May 31, 2016

Over-The-Air Updates: Fixing software vulnerabilities is a vulnerability

As the world welcomes the new wave of IoT devices in through our WIFI-connected front doors and into our everyday lives, more and more companies are releasing ‘smart’ internet-enabled versions of historically analogue products that we would otherwise have to use without the aid of a mobile app. While the benefits of having everyday devices connected to the internet are clearly undeniable (although some items are more questionable than others), there are inherent risks that come with extending beyond the traditional “biological interface”. This 3-minute video by Deloitte University Press offers a great insight to the risks that I’m referring to.

With almost 6500 vulnerabilities published in 2015 alone, vendors often supply software updates to help close security holes (and introduce new functionality) that were unknown to the world when that Automated Teller Machine left the factory floor, or in light of recent events, when the car left the production line.

One big problem with delivering software update packages ‘over-the-air’ (OTA) is that it creates a paradoxical situation – in order to deliver the update and fix existing vulnerabilities, you are essentially allowing a remote code execution function, which itself is a vulnerability (a pretty serious one, actually). Without implementing the correct security around the update process, hackers are free to apply their own “special” updates that probably do not have full support from the manufacturer. These unofficial, often malicious, updates can change a devices behaviour well beyond what the manufacturer intended, and open up even more security vulnerabilities. Piloting a car remotely is all fun and games until you realise that you’re not James Bond, and the bad guys aren’t bothering to chase you because they can just switch off your engine from the comfort of their lair. Or remotely trigger your insulin pump, for a more fatal outcome.

Securing an OTA update mechanism is tough work though, there are a lot of different attack vectors to consider. The update file should be encrypted and delivered via a secure protocol, the package content must be cryptographically verified, and the endpoint device should be authenticated before any operation takes place. Tasks that appear to be (somewhat) simple on the surface, become wildly complicated when you begin to consider the supporting server side infrastructure – Build an encryption service, handle device authentication, implement service and data access controls, and arguably the most important part, pick a key management service. Oh, and all of those systems need to scale to support potentially hundreds of thousands of endpoint devices…

The ‘Device Authority Secure Over the Air Solution’ has been designed to provide organisations with a secure scalable platform, offering strong device authentication, and end-to-end encryption capabilities to facilitate the secure delivery of data to remote connected devices.

Download our new white paper on Device Authority’s Secure Over-the-Air Updates.

Watch our automotive video to see how Device Authority can secure devices and data in the Internet of Things.

Contact us to learn more about our powerful IoT security solutions.

James Penney