Securing Semiconductors and IoT: Navigating Emerging Cyber Threats in a Connected World
Introduction:
In an ever-evolving digital world, cyberspace has seen a different landscape that is being targeted. Previously, Windows systems were the most targeted ones compared to Linux and MacOS. But at present, even they are vulnerable. Even more, the cyber world has seen a change in landscape from operating systems and network-based to IOT and semiconductors. In recent times, the cyber world has seen an unprecedented increase in cyber attacks against IOT and semiconductor devices, and this calls for preparation and understanding of IOT and semiconductors to battle against cyber attacks.
?
Before we dive deep into the article, let us understand the basics with respect to semiconductors. Semiconductors protocols or standards are governed or monitored by SEMI (Semiconductor Equipment and Materials Internationals), which is a global industry association responsible for laying the foundation for protocols and best practices that semiconductor industries must adhere to. Semiconductor devices communicate between themselves and with controllers by SECS/GEM protocols. SECS/GEM protocols create a channel where it uses SECS-II messages for communication.Initially, when these protocols were invented, not much was explored from a cyber security perspective. Now let's discuss some of the attacks that can be carried out or have been carried out already:
MITM Attacks:
SECS/GEM-based protocols lack basic authentication and fail to verify the legitimacy of message senders, leading to man-in-the middle attacks. There can be only one active connection between host and equipment, leaving a vulnerability wherein the attackers can establish an active connection towards equipment, leaving legitimate hosts reconnecting, and that leads to failure in production. Let's discuss with a simple example as below.?
?
Configure the IP address and port of the equipment.
equipment_ip = '192.168.1.100'
equipment_port = 5000
?
The above example states the simple code to initiate communication. In this example, we can look into two scenarios discussed related to MITM and active connection vulnerability. If an attacker could intercept the traffic, they could get the IP address of equipment and the port that connects so that they can initiate connection requests on their own to prevent legitimate hosts from connecting to equipment.
DOS Attacks:
As we all know about DOS attacks in the cyber world, the DOS attack against semiconductors also works in a similar pattern. Usually the SECS/GEM is used to collect alerts and events that allow it to monitor equipment operations. But here the attackers can send a large volume of SECS/GEM requests, leaving interfaces to face disruption as the interfaces lack rate-limiting and traffic control mechanisms.? Let's take the above example wherein the attackers takes IP address 192.168.1.100 and port to be as 5000. Now the attackers can send large volume of SECS/GEM messages to equipment making it to feel overwhelmed.?
Exploiting SECS Message Language File Vulnerabilities:
In order to describe the content and structure of the message, SML files play an important role. As there is no verification at the front end, the attackers can create falsified or incorrectly formatted messages and send them to the equipment, causing it to malfunction. Let's take an example of how a third-party supplier compromise can lead to an attack.
?
领英推荐
1. Let's say one of the third-party suppliers has been compromised, and there is communication from the supplier host and the company via SECS messages.
2. Now an attacker can create falsified or inject malicious code into SML files and send it to company equipment, causing it to crash or compromise.
3. This leads to catastrophic damage and can lead to reputational loss for the company.
Methods to protect semiconductors from cyber threats:
Replace outdated components:
Replacing outdated components with newly upgraded components can minimise the attack surface. Organisations must implement robust monitoring mechanisms to make sure the vulnerabilities are patched to ensure the systems are running with the latest updates. For example an outdated component wherein a high CVSS score vulnerability could be exploited leading to compromise of the semiconductor. Vulnerability scanners that are available in the market can be used to scan for vulnerabilities and remediate any open vulnerabilities that have high CVSS Score. Organizations that have tighter budgets can also look to create daughter boards that would replace single components instead of doing full redesign.
Access Control Mechanisms:
Organisations must implement stricter mechanisms to prevent MITM attacks. This can be implemented by allowing only trusted or known hosts and devices to communicate. For example organizations can create baseline list of accounts that are used manually and as well as machine accounts that are used by semiconductors and can monitor for any anomalous behaviour by creating use cases such as?
?
Implementation of traffic monitoring and tightened network measures:
Organisations must block sensitive ports to the internet to minimise the attack surface, and most use secure ports to communicate between hosts. Organisations must also monitor the network traffic for any anomalies to prevent malicious outbound/inbound communications. Most of the time organisations tend to whitelist more to prevent leading to false negatives. Organisations must also monitor third-party traffic, and they need to block traffic if they observe any malicious or suspicious traffic. For example let's consider following scenarios below:
?
Conclusion:
As attacks continue to grow, the defenders must ensure they grasp the necessary skills to stay resilient in the cyber world. Organisations can render the cyber security services to third-party companies to cut off the burden, thereby allowing them to focus on business without worrying about threats.