5 Mistakes That Can Jeopardize Your Firmware Protection

2. Validate applications before executing

Using a bootloader that validates the application in read-only memory (ROM) before allowing execution to jump to the application ensures that only the intended application is executed. This will prevent attackers from trying to spoof your application with their own malicious version. Even a simple cyclic redundancy check (CRC) is better than nothing.

3. Don’t use unsigned and unencrypted firmware updates

Always sign your firmware updates. This allows the device to verify the update is from a trusted source. The device should only have access to the public key and protect it from modification. Be sure to check if your processor has a secure key storage module. Encrypting your firmware updates will protect your firmware from being reverse-engineered/analyzed. This includes any keys or secrets that it contains. Check to see if the processor has hardware-accelerated encryption, which can save both time and power. The only place your firmware should be unencrypted is your processor’s memory while it’s running.

4. Don’t send sensitive data between ICs unencrypted

Attackers can probe the communication lines between integrated circuits (ICs) on your printed circuit board (PCB) and sniff all traffic. To prevent attacks, encrypt all sensitive data before sending it across communication lines.

Related: Keep Hackers Out With Proper Connected Device Security

5. Don’t leave flash unlocked

Most processors have a mechanism that disables debuggers from reading the contents of flash. This prevents the attacker from simply attaching a debugger and reading out your firmware from flash. This protection is not ironclad, and attackers could circumvent this precaution with enough time and energy. Think of it as locking your door; it’s not enough to keep out a master lockpick with unlimited time and resources, but it will keep out most people.