Explain the security implications of embedded and specialized systems Flashcards
Embedded systems
Raspberry Pi
Field-programmable gate array (FPGA)
Arduino
A computer system that is designed to perform a specific, dedicated function, such as a microcontroller in a medical drip or components in a control system managing a water treatment plant.
Raspberry Pi
The Raspberry Pi is a low cost, credit-card sized computer that plugs into a computer monitor or TV, and uses a standard keyboard and mouse. It is a capable little device that enables people of all ages to explore computing, and to learn how to program in languages like Scratch and Python. It’s capable of doing everything you’d expect a desktop computer to do, from browsing the internet and playing high-definition video, to making spreadsheets, word-processing, and playing games.
Field-programmable gate array (FPGA)
A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer or a designer after manufacturing – hence the term field-programmable. The FPGA configuration is generally specified using a hardware description language (HDL), similar to that used for an application-specific integrated circuit (ASIC). Circuit diagrams were previously used to specify the configuration, but this is increasingly rare due to the advent of electronic design automation tools.
Arduino
The main difference between them is: Arduino is microcontroller board, while Raspberry Pi is a microprocessor based mini computer (SBC). The Microcontroller on the Arduino board contains the CPU, RAM and ROM. All the additional hardware on Arduino Board is for power supply, programming and IO Connectivity.
Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
Facilities Industrial Manufacturing Energy Logistics
A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas.
Facilities
Facilities refers to site and building management systems, typically operating automated heating, ventilation, and air conditioning (HVAC), lighting, and security systems.
Industrial
Industrial can refer specifically to the process of mining and refining raw materials, involving hazardous high heat and pressure furnaces, presses, centrifuges, pumps, and so on.
Manufacturing
Fabrication and manufacturing refer to creating components and assembling them into products. Embedded systems are used to control automated production systems, such as forges, mills, and assembly lines. These systems must work to extremely high precisions.
Energy
Energy refers to power generation and distribution. More widely, utilities includes water/sewage and transportation networks.
Logistics
Logistics refers to moving things from where they were made or assembled to where they need to be, either within a factory or for distribution to customers. Embedded technology is used in control of automated transport and lift systems plus sensors for component tracking.
Internet of Things (IoT)
Sensors Smart devices Wearables Facility automation Weak defaults
Devices that can report state and configuration data and be remotely managed over IP networks.
Sensors
Sensors—IoT devices need to measure all kinds of things, including temperature, light levels, humidity, pressure, proximity, motion, gas/chemicals/smoke, heart/breathing rates, and so on. These are implemented as thermocouples/thermistors, infrared detectors, inductive, photoelectric, and capacitative cells, accelerometers, gyroscopes, and more.
Smart devices
Smart devices—IoT endpoints implement the function, such as a smart lightbulb or a video entryphone that you can operate remotely. These devices implement compute, storage, and network functions that are all potentially vulnerable to exploits. Most smart devices use a Linux or Android kernel. Because they’re effectively running mini-computers, smart devices are vulnerable to some of the standard attacks associated with web applications and network functions. Integrated peripherals such as cameras or microphones could be compromised to facilitate surveillance.
Wearables
Wearables—some IoT devices are designed as personal accessories, such as smart watches, bracelets and pendant fitness monitors, and eyeglasses. Current competing technologies are based on FitBit, Android Wear OS, Samsung’s Tizen OS, and Apple iOS, each with their own separate app ecosystems.
Facility automation
Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.
Weak defaults
When they are designed for residential use, IoT devices can suffer from weak defaults. They may be configured to “work” with a minimum of configuration effort. There may be recommended steps to secure the device that the customer never takes.
Specialized
Medical systems
Vehicles
Aircraft
Smart meters
There are also specialized systems installed within office networks, such as printer and Voice over IP (VoIP) equipment. These systems must not be overlooked by security monitoring procedures.
Medical systems
Medical devices represent an array of systems potentially vulnerable to a wide range of attacks. It is important to recognize that use of these devices is not confined to hospitals and clinics but includes portable devices such as cardiac monitors/defibrillators and insulin pumps. As well as unsecure communication protocols, many of the control systems for these devices run on unsupported versions of operating systems (such as Windows XP) because the costs of updating the software to work with newer OS versions is high and disruptive to patient services. Some of the goals of attacks on medical devices and services are as follows:
Use compromised devices to pivot to networks storing medical data with the aim of stealing protected health information (PHI).
Hold medical units ransom by threatening to disrupt services.
Kill or injure patients (or threaten to do so) by tampering with dosage levels or device settings.
Vehicles
Automobiles and unmanned aerial vehicles (UAV), or drones, contain sophisticated electronics to control engine and power systems, braking and landing, and suspension/stability. Modern vehicles are increasingly likely to have navigation and entertainment systems, plus driver-assist or even driverless features, where the vehicle’s automated systems can take control of steering and braking. The locking, alarm, and engine immobilizer mechanisms are also likely to be part of the same system. Each of these subsystems is implemented as an electronic control unit (ECU), connected via one or more controller area network (CAN) serial communications buses.
Aircraft
Smart meters
A utility meter that can submit readings to the supplier without user intervention.
Voice over IP (VoIP)
Types of embedded systems are used to implement both Voice over IP (VoIP) endpoints and media gateways. Endpoints can be individual handsets or conferencing units. A media gateway might use a separate firmware/OS to implement integration with telephone and cellular networks.
Heating, ventilation, air conditioning (HVAC)
Drones
See Vehicles
