When I first started writing software for a living (ahem, almost 30 years ago), I specialized in writing embedded software for military systems, aircraft and medical devices. A bug in this type of software has the ability to bring down an aircraft, accidentally fire a missile, or misdiagnose a terminal disease. So, serious stuff.
Back then, our software update process was laborious and time-consuming but very secure. We would pull out an EEPROM from the device, erase it with a UV light source, reprogram it, and then reinsert into the device. We used a simple checksum to ensure that the software was saved correctly to the EEPROM and to also verify the checksum during bootup to confirm that the software hadn’t been corrupted by a cosmic ray.
To update software that was already in production required bringing the device back into the factory and physically swapping out its PROM memory with a new PROM with the updated software.
Back then, it was very difficult for a third party to manipulate (e.g. add malware to) embedded software because the device needed to be physically accessible to be updated.
Things have changed a lot in 30 years, haven’t they? Today, IoT (Internet of Things) devices can be found anywhere and everywhere. From front door locks, thermostats, wearable health monitors, smart factory equipment, autonomous farm equipment to even your refrigerator. These devices, and the software that runs them, are involved in almost all aspects of our lives. And perhaps most impressively, software for these devices is updated frequently, “automagically” over the Internet. Because of this, we no longer use simple checksums to protect the software. Instead, we use code signing.
Learn more about Device Authority on the Venafi Marketplace.
Code signing is a software development process of digitally signing executable code to prove the identity of the software author AND guarantees that the code has not altered or corrupted since it was published. Both these points are extremely important for building trust from your customers and safely distributing your software.
As the number of Internet of Things devices and applications continues to grow in 2020, unauthorized software and firmware updates are a major threat vector for IoT cyber-attacks. IoT breaches can have physical consequences that result in loss can also introduce substantial legal liability and erode brand reputation and trust, with immense costs due to certificate recall, breach response, as well as loss of overall revenue.
In short, your software is your product and your product is your brand. If cybercriminals or a rogue employee push out a malicious software update to your customers, they will blame you for failure to protect them rather than the individuals responsible for the malicious update.
With attacks becoming increasingly sophisticated and hard to defend against, they can cost organizations a lot of money each year. According to an Accenture report, the average cost of cybercrime grew by more than $1 million in 2018 to $13 million (about £9.9 million) per organization. Due to the implications of these costs, people are extremely cautious when it comes to downloading executable files from the internet. It’s worth doing whatever it takes to gain the trust of your customers and potential customers. Online distribution means you can distribute software updates faster. This broadens your potential customer base and there can be considerable savings since there is no software media, packaging or postage costs.
Enterprise organizations need a method to trust and verify IoT device updates as these unverified devices are an easy entry point for attackers. Any unsigned updates can be tampered with in transit, so there is a need to prevent malicious updates from being applied to devices.
However, code signing software alone may no longer be enough to prevent cybercriminals from their work as they now target the theft or misuse of private code signing keys. They use these rogue keys to either code sign malware or tamper with your software. It’s been reported that over 22M code signing keys have been stolen or forged from legitimate businesses. This should be a concern to ALL software-oriented businesses.
To protect against theft and misuse, companies need to implement a secure code signing process to protect their private code signing keys. Enforcing cryptographic and other certificate policies, limiting access to code signing keys, requiring approvals for each use of private code signing keys, and never allowing a code signing key to leave secured storage, even for a code signing operation, are a few steps that should be taken.
But these crucial security steps may have an unanticipated side effect—interfering with the develop/build/release/deliver software process. This risk is especially prevalent in situations where a code signing system isn’t integrated with the development teams’ tools and if it can’t be automated. What’s the result? Development teams bypass security measures, or try to handle it on their own, often incorrectly. This is especially true for IoT.
Today there is a severe lack of integration with existing enterprise systems. Existing code-signing solutions are not integrated with the enterprise IoT workflows and existing IoT code-delivery processes not readily integrated with code-signing workflows. As new IoT Project are created, new solutions are built from scratch for each use case, which inevitably means expensive bespoke development work.
To address the challenges for an effective code signing solution for IoT Enterprise projects, Venafi has teamed up with Device Authority. Venafi’s CodeSign Protect solution is now integrated with Device Authority’s KeyScaler platform.
KeyScaler provides an automated solution to manage the lifecycle of updates that are delivered to a device. Provisioning unique certificates, establishing trust between a device and server, signing code using a pre-configured Certificate Authority with policy-based authorization, and delivering encrypted assets to IoT devices—without requiring any human intervention.
This solution closes the gaps open to exploitation by integrating and using Venafi CodeSign Protect to secure the code signing process throughout the secure update lifecycle.
This can be accomplished in 3 simple steps:
Through seamless integration between Venafi CodeSign Protect and Device Authority KeyScaler solution you to secure your code signing, update delivery process for IoT devices and deliver critical requirements for IoT environments:
Want to learn more? Join Venafi at the Device Authority IoT Summit on February 23, 2021, where we discuss Protecting Your IoT Software Delivery Against Malware Insertion
This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.