In the IoT, businesses have to worry about three main security vectors. I talk often about the threats to OT (operational technology) networks and the companies that protect them, such as Xage and CyberX. I talk as well about the threats on IT networks, to which there are entire practices at most major tech firms devoted to handling, both on the network and the device side.
Then there is embedded systems security aimed at devices. These devices are generally built to a specific function and have fairly limited resources. As the IoT expands, though, we are seeing “embedded devices” that comprise everything from a gateway running Linux to a sensor running a tiny real-time operating system (although purists will argue that an embedded device runs an RTOS). Securing all of these devices is tough.
They are tough to secure because there are so many of them and because they each have such different characteristics, both in terms of their operating systems as well as their computing capability. Some are powered. Some rely on batteries or harvested energy. Some have lots of memory, and some have a megabyte or less. And there are millions of them already out in the world.
That’s why numerous companies are coming out with security solutions aimed at this market. One of the more recent ones is Karamba, an Israeli company that puts its own security software on a device and then links it back to a cloud service to ensure that the device remains secure throughout its lifetime. The company was founded in 2016 and started selling its software 18 months ago. It currently has 12 million devices running its software, with customers in both the automotive and industrial world.
Companies using Karamba embed its software as part of the device toolchain during its manufacturing process. The software then checks constantly to ensure that the device firmware and functionality don’t deviate from what’s expected. It does through by reverse-engineering the expected behavior of files that control how a device accesses memory.
This is important because it prevents specific types of attacks aimed at trying to compromise how the device is designed to operate and secretly try to load malware inside the device that can then be used to take it over. These attacks are common ways hackers try to get inside systems like cars or industrial operations, where the networks are air gapped or access is extremely limited.
It also is useful in areas such as automotive or even medical device security because these products can be made of many different systems provided by a variety of suppliers. When dealing with a complex network of suppliers, it can be impossible to know what software is on a device and thus track vulnerabilities when they are announced later on.
For example, the Ripple20 TCP/IP vulnerabilities that let attackers access devices using code provided by Treck, offers an example of how long lives and a lack of understanding about what code suppliers used can cause problems for device makers. In the case of a remote exploit trying to change how a device runs, Karamaba’s software halts the process and notifies the security team.
These sorts of security solutions will work in conjunction with other security software designed to monitor the behavior of devices on both industrial and IoT networks. However, a challenge associated with them is that they must be installed on new devices as opposed to those already in the field.
Karamba’s software is compact, taking roughly 5% of the CPU availability to check how the device is accessing memory whenever a process happens. This means it can run on tiny microcontrollers since its software needs are determined by the type of software the device runs. That makes it more appropriate for smaller sensors compared to something like Microsoft’s Azure Sphere device protection, which is sized for larger devices (and works differently). In fact, my hunch is we’ll see Karamba snapped up relatively soon by Microsoft or another IoT contender trying to show how serious it is about industrial and embedded IoT security.