You can't hide it in the application file, you can only obfuscate it. Neither of these offer you any kind of security. Obfuscation is not security; it can easily be reverse-engineered under the right circumstances.
And if it's an embedded device, what's stopping someone from exploiting your application? I don't trust your application to be safe at this point since you're storing important credentials in an executable, so you probably lack basic security knowledge as well.
It doesn't matter if you're on an embedded device or not: if there's read-write access, your secrets are in danger.
Story time: Someone once tried to infect my machine with a malware executable that had credentials stored inside of it. Within a matter of minutes, I was able to log into their various accounts, find out who they were, what they were doing, and screw with them for a little while.
New Story time: You're next.
You're rightfully worried about someone stealing your update file and pulling the credentials from it. But you're missing the fact that you shouldn't be storing your credentials in the executable.