Just imagine, it’s your anniversary, your birthday or a holiday and a new package arrives addressed to you. Expectantly you open it to find the latest IoT gadget, maybe an activity tracker or even a connected sprinkler system controller – something you’ve been wanting. “Nice!” you think, but who could have sent it? Pushing its origin aside for a bit, you eagerly set it up and pair it with your smart phone using your home Wi-Fi network credentials. BAM! In that moment, and unbeknownst to you, you have just created an opportunity for an attacker to gain access to your valuable data.
By now, most are aware of email phishing scams used to inject malware onto personal computing devices, but what about a phishing attack that uses an IoT edge node as a lure, like the scenario described above? As attackers and attacks become more sophisticated, this scenario is increasingly possible. Along with the growing expertise of the attacker, there is expanding technology adoption by the consumers fueling the expansion of IoT and increasing the probability of acceptance of an IoT edge node “bait.”
So, what went wrong? What could have been done to prevent it? There are many scenarios that that could lead to this type of attack where a familiar product is repurposed for malicious intent. The firmware that was initially deployed, and or the firmware update that came after deployment was not properly protected by the device manufacturer.
Just like the trap door functions that enable cryptography, there are some simple steps that can be taken in the manufacturing and development of embedded devices that can make this type of attack extraordinarily more difficult to perform in the field. With the right technology, firmware can be placed into internal memory and permanently locked down. Firmware updates can also be protected by cryptography.
Let’s have a look at how NXP’s security technology is used to protect against this attack scenario. NXP’s Kinetis MCU and its bootloader enablement, the Kinetis bootloader or KBOOT integrate hardware and software features to enable secure initial provisioning of firmware along with protection of future downloads of firmware in end devices. KBOOT is a flash or ROM resident bootloader along with host tools that are designed to enable the programming of Kinetis MCUs through the entire product life cycle.
This KBOOT enablement makes use of the Kinetis MCU security technology by providing software firewalls and the ability to leverage cryptographic hardware acceleration for the handling of firmware programming into internal or external memories. KBOOT recognizes the chip level security settings. On some devices, once in secure modes, the only method for using KBOOT to program firmware is to make use of encrypted binary files. All other attempts to update firmware will fail. This means that only the holder of the Secure Binary Key can create the files that will be accepted for downloading firmware to a Kinetis MCU using KBOOT.
KBOOT is provided as full source code and is highly configurable allowing for more customization to enhance the security for the application firmware. For example, the Kinetis MCU can be configured to place the bootloader in flash and to make the bootloader immutable using chip security settings. With this protection, an attacker would have to completely remove and replace the IC to make a clone. Because the software is open source, KBOOT could be modified to customize the cryptographic and integrity checking algorithms that the end user desires. Adding the ARM mbed TLS to perform firmware hashing, signature generation and checking before allowing execution is easily achievable and greatly strengthens device security. Another possibility for a very strong security implementation would be to leverage an embedded secure element in addition to KBOOT to strengthen the product life cycle security by adding the authentication of devices using secure servers.
As consumers, there is not much we can do about this type of focused phishing attack. Even knowing about the possibility does not ensure we will always be protected. But as a world leader in secure connectivity solutions, NXP is providing solutions for such threats. Using KBOOT software and the Kinetis MCU with mbed TLS will allow embedded developers to more easily integrate the firmware protection needed to ensure these attacks are mitigated.
Learn more about NXP’s security technology for Kinetis MCUs, visit: nxp.com/Kinetis/Security.
How to protect your firmware against malicious attacks using the latest Kinetis development boardTuesday, April 25 | 10 a.m. Central | Register Now