In the medical imaging sector, 83 percent of all devices run with operating systems which do not receive any support. 98 percent of the data traffic from IoT devices is not encrypted and 57 percent of all IoT devices are susceptible to severe and moderate attacks. This is the result of an analysis of 1.2 million IoT devices in IT departments and healthcare organizations in the US by the research group “Unit 42” of Palo Alto Networks.
One reason for the high percentages: More than half of the devices are still based on Windows 7. This is a set table for attackers – and a challenge for embedded developers. When developing new applications and systems, security best practices will not necessarily be fully met. Thus, the responsibility to make these systems as secure as possible lies with the developers. Many attack vectors in IT and embedded systems make use of classic weak points such as buffer overruns or null pointer dereferences. These are almost always programming errors that happen quickly while being difficult to detect. Ultimately, this is due to structural weaknesses in the main languages used, C and C ++. When developing embedded software, C and C ++ are still the most popular programming languages. However, for the sake of flexibility, the definition of what a valid C program consists of is very liberal – the compilers cannot detect many errors. In addition, there are numerous ambiguities that the compilers have to resolve based on different interpretations of the standard.
In conventional IT, users are used to the fact that errors are continuously corrected with the help of updates or that systems are protected with separate security products. In the embedded world, however, the situation is different. On the one hand, it is not enough to offer an update when to react to an immediate threat: a buffer overflow in a pacemaker, unauthorized remote access to a moving car or the manipulation of sensor data in industry can cause immense damage. The past few years have shown that these are not threats straight out of a science fiction novel. For example, there were recalls for an insulin pump and a pacemaker because they had security gaps that made attacks possible. Fortunately, the attack vectors were not used. On the other hand, the approaches of traditional IT in the embedded area are simply not practical. Many devices are connected to the Internet with very little transmission capacity. A few kilobits per second are sufficient to transmit the measurement data from a sensor. However, the capacities are too small for comprehensive software updates, especially since regulatory time slots need to be considered in some of the radio segments used. In addition, most embedded devices are widely distributed or mobile. Firewalls can also only be used to a very limited extent to protect against undesired activities. Hardware resources that are limited for cost reasons make updates even more difficult.