Comment: This appears to be an AI assisted submission, which means we can't accept it. ChrysGalley (talk) 18:13, 30 June 2026 (UTC)
Embedded systems security is the application of computer security principles to embedded systems, including firmware, microcontrollers, systems on a chip, connected devices, industrial controllers, medical devices, vehicles, and other computing systems that are built into larger electrical, mechanical, or physical products. The field addresses the protection of device hardware, firmware, software, data, communications, update mechanisms, physical interfaces, and supply chains against unauthorized access, modification, disruption, or misuse.[1]
Embedded systems security differs from general-purpose computer security because embedded devices often have constrained processing power, memory, storage, energy, and user interfaces. Many devices are deployed for long service lives, are difficult to patch, interact with the physical world, or operate in safety-critical environments.[2] Security failures can affect not only information systems, but also physical processes, equipment availability, user safety, privacy, and operational continuity.[3]
Scope
Embedded systems security applies to both standalone and networked devices. It includes consumer Internet of things devices, routers, cameras, appliances, automotive electronic control units, industrial automation equipment, building controls, medical devices, robotics, aerospace systems, and other cyber-physical systems.[2][4]
The scope of the field typically includes:
- protection of firmware and boot processes;
- secure device identity and authentication;
- software and firmware update mechanisms;
- protection of secrets, keys, and user data;
- access control for network, physical, and debug interfaces;
- vulnerability disclosure and lifecycle support;
- secure manufacturing, provisioning, and decommissioning;
- supply-chain risk management for hardware, firmware, software, and third-party components.
Security goals
The main goals of embedded systems security include confidentiality, integrity, availability, authenticity, resilience, privacy, and safety. Because embedded systems often control physical devices, integrity and availability may be as important as confidentiality. For example, unauthorized modification of control firmware, sensor data, actuator commands, or calibration parameters can affect the operation of a physical product or process.[1]
The National Institute of Standards and Technology defines device cybersecurity capabilities as cybersecurity features or functions that computing devices provide through their own hardware and software. Its core baseline for Internet of Things devices includes capabilities related to device identification, device configuration, data protection, logical access to interfaces, software update, and cybersecurity state awareness.[2]
Threats and attack surfaces
Embedded systems may be attacked through hardware, firmware, software, wireless interfaces, wired networks, physical access, supply chains, and maintenance tools. Common attack surfaces include:
- network services and embedded web interfaces;
- wireless protocols, including Bluetooth, Wi-Fi, cellular, and proprietary radio links;
- bootloaders and firmware update mechanisms;
- JTAG, Serial Wire Debug, UART, and other debug or test interfaces;
- insecure storage of cryptographic keys, credentials, or personal data;
- third-party software components, vendor software development kits, and open-source libraries;
- exposed management interfaces and default credentials;
- physical probing, fault injection, and side-channel attacks.
A large-scale academic study of embedded web interfaces found vulnerabilities in many firmware images from commercial off-the-shelf devices, illustrating how embedded web services can expand the attack surface of networked devices.[5]
Hardware and firmware weaknesses are also tracked by the Common Weakness Enumeration project. MITRE identifies weaknesses such as improper access control for on-chip debug and test interfaces, improper restriction of software interfaces to hardware features, improper access control for register interfaces, and improper protection against physical side channels as hardware-security concerns.[6][7]
Firmware and boot security
Firmware is a major security boundary in embedded devices because it initializes hardware, configures memory, loads operating systems or applications, and controls low-level device behavior. Firmware compromise can be difficult to detect and may persist across resets or software reinstallation.
Common controls include secure boot, measured boot, signed firmware images, rollback protection, hardware roots of trust, write protection for critical regions, and integrity monitoring. NIST Special Publication 800-193 describes platform firmware resiliency in terms of mechanisms that protect firmware and critical data from unauthorized changes, detect unauthorized changes, and recover rapidly and securely from attacks.[8]
Software and firmware updates
Secure update mechanisms allow manufacturers and operators to patch vulnerabilities, correct operational defects, and maintain devices during their service lives. Update mechanisms may include local update tools, remote management systems, or over-the-air firmware updates.
Secure update systems generally authenticate update packages, verify cryptographic signatures, protect update metadata, prevent rollback to vulnerable versions, and provide recovery mechanisms if an update fails. Research on secure embedded-device updates has emphasized that update systems must account for the constraints of realistic Internet of Things deployments, including low-end hardware, intermittent connectivity, multiple stakeholders, and long device lifecycles.[9]
Identity, access control, and data protection
Embedded devices often require device-unique identities for authentication, authorization, fleet management, and secure communication. These identities may be provisioned during manufacturing or first boot and may be implemented using hardware security modules, secure elements, trusted execution environments, or protected flash storage.
Access control must cover not only user-facing interfaces but also service ports, maintenance accounts, remote management protocols, cloud connections, application programming interfaces, and internal debug interfaces. Data-protection controls may include encryption of data at rest and in transit, secure storage of keys, minimization of collected data, and deletion or reset mechanisms when devices are transferred, serviced, or retired.[2]
Debug and manufacturing interfaces
Many embedded products include debug, test, or manufacturing interfaces that are useful during development and production but risky in deployed products. Interfaces such as JTAG, Serial Wire Debug, UART consoles, bootloader shells, boundary-scan ports, and factory test modes can expose memory, registers, firmware, secrets, or privileged commands if left enabled or insufficiently protected.[6]
Typical controls include disabling unnecessary interfaces, requiring authenticated debug access, limiting debug authorization by lifecycle state, blowing or locking security fuses, protecting bootloader command modes, and separating manufacturing credentials from production credentials.
Secure development lifecycle
Embedded systems security is increasingly treated as a lifecycle process rather than a feature added at the end of development. Secure development activities may include threat modeling, security requirements, code review, static and dynamic analysis, fuzz testing, dependency management, vulnerability disclosure processes, incident-response planning, and end-of-life policies.
ENISA describes secure software development guidelines as a fundamental building block for Internet of Things security and emphasizes that security measures should apply across the device, communication, network, and service ecosystem throughout the product lifetime.[4] The Cybersecurity and Infrastructure Security Agency promotes "secure by design" and "secure by default" practices intended to shift more responsibility for security outcomes toward technology manufacturers.[10]
Supply-chain security
Embedded devices commonly integrate hardware components, third-party firmware, open-source software, real-time operating systems, vendor libraries, cloud services, manufacturing tools, and device-management platforms. Security therefore depends on both the product design and the integrity of the supply chain.
Supply-chain controls may include supplier security requirements, provenance tracking, reproducible builds, signed artifacts, secure provisioning, component vulnerability monitoring, and software bills of materials (SBOMs). SBOMs are used to identify software components and dependencies so that manufacturers and operators can assess exposure when vulnerabilities are disclosed.
Application domains
Consumer Internet of Things
Consumer Internet of Things products include cameras, smart speakers, appliances, home automation systems, routers, toys, and wearable devices. Security concerns include default passwords, insecure cloud connections, unnecessary network services, poor update support, data collection, and weak privacy controls. ETSI EN 303 645 provides a baseline cybersecurity standard for consumer IoT devices, including provisions related to default passwords, vulnerability disclosure, software updates, secure storage of credentials, communication security, attack-surface reduction, data protection, and user-data deletion.[11]
Industrial automation and control systems
Industrial embedded systems are used in industrial control systems, SCADA, programmable logic controllers, sensors, drives, robots, building controls, and process automation. These systems often prioritize availability, safety, deterministic timing, and long service life. The ISA/IEC 62443 series defines requirements and processes for implementing and maintaining secure industrial automation and control systems and addresses security across operations, product development, integration, and lifecycle management.[12]
Medical devices
Medical embedded systems include implantable devices, patient monitors, diagnostic equipment, drug-delivery systems, surgical systems, and connected health devices. Security issues in medical devices can affect patient safety, privacy, device availability, and clinical operations. The United States Food and Drug Administration publishes guidance on medical device cybersecurity considerations and information to include in premarket submissions for devices with cybersecurity risk.[3]
Automotive and transportation
Modern vehicles contain many embedded systems, including electronic control units for powertrain, braking, steering, infotainment, body control, driver assistance, and telematics. Security concerns include remote interfaces, in-vehicle networks, over-the-air updates, supply-chain components, and the potential safety consequences of compromised control systems.
Standards and guidance
Commonly referenced standards, frameworks, and guidance include:
- NISTIR 8259A, which defines a core baseline of Internet of Things device cybersecurity capabilities;[2]
- NIST SP 800-193, which provides platform firmware resiliency guidelines;[8]
- ETSI EN 303 645, which provides baseline cybersecurity requirements for consumer Internet of Things devices;[11]
- ISA/IEC 62443, which defines cybersecurity requirements and processes for industrial automation and control systems;[12]
- FDA medical-device cybersecurity guidance for premarket submissions and device lifecycle security;[3]
- ENISA guidance on secure software development lifecycle practices for Internet of Things products;[4]
- MITRE CWE hardware and firmware weakness classifications.[7]
See also
References
- Parameswaran, Sri; Wolf, Tilman (2008). "Embedded systems security—an overview". Design Automation for Embedded Systems. 12: 173–183. doi:10.1007/s10617-008-9027-x.
- Fagan, Michael; Meggitt, Katerina; Scarfone, Karen; Greene, Karen (May 2020). "IoT Device Cybersecurity Capability Core Baseline" (PDF). National Institute of Standards and Technology. doi:10.6028/NIST.IR.8259A. Retrieved June 30, 2026.
- "Cybersecurity". Food and Drug Administration. Retrieved June 30, 2026.
- "Good Practices for Security of IoT - Secure Software Development Lifecycle". European Union Agency for Cybersecurity. November 19, 2019. Retrieved June 30, 2026.
- Costin, Andrei; Zarras, Apostolis; Francillon, Aurélien (2016). "Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces". Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. pp. 437–448. doi:10.1145/2897845.2897900. Retrieved June 30, 2026.
- "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control". Common Weakness Enumeration. MITRE. Retrieved June 30, 2026.
- "2025 Most Important Hardware Weaknesses" (PDF). Common Weakness Enumeration. MITRE. 2025. Retrieved June 30, 2026.
- Regenscheid, Andrew (May 2018). "Platform Firmware Resiliency Guidelines". National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-193. Retrieved June 30, 2026.
- Asokan, N.; Nyman, Thomas; Rattanavipanon, Norrathep; Sadeghi, Ahmad-Reza; Tsudik, Gene (2018). "ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices". Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 1328–1344. doi:10.1145/3243734.3243813. Retrieved June 30, 2026.
- "Secure by Design". Cybersecurity and Infrastructure Security Agency. Retrieved June 30, 2026.
- "ETSI EN 303 645 V3.1.3: Cyber Security for Consumer Internet of Things: Baseline Requirements" (PDF). ETSI. September 2024. Retrieved June 30, 2026.
- "ISA/IEC 62443 Series of Standards". International Society of Automation. Retrieved June 30, 2026.
Category:Embedded systems Category:Computer security Category:Firmware Category:Hardware Category:Internet of things Category:Cyber-physical systems Category:Industrial automation