Posts

Showing posts from January, 2014

Some general guidelines for a secure firmware

Encryption: It prevents reverse engineering of the firmware. The firmware might be stored in
encrypted form and only decrypted when it is to be executed, or it might be decrypted during the
firmware update process.
• Signing: is concerned with ensuring that a message has not been corrupted or modified while in
transit. This is important since a malicious user cannot be allowed to alter the firmware originally
delivered by the firmware producer.
• No hardcoded credentials: The presence of hard-coded accounts that can serve as backdoors to
devices.
• Code obfuscation: it makes runtime analysis difficult.
• Authentication: Make it difficult for unauthorized users to obtain the firmware updates. Make it
restrictive, less exposed.
• If the device is capable of being networked, no unnecessary services are running and ensure that it can also alert and log when firmware has been updated.