Assessing & Mitigating Vulnerabilities of Embedded Devices
Embedded devices or embedded computer systems are the computing system specially designed for a dedicated purpose with the mechanical and electrical system. These embedded systems may have internet connectivity.
An example of the embedded system commonly used for general purposes are:
- Digital Watches
- Automobiles and other vehicles
- Heating, ventilation, and air conditioning) systems
- Digital Camera
- Medical care devices
- MP3 Players
- Household appliances
- Automated payment kiosks, fuel pumps, and automated teller machines (ATMs)
OWASP Top 10 Embedded Application Security
- Buffer and Stack Overflow Protection
- Injection Prevention
- Firmware Updates and Cryptographic Signatures
- Securing Sensitive Information
- Identity Management
- Embedded Framework and C-Based Hardening
- Usage of Debug Code and Interfaces
- Transport Layer Security
- Data collection Usage and Storage – Privacy
- Third Party Code and Components
A few of Design defects in embedded devices
- Most of these devices utterly lack any means for remediating security defects that are found after manufacture.
- Most of these devices have no built-in defenses at all.
- Many of these devices have an easily guessed default login credentials.
- Many of these devices lack any means for sending security and event alerts.