How to protect firmware from attack - Part 1
In the previous post – IoT Security – Hacking the Firmware #Day5 , we learn how to hack/reverse the firmware to exploit it, today let’s look at how to protect your IoT firmware from attack.
Remove IC Marking
In the old days, protecting your device from being hacked is as simple as scraping off the marking of the IC to make it hard for hacker to identify the IC thus harder to gather information and conduct attack, an IC with its marking removed looks like this,
Modern microcontrollers usually have security fuse integrated to prevent data in the memory from being sent to the output buffer, in short it stops read back of the flash and EEPROM memory and the only way to reset the security fuse is to erase the entire chip, which in turn protect our firmware.
Security fues comes in both hardware form and software form, both have its merits and shortcomings. For example, hardware security fuese are easier to integrate to the IC as it doesn’t require modification to the IC design but it’s also easier to be located and attacked using invasive methods. Software fuses though, are harder to located and attacked as it’s store in the first block of the EEPROM and only when correct password is given then can you read back from that memor. However, this is also subjected to invasive attack like noise attack etc.
Top Metal Shield
Some microcontroller has metal shield integrated which would monitor for any kind of short circuit and open circuit – especially common in invasive attacks. Once detected, it will erase all the data on the memory.
This method is good at protecting IC from invasive attack, but it’s hard to design and also easily subjected to abnormalities such as high/low temprature, electromagnetic noise etc.
This method encrypted the data transmitted between the memory and CPU, even if attacker gain access to the data, without a valid key, they are unable to decrypt the data and make sense of it. Also, by making the keys unique to each device, it becomes almost impossible to hack and gain access to the sensitive information on the device.
However, its strength is also its weakness, because its so complex, IC with bus encryption tends to be a lot more expensive and harder to order in small volume, even development tools are more expensive and generally require signing NDA (Non Disclosure Agreement), also it usually comes with very limited I/O port, making it unsuitable for many applicaitons.