Embedded systems can be defined as operational systems which operate as a single-purpose, fixed system like ATMs, POS (Point of Sale) systems. For example, cash registers etc. These are usually spread out over large geographical areas and are not always monitored by security personnel. This makes them difficult to manage and maintain consistently. However, due to business requirements, these are also a part of a corporate network. This makes them susceptible to targeted, remote attacks.

Threats to Embedded Systems

Some of the typical attacks faced by embedded systems are:

    ATM attacks

    • Hardware skimming
    • Theft
    • Cyber threat
    • Vandalism

    POS attacks

    • Intrusions
    • Crimeware
    • Espionage

Most of the embedded systems run on Windows CE or Windows XP, which are no longer supported by Microsoft. These also have an easy-to-access keypad or control panels. In some cases, ATMs have additional connectivity options like USB drives which are not locked down due to legal requirements. All these factors make them perfect targets for focused attacks.

In case of ATMs, the attacks can be physical or remote (cyberthreats). In case of POSes, the attack is usually physical and involves installing keyloggers and memory dumpers. These are then used to access and collect verified personal data. Since many embedded systems have internet connectivity for user verification and financial transactions, it is possible to attack them remotely.

Security for Embedded Systems

Ensuring security for embedded systems consists of:

  • Default installation mode needs minimal network connectivity and involves whitelisted applications only.
  • Supporting ATM/POS operating systems beyond official vendor support
  • Optional antivirus component with on-demand scanning
  • Device control
  • Flexible management (local/remote)
  • Switching on/off of local access to ATM/POS control panels
  • Installing antivirus software on all embedded systems and keeping it current
  • Prevent unauthorised access by users to antivirus software to make sure that AV software cannot be disabled, unless authorised.

Solution implemented using: