2

I am working on critical cyber physical systems, and my work and research lead me to some questions. In the following, I assume that the attacker is not able to change the hardware of your system and can only attack it remotely.

Many researchers / engineers / "experts" argue that an old hardware, because of its lack of processing power is a system weakness, which can lead to an exploitation by an attacker.

Why is this true? In my opinion, this can happen only if your system has been poorly designed, e.g. you add tasks to a processor than cannot handle them, leading to deadline missed and then faults. But in critical domains such as transport, this never happen anymore. I don't have experience with ICS, but I suppose that even if these systems are not secure against attacks, they are designed to be safe against non intentional faults. What can be a source of remote weaknesses is an obsolete firmware (if your hardware even has one), not the processing power of your processor I suppose.

This lead to a more general question: how does a hardware affect the security of the softwares / processes it hosts? It does affect the operational availability, which is a safety metric, but is it also able to affect the possibility to discover a weakness / vulnerability in the processes?

Thanks a lot for your experience.

Ecterion
  • 103
  • 7
  • Welcome to [security.se]! Interesting question! However, do you perhaps have sources for researchers saying these things? Perhaps a paper you read, article something like that? It might help people who are trying to answer the question to understand what you've read specifically. –  Jun 21 '18 at 09:25
  • 1
    I will edit and add some resources. – Ecterion Jun 21 '18 at 09:41
  • On older hardware you may not be able to install software that has been updated with the latest security fixes. Eg. Fix depends on version of library which depends on minimum version of OS. You may not be able to install that OS because of CPU or driver incompatibilities. – Alfred Armstrong Jun 21 '18 at 11:26

1 Answers1

3

"Lack of processing power" is not a security hole.

There are things like eg. DDOS: sending more requests to a system (webserver etc.) than it can handle, leading to normal users getting their services slower or not at all. But a newer faster CPU doesn't make DDOS impossible, it just needs even more requests by the attacker. In times where people can easily rent thousands of computers for a short time (in some cloud service), DDOSing a single device will always be possible, independent of the hardware.

Your "transport" point is a very different angle: Systems that eg. control self-driving cars (just as an example) are real-time systems. If this term isn't familiar, it does NOT mean that there is no delay. It does mean that there is a guarantee that it will do some work with max x milliseconds/seconds delay after its ideal time. Eg. starting to break max 100ms after the red traffic light is detected.
For this to work, there are many requirements not only to the sensor and cable/connection, but also to the control unit itself - our average computers and operating systems are not real-time-capable at all.

Back to the remote attacks - car control with internet is a bad example, but well ... The simple answer is, internet is not real-time-capable either. And there is nothing that can change that, other than reinventing everything in a different way (and even then it would be very hard).
So, your real-time-capable car control unit just can't have internet access if it should real-time-capable. => Remote internet attacks not possible.

Anyways, enough about processing power.

Old hardware indeed can be a problem for other reasons:

  • You mentioned firmware updates - but there are, again and again, hardware bugs that just can't be solved or mitigated with firmware. Some of them might allow malicious abuse.
  • And other than bugs, there are plenty security problems nowadays (2018) that were not known to exist eg. 20 years ago. Some require hardware support for a good protection. Old hardware just won't have this features. Random example: Intel SGX.
deviantfan
  • 3,854
  • 21
  • 22
  • Thanks for your answer. Just discussed with an ARM expert working in my lab about my enquires. He told me that the main problem was the WCET metric used by critical systems manufacturers to respect real-time constraints. First, an attacker my exploit the remaining computing power of the processor and then make the functions unable to execute within their WCET. In a same way, he may remain in the WCET range and corrupt the functions, which is going to make the components managing the safety of the system to act and stop the system for example. All of this is somehow related to the performances – Ecterion Jun 21 '18 at 11:09
  • 1
    My point still stands that in my opinion, a real-time system that takes uncontrolled remote input and prioritizes it above the local things, is not real-time. ... It isn't wrong what your colleague said. but that's the problem. If a real-time device allows this (sort of DDOS), the manufacturer has sold you nonsense. ... Anyways, the problem in this cases would not be a too old CPU. – deviantfan Jun 21 '18 at 11:26
  • If the external input was meant to be part of the system, on the other hand, then the attack isn't "remote" anymore - someone getting the hands on your screen cable could see your passwords when you type them, but that doesn't classify as hardware bug or anything like that. – deviantfan Jun 21 '18 at 11:31