I told you it's your Xbox One or PlayStation 4? Criminals have been trying to find ways to hack video game consoles to run pirated software since the days of the original Famicom and Nintendo Entertainment System. To combat this, each new generation of game system has shipped with increasingly robust hardware and software security mechanisms, making consoles among the hardest computing devices to crack.

Since the tricks that pirates use to gain privileges on video game consoles are very similar to the exploits cybercriminals use to hack computers and Internet of Things devices, IoT device manufactures can learn a lot about effective security design from consoles. Here are seven security mechanisms used by video game consoles that could and should be applied to IoT devices.

  1. TPM/security coprocessors and crypto keys: A trusted platform module (TPM) is a microcontroller dedicated to security that is built into many modern computer processers. Among other things, these modules can securely store unique crypto keys for the devices they're installed on — both keys to identify the particular device and the vendor's public keys to validate vendor communications. Once the hardware has private and unique keys, it can use them to build security checks into the system.
  2. Secure boot: One way hackers attack embedded devices or video game platforms is to modify the boot or startup process, which might allow them to load malicious firmware or a different operating system. If you have a device with crypto keys stored in a protected place, you can use those keys to verify every step of the boot process, making it exponentially more difficult for attackers to load unsanctioned software. Validating each bit of software that the boot process loads makes it exponentially more difficult for attackers to influence or manipulate this process. 
  3. Signed firmware updates: A security module in the processor also allows devices to store and protect a manufacturer key, which a device vendor can use to sign all of the software with permission to run on the system. This prevents attackers from loading new firmware or an operating system, or even from loading illegitimate software, including malware. Some IoT device makers that want to keep their system open to modification may not want to implement this, but the approach should be considered for any device that involves sensitive customer data.
  4. Encrypted memory and storage: In the past, attackers have leveraged memory problems to learn secrets about a system they can then use to gain elevated privileges on video consoles. Badly implemented software sometimes stores sensitive information in memory (such as keys). If this information isn't encrypted, attackers could use RAM scraping techniques to learn some secret that might give them deeper access to the device. Again, a secure, unique digital key can help. IoT devices can use their private key to encrypt anything in memory or written to storage devices.
  5. Hypervisors: A hypervisor is the operating system on top of all your virtual operating systems. If you run a virtual version of Windows in Microsoft Hyper-V, that virtual version of Windows doesn't have direct access to the physical device's CPU, memory, or I/O systems. Rather, the hypervisor acts as a logical layer of separation between the virtual operating system and the actual hardware, and this also acts as a security feature. Even if an attacker finds a way to hijack a virtual machine, he won't immediately gain full access to the physical device unless he can also gain control of the hypervisor itself.
  6. Online checks: Online key validation and health checks successfully fight piracy. Modern software uses the Internet to securely call home to a vendor's domain and validate whether the software running is properly licensed and unmodified. IoT vendors can use these same secure mechanisms to require their devices to call home with health information. If the vendor detects anything out of the ordinary, it can ban that system remotely.
  7. Regular, over-the-air updates: The software and video game industries have adopted regular, cyclical software update schedules using automated tools. Some devices allow over-the-air updates (OTA), which are installed automatically without requiring input or approval from users. This makes it much easier for vendors to plug many of the vulnerabilities attackers might use to hack the system. IoT manufacturers need to build automatic update systems into their devices so they can quickly push security patches when necessary.

It's worth noting that game consoles have more resources than many types of IoT devices. While it may be cost-prohibitive for IoT manufacturers to have security coprocessors in all devices, they can still learn from the security evolution of video game consoles. The process may be slow, but I predict we'll see IoT device vendors begin to adopt basic security practices by limiting unnecessary network services and communications channels, becoming stricter with default credentials, and using encryption more often for storage, network traffic, and secure boot. With billions of IoT devices out there and more to come, hopefully manufacturers will follow the gaming industry's example and begin implementing these security best practices soon.

Related Content:

Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4. Click for information on the briefing schedule and to register.

Corey Nachreiner regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the WatchGuard Security Center blog, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
dfroud
50%
50%
dfroud,
User Rank: Apprentice
11/3/2016 | 8:57:15 AM
Are we talking apples and apples?
This is actualy more of a question than comment, because I honestly don't know the answer.

The IoT will eventually involve billions of devices, some ridiculously small, so how many of your 'lessons' are practical outside of a device the size of a game console?

I'm not suggesting that IoT manufacturer's are TRYING to do these things, they will do the bnare minimum to get by. If that. I also assume you're not suggesting that this level go into every IoT device? So how, or who can determine the right level of security with the many variables at play?
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.