Download this article in PDF format.
Security has finally found a place in embedded applications as the Internet of Things (IoT) continues to rise in importance. Hacked systems have been the bane of PCs and smartphones, even as developers try to deliver more secure systems. It’s hard enough to prevent attacks like ransomware without having to worry about backdoors.
These days, IoT solutions are hyping end-to-end security. This typically includes secure attestation, authentication, secure communication, and even secure updates. A lot of security layers and protocols are involved, and they’re designed to secure a system and possibly isolate any breaches. Knowing that a breach has occurred is useful information by itself when considering the overall security of a system.
A security backdoor is one that bypasses the normal security features of a system. It usually provides unimpeded access and possibly control of a system. This can be handy for debugging it’s and often why developers include one, but they should never be left in a shipping system. Unfortunately, many systems have been attacked through such a backdoor. Developers often have done very dumb things like simple, hard coded passwords.
Granted, creating a secure backdoor could be possible, but it essentially places two security systems within a product. An attacker simply needs to bypass one of these to gain control. While the front door protection will usually be robust, the same can’t be said for the backdoor, which is also secret. Security through obscurity is generally a bad idea.
Anyone who knows anything about security will tell you that backdoors are an extremely bad idea. Those that ignore security experts will be in for very bad surprises.
Unfortunately, Attorney General William Barr is just the latest to call for backdoors. He said, “Don’t give me that crap about security, just put the backdoors in the encryption.” Forcing this through legislation has been suggested as well. It could only end badly.
Good security is built on layers that have been tested and designed to work together. The latest systems are designed from the ground up for security, starting with private encryption keys that never exist outside of the chip. Secure boot is simply the next step of the process. All of this security, hardware, and protocols are designed to prevent specific types of attacks. There are many ways to attack a system, and it only takes one success to cause major headaches.
There are ways to provide hierarchical security within many systems, but that’s by design. Backdoors bypass this design. It will be even worse if a backdoor gets added after the fact.
Another problem with backdoor security is that those who feel secure because of the primary security system have been deluded. The premise for a backdoor is that the “good guys” can do things the “bad guys” will not know about. Unfortunately, that’s often not the case—the backdoor can be used for nefarious reasons regardless of who is controlling the backdoor. Gaining access by compromising a backdoor system or attacking a poorly designed one results in a system that’s not only hacked, but the security layers designed to isolate other attacks are completely bypassed.
The bottom line is that backdoors should not be included in any system, and everyone should understand why. There’s no secret sauce that will make a backdoor safe. Don’t let anyone try to convince you otherwise.