Imagine there are no utilities, no communications and no infrastructure of any kind. That is the dark side of the Internet of Things, when malevolent hackers break into embedded systems and sabotage their operation. With 25 billion devices expected to be connected to the Internet this year, according to Cisco Systems Inc., such cyberattacks have the potential to disrupt everything from electricity grids to home refrigerators.
In reality it requires no imagination at all to envision such events. A major cyberattack on household smart appliances was detected in 2014, with more than 750,000 malicious email communications coming from more than 100,000 consumer devices such as home-networking routers and televisions, according the security provider Proofpoint Inc. Such an attack could easily move beyond hijacking IoT devices and expand to stealing data, compromising privacy, shutting down key systems and even sabotaging the operation of the entire infrastructure, leading to widespread economic and civil chaos.
At the time of the event, Michael Osterman, principal analyst at Osterman Research, warned that Internet-enabled devices are easy to penetrate, making them tempting targets for such attacks.
On the user side, consumers often aren’t aware of the issues relating to the hacking of their IoT systems. Unlike PCs, which consumers secure with antivirus software, IoT systems often have no equivalent means of protection to defend against cyberattacks on their systems.
On the supplier side, embedded developers now are adding IoT connectivity to a flood of designs that previously had no Internet links, from large-scale industrial equipment to smart LED lamps. However, many of these developers are inexperienced when it comes to issues relating to connectivity and Internet security.
With the number of IoT devices deployed worldwide set to double from the end of 2015 through 2020, it’s critical that embedded developers quickly add security into their repertoire.
To help embedded systems companies in this critical mission, microcontroller suppliers are providing security as part of their overall solutions—with a focus on simplifying the task of securing systems for developers.
For example, Atmel Corp. is offering MCUs that include the company’s CryptoAuthentication crypto technology. CryptoAuthentication is designed to protect embedded systems from cloning, counterfeiting and tampering, using key storage and cryptographic techniques, according to the company. Atmel describes the technology as a comprehensive security system, protecting not only the embedded device itself, but also the associated firmware, accessories and the network nodes.
The CryptoAuthentication system locks the key in protected hardware. This not only keeps the key secure, it simplifies the process of implementing security in systems. Cryptography is inherently difficult and complex, and requires expertise to perform properly. With Atmel having already completed all the engineering steps required to build security into its hardware, customers don’t need to have any expertise in cryptography.
With little awareness of security issues among consumers, it’s incumbent upon embedded developers to secure their systems and to work with providers that can streamline the process of protecting their products.