Embedded operating systems provide another challenge for cybersecurity professionals. These are devices that contain special purpose computing systems that are completely enclosed by the object and may or may not be able to connect to the internet. These devices are used in many different manufactured products and typically do not have a user interface. Thus if there is a vulnerability that is found in these devices, there can be issues fixing them.
In the past these devices have been protected behind the firewall in most networks. Recently hackers have found ways to get in using these devices, therefore there needs to be better security built into them. One is to use ARM Trustzone on microcontrollers to help write more secure software. To go with the same theme is for the security to be built into the software when it is developed (Beningo, 2019). Digitally sign and encrypt firmware updates. This will keep any device that is connected to the internet from automatically installing software without being authenticated. Other suggestions are to validate the application at start-up, monitor stack and buffer overflow, lock flash space, and to hire a security expert (Beningo, 2019).
In my opinion, these operating systems should have the security built into them when they are developed. This will help to prevent future issues. They also need to continue to work to monitor and update the software as they discover vulnerabilities. This may not be a popular option for most manufacturers, as it will take longer and be more expensive to get them in place. In the long run, it will keep the customer safe and the company out of lawsuits.
Beningo, J. (2019). 7 Tips for Securing an Embedded System. Retrieved 21 July 2019, from https://www.designnews.com/content/7-tips-securing-embedded-system/86771223257220