Assessing & Mitigating Vulnerabilities of Embedded Devices

Embedded devices or embedded computer systems are the computing system specially designed for a dedicated purpose with the mechanical and electrical system. These embedded systems may have internet connectivity.

An example of the embedded system commonly used for general purposes are:

  • Digital Watches
  • Automobiles and other vehicles
  • Heating, ventilation, and air conditioning) systems
  • Digital Camera
  • Printer
  • Medical care devices
  • MP3 Players
  • Routers
  • Firewalls
  • Household appliances
  • Automated payment kiosks, fuel pumps, and automated teller machines (ATMs)
[rev_slider alias=”Advertisement-1″ /]

OWASP Top 10 Embedded Application Security

  • Buffer and Stack Overflow Protection
  • Injection Prevention
  • Firmware Updates and Cryptographic Signatures
  • Securing Sensitive Information
  • Identity Management
  • Embedded Framework and C-Based Hardening
  • Usage of Debug Code and Interfaces
  • Transport Layer Security
  • Data collection Usage and Storage – Privacy
  • Third Party Code and Components

A few of Design defects in embedded devices

  • Most of these devices utterly lack any means for remediating security defects that are found after manufacture.
  • Most of these devices have no built-in defenses at all.
  • Many of these devices have an easily guessed default login credentials.
  • Many of these devices lack any means for sending security and event alerts.

Go CISSP’s Home