Evolving security and vulnerability risks prompt calls for stronger security at device design and manufacturing.
Thanks to COVID-19, our reliance on virtual connectivity has never been greater. The connected devices powering our world come with varying degrees of built-in security, but when it comes to life-impacting equipment like medical devices, any level of vulnerability is a risk to patients whose health depends on the security of a device.
In recent years, cyber-attacks prompted refreshed guidance from regulators like the FDA, but COVID-19 has introduced new use cases that have manufacturers reevaluating their ability to build hardened security onto their devices. Equipment like insulin pumps, pacemakers and other devices used in-home or in the hospital are not simple telemetry devices, but rather artificial organs that continuously deliver real-time feedback and control loops that must be secured to a very high level.
Even as use cases evolve, applying best practices and avoiding common pitfalls will go a long way in ensuring security is established at design, and sustained through the device lifecycle. Here are three common pitfalls and the actions manufacturers can take to avoid them:
- Hardcoding credentials on to the device: A number of IoT devices are inherently limited due to hardcoded credentials – a common outcome when manufacturers embed passwords or shared keys into firmware to help simplify development or deployment at scale. If accidentally leaked, threat actors or individuals without proper authority can access an entire fleet of devices. Ensuring strong mutual authentication between any connected devices or applications within the overall deployment is key.
- Unsigned Firmware: A larger number of IoT devices go to market with unsigned firmware. As more devices connect, the need for firmware signing grows. It’s strongly recommended that device makers sign firmware with a tightly controlled code signing certificate that only permits access to authorized individuals; another critical step is to keep an internal audit trail of all code signing activities. Utilizing a trusted public-private key pair is the most effective means to secure device firmware and have the ability to check and verify the device’s signature before booting the device or installing firmware updates.
- Weak authentication and encryption: Implementing strong cryptographic keys and algorithms that match the device’s use case applications are critical to hardening its long-term security. Equally important is ensuring sufficient entropy to produce an encryption key; randomness in key generation is priority through this process.
Researchers recently released RSA key factoring findings uncovering IoT security risk. RSA multiplies two large prime numbers, producing a private key. Those two prime numbers have to be random, otherwise they’re derived from seeding that can be easily cracked with little compute power. The research found that with minimal effort and compute resources, common factors could be used to calculate the private key. The results identified 435,000 private keys that could be derived from public certificates broadly available on the Internet. Many of those private keys were associated with IoT devices, which natively lack entropy.
At design, it’s important to account for encrypt data at rest and data in transit. When thinking of the overall system, consider the end device (and any gateways, mobile applications or tablet that the user or a patient interacts with), the cloud or operation center, applicable applications and where and how to encrypt data to ensure appropriate access.
When it comes to cybersecurity best practice, digital signature verification and validation closes the loop, securing connections and firmware updates. Digital certificates have become an important tool in cryptographically binding identity into connected devices, allowing a public-private key pair for scalable and secure authentication. Whether a manufacturer makes small medical devices or a large piece of equipment that goes on a factory floor, digital certificates and Public Key Infrastructure (PKI) is a fundamental tool and framework that can support connected devices, as well as offline devices that require intermittent connection and credential changes over time.
With a standards-based approach rooted in cryptography and security-first mindset, manufacturers can build in scalable security at design that will keep medical devices secure – no matter the use case.
As the senior vice president of product management at digital identity firm Keyfactor, Mark Thompson is responsible for strategic management of the company’s product portfolio and market adoption. For more information visit: www.keyfactor.com or follow @Keyfactor on Twitter and LinkedIn.