Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/1/2016
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers

The Internet of Things has alarming holes in security. The industry should look to video games for some answers.

What's the most secure connected device in your house right now? Would you believe me if I told you it's your Xbox One or PlayStation 4? Criminals have been trying to find ways to hack video game consoles to run pirated software since the days of the original Famicom and Nintendo Entertainment System. To combat this, each new generation of game system has shipped with increasingly robust hardware and software security mechanisms, making consoles among the hardest computing devices to crack.

Since the tricks that pirates use to gain privileges on video game consoles are very similar to the exploits cybercriminals use to hack computers and Internet of Things devices, IoT device manufactures can learn a lot about effective security design from consoles. Here are seven security mechanisms used by video game consoles that could and should be applied to IoT devices.

  1. TPM/security coprocessors and crypto keys: A trusted platform module (TPM) is a microcontroller dedicated to security that is built into many modern computer processers. Among other things, these modules can securely store unique crypto keys for the devices they're installed on — both keys to identify the particular device and the vendor's public keys to validate vendor communications. Once the hardware has private and unique keys, it can use them to build security checks into the system.
  2. Secure boot: One way hackers attack embedded devices or video game platforms is to modify the boot or startup process, which might allow them to load malicious firmware or a different operating system. If you have a device with crypto keys stored in a protected place, you can use those keys to verify every step of the boot process, making it exponentially more difficult for attackers to load unsanctioned software. Validating each bit of software that the boot process loads makes it exponentially more difficult for attackers to influence or manipulate this process. 
  3. Signed firmware updates: A security module in the processor also allows devices to store and protect a manufacturer key, which a device vendor can use to sign all of the software with permission to run on the system. This prevents attackers from loading new firmware or an operating system, or even from loading illegitimate software, including malware. Some IoT device makers that want to keep their system open to modification may not want to implement this, but the approach should be considered for any device that involves sensitive customer data.
  4. Encrypted memory and storage: In the past, attackers have leveraged memory problems to learn secrets about a system they can then use to gain elevated privileges on video consoles. Badly implemented software sometimes stores sensitive information in memory (such as keys). If this information isn't encrypted, attackers could use RAM scraping techniques to learn some secret that might give them deeper access to the device. Again, a secure, unique digital key can help. IoT devices can use their private key to encrypt anything in memory or written to storage devices.
  5. Hypervisors: A hypervisor is the operating system on top of all your virtual operating systems. If you run a virtual version of Windows in Microsoft Hyper-V, that virtual version of Windows doesn't have direct access to the physical device's CPU, memory, or I/O systems. Rather, the hypervisor acts as a logical layer of separation between the virtual operating system and the actual hardware, and this also acts as a security feature. Even if an attacker finds a way to hijack a virtual machine, he won't immediately gain full access to the physical device unless he can also gain control of the hypervisor itself.
  6. Online checks: Online key validation and health checks successfully fight piracy. Modern software uses the Internet to securely call home to a vendor's domain and validate whether the software running is properly licensed and unmodified. IoT vendors can use these same secure mechanisms to require their devices to call home with health information. If the vendor detects anything out of the ordinary, it can ban that system remotely.
  7. Regular, over-the-air updates: The software and video game industries have adopted regular, cyclical software update schedules using automated tools. Some devices allow over-the-air updates (OTA), which are installed automatically without requiring input or approval from users. This makes it much easier for vendors to plug many of the vulnerabilities attackers might use to hack the system. IoT manufacturers need to build automatic update systems into their devices so they can quickly push security patches when necessary.

It's worth noting that game consoles have more resources than many types of IoT devices. While it may be cost-prohibitive for IoT manufacturers to have security coprocessors in all devices, they can still learn from the security evolution of video game consoles. The process may be slow, but I predict we'll see IoT device vendors begin to adopt basic security practices by limiting unnecessary network services and communications channels, becoming stricter with default credentials, and using encryption more often for storage, network traffic, and secure boot. With billions of IoT devices out there and more to come, hopefully manufacturers will follow the gaming industry's example and begin implementing these security best practices soon.

Related Content:

Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4. Click for information on the briefing schedule and to register.

Corey Nachreiner regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the WatchGuard Security Center blog, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dfroud
50%
50%
dfroud,
User Rank: Apprentice
11/3/2016 | 8:57:15 AM
Are we talking apples and apples?
This is actualy more of a question than comment, because I honestly don't know the answer.

The IoT will eventually involve billions of devices, some ridiculously small, so how many of your 'lessons' are practical outside of a device the size of a game console?

I'm not suggesting that IoT manufacturer's are TRYING to do these things, they will do the bnare minimum to get by. If that. I also assume you're not suggesting that this level go into every IoT device? So how, or who can determine the right level of security with the many variables at play?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13173
PUBLISHED: 2020-05-28
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.