March 13, 2019
IoT is everywhere. With 75 billion IoT devices expected to be in use by 2020, human reliance on the integrity of IoT devices - in all aspects of life - is rapidly growing. At the meantime, IoT attacks evolve and increase in scale and sophistication. From data theft and ransomware, through harming the device itself or using it as an entry point into the network - the distribution of vulnerable IoT devices increases the attack surface.
The challenge of securing IoT devices is a major one. First, due to the great variance in hardware, operating systems, processor architectures and communication protocols. Second, since IoT heavily relies on third-party libraries, which are prone to exploitation and harder to secure. Third, because IoT devices have limited resources - in computing ability and often battery life - and any security solution must not create excessive overhead, interfering with the device’s desired performance.
These challenges render traditional security approaches irrelevant for IoT devices. A successful IoT defender must pinpoint the unique bottleneck that an attacker has to go through and stop the attacker at that exact point.
We understand that to effectively secure high-value IoT devices, attacks must be blocked in real-time, on the device itself, before any damage is done to the system. Operating on the device, pinpointing and protecting all potential risk areas, is the only way to stop a wide range of attacks. Our unorthodox approach is based on experience and knowledge as offensive cyber experts and has guided us in the development of our solution.
Now, Sternum is proud to introduce EIV - Embedded Integrity Verification.
What is EIV?
EIV - Embedded Integrity Verification - is a first-of-its-kind, patent-pending technology that offers a holistic security solution for IoT endpoint devices. Among its many capabilities, EIV ensures the integrity of the execution flow - the order in which a device’s code is being executed - and the integrity of the dynamic memory of that device.
No matter the device or the malware, an attacker must divert the original execution flow of a device into a malicious one, in order to run malicious code. By preventing that, EIV disarms even the most sophisticated attacker and makes the device immune to cyber attacks.
To understand this immunity, we must first look at the phases of a cyber attack:
- First, a vulnerability - a flaw in the system that can be used by an attacker - is discovered.
- Afterwards, the exploit phase occurs, when weaponized code takes advantage of those vulnerabilities and manipulates system behavior.
- Then, a shellcode - instructions code - is injected into a running application and makes it download or run a malware.
- Eventually, in the malware phase, malicious code that spies or damages a system, is executed with or instead of the original system code, thus infecting the integrity of the original execution flow.
Without exploitation, malicious code cannot be executed on the device. Moreover, while there is an abundance of vulnerabilities and types of malware, the exploitation can be narrowed down into a small set of steps that an attacker can not avoid. It is when an attacker walks the inevitable path of exploitation, that EIV strikes.
A Deeper Dive: What Makes EIV Unique?
Integrity-based Attack Prevention
After a quick integration into the embedded development environment, EIV accurately pinpoints the places in the code where integrity verification is needed and replaces potential risk areas with a call for integrity verifications. As a result, during runtime, every action that might risk the device - be it an attempt to corrupt the device’s memory or an attempt to control the execution and direct it to malicious code - goes through our filter. Thus, EIV identifies the exploitation attempt in real-time and disarms the attackers by blocking the main tactics that are required for exploiting a device.
Upon deployment, EIV can keep a large variety of devices safe from exploitable vulnerabilities. Here are just a few real-life examples for CVEs that EIV could have blocked in real-time:
- CVE-2018-6692 in Belkin Wemo Insight Smart Plug
- CVE-2018-11938 in Qualcomm Snapdragon Products
- CVE-2018-3900 in Yi Technology Home Camera
- CVE-2018-10601 in IntelliVue patient monitors and Avalon Fetal Monitors
- CVE-2017-1000251 in the native Bluetooth stack in the Linux Kernel (BlueZ)
- CVE-2017-1000250 in the SDP server in BlueZ 5.46
- CVE-2017-0781 and CVE-2017-0782, remote code execution vulnerabilities in Android
- CVE-2017-14315 in the Apple Low Energy Audio Protocol (iOS 7 through 9)
EIV constantly achieves stellar prevention success rates: our current success rate in preventing exploitations that initiated in memory corruption is 96.5% (tested with RIPE).
Holistic IoT Endpoint Security Solution
EIV is a holistic solution, that enables high visibility into the protected devices’ activity, through real-time monitoring and prevention. Our intuitive dashboard enables real-time alerting and investigations, provides insights on the origins and nature of the attempted attack and informs intelligent response.
EIV ensures not only the integrity of the device’s source code, but also for operating systems, communication stacks, SDKs, and most importantly - compiled code from third-party libraries, one of the least secure parts in many devices. Thus, EIV effectively protects the entire device.
With native plug-and-play integration into multiple development environments, EIV achieves comprehensive protection with the very minimal overhead of only 3% to the latency, 10% to the code footprint and negligible run-time memory consumption.
Medical Devices: Taking the IoT Security Challenge to the Extreme
At Sternum, we believe that the security standard of medical devices should set the tone for the entire IoT industry since compromised medical devices could be lethal.
Medical devices stretch the IoT security challenge to the extreme. They often have real-time operating systems that have no previous security solutions, they heavily rely on third-party libraries in their code, and their functionality is often so critical, that it is a matter of life or death. Our commitment is to set the bar high and build a proper medical-grade security solution, that can protect a large variety of devices across industry sectors.
Better Performance with Autonomous Observability
Gain complete visibility by monitoring and analyzing events in your device or across an entire fleet, from the first line of code and until post-deployment maintenance.
Diagnose software bugs and vulnerabilities by using instrumentation, to pinpoint flaws, gain dynamic profiling and analysis of the software, including third-party code.Learn about Sternum observability >>