Hardware-based security needn't be hard or expensive
July 19, 2017
Earlier this month, Verizon announced that names, addresses, account details, and account PIN numbers of at least six million customers were exposed online. The breach was apparently due to its
Earlier this month, Verizon announced that names, addresses, account details, and account PIN numbers of at least six million customers were exposed online. The breach was apparently due to its third-party partner failing to limit external access to an Amazon S3 server. Also this month, Hard Rock Hotels & Casinos and Loews Hotels revealed that attackers gained unauthorized access to a third-party reservation system over a seven-month period. These are just the latest examples of cybersecurity issues that seem to make headlines on a regular basis.
Some security vulnerabilities can be closed off by relatively simple processes and tactics, such as limiting external access in the Verizon case, or changing IoT device default passwords. In other cases, it’s prudent to design security in from the ground up. Unfortunately, too many device makers overlook security, assuming that it’s too costly and/or time-consuming. But what about the costs of a breach, in terms of lost revenue, reputation damage, or even personal harm? The table shows a comparison of the impact on profit when security is integrated into a design and when it’s not.
As our everyday electronic devices get more connected, they represent more opportunities for hackers. We’ve already seen incidents of seemingly innocuous things like security cameras, toys, and even medical devices getting hacked. Wired counts DDoS attacks as the biggest security threats for this year, along with ransomware, weaponized consumer drones, and another iPhone encryption clash.
As RSA notes in its white paper, 2016: Current State of Cybercrime: “From mobile threats and ransomware to the role of biometrics in reducing fraud, myriad threats exist across the cyber landscape and the commoditization of cybercrime is making it easier and cheaper to launch attacks on a global scale.”
Fortunately, with the availability of embedded security technologies, building security into a design from the beginning can be done easily and cost-effectively. Software encryption is perceived to be cost effective and easy to implement and update. However, a security flaw in the operating system (OS) can provide a compromise point in the encryption code. In fact, given how complicated OSs and their patches are, it’s hard to exhaustively determine all of the potential interactions that could trigger a breach.
By comparison, hardware-based security can be a more effective option. One of Maxim’s security experts, Gregory Guez, discusses the pros and cons of software- and hardware-based security and how secure ICs can safeguard any application in the white paper Why Hardware-Based Design Security is Essential for Every Application.
Christine Young is a writer and blogger at Maxim, where she covers topics including automotive, wearable, IoT, and security technologies.