Threat detection is reaching a negative inflection point. In this blog post we'll present a few bold (and quite disturbing) figures about the current state of affairs of malware and its detection. We'll assert that given the unbearably and unacceptably long time it takes to detect malware (IF at all detected), and the growing cost and complexity of its detection, it's time to admit that current malware detection technologies have more than exhausted themselves and that it's time for new detection paradigms to emerge. Our next blog will focus on these new paradigms and suggest new types of solutions. The perplexity Reading the threat and malware reports frequently published by security vendors and security-research labs leaves the reader perplexed. Not one report resemble the others in terms of defining the main threats and the quantitative analysis of the levels and dynamics of the threats. It seems that each vendor has a "unique angle" on the threat landscape, probably based on its technological solutions and its own security knowledge-base. There doesn't seem to be any agreement about the scope and breadth of the [...]

Safety critical and security critical software have long been regarded as two different genres, with their own standards and their own requirements. In some circumstances, that is entirely reasonable. For example, in most safety critical applications such as a steer-by-wire system in a car, it is imperative that a level of functionality is retained even when things are failing. Conversely, if a hacker is found to be accessing a bank’s databases then the preferred immediate response is likely to completely deny all access. The inconvenience of other bank users can wait if the integrity of the data is at stake. Any system providing an interface to the outside world has the potential to contain security vulnerabilities. In particular, any accessibility via the Internet requires a strategy to deal not only with a few malicious specialists, but with a whole world of hackers. In the field of safety critical embedded software, such security concerns are often perceived to be a separate domain from the core business of functional safety. Yet when security researcher Barnaby Jack used a modified antenna and software in 2011 to wirelessly [...]

The use of unmanned air vehicles (UAVs) has increased considerably over the past few years in everything from military operations to border surveillance. UAVs utilized in military and law enforcement operations carry and transmit sensitive data such as troop movements and data from strategic operations. Ground control stations (GCSs) are utilized to communicate, pilot, and relay data from the UAVs, and most recently are being deployed as laptops and smart devices such as tablets. With the increased deployment of these technologies, the nature of the function of these endpoints puts them at great risk for cyber security attacks and exfiltration. According to the "Unmanned Systems Integrated Roadmap FY2013 – 2038", the US military is expected to decrease the procurement of UAVs. Instead, there will be an increase in retrofitting existing inventory for upgrades in additional functionality as well as safety and security. PLATFORM CONSOLIDATION Typical UAV architectures consist of several sub-systems with varying degrees of criticality and assurance. Systems such as mission control, payload control, flight control and communications systems are sometimes run on separate on-board computers to keep data separation maintained. [...]

Open Standards in the technology industry refer to publicly available specifications that can allow disparate technologies to communicate and interoperate with each other. Open Standards also allow innovation in implementation within proprietary products, while preventing vendor lock-in. The “Standards” in Open Standards ensure that there are clear specifications that define the interoperability of the technology element. The “Open”-ness in Open Standards ensures that key industry vendors can collaborate in a neutral consortium to define the specifications that allow for interoperability. Specifically, the embedded industry is now characterized by multiple industry players, highly specialized technology and unique systems that are purpose-built for specific applications, utilizing embedded operating system & virtualization technologies. Over the last several decades the embedded industry has been active in the development of Open Standards, which has allowed the embedded software ecosystem to thrive. This blog highlights the most relevant Open Standards in the embedded software arena. POSIX The ability of an Operating System to conform to established Open Standards APIs (Application Programming Interfaces) is a key enabler for a critical mass of middleware and applications executing in its environment. [...]

In our previous post we explained why evasion and persistence are the 2 main "malware virtues" challenging existing detection methods. We assert that a twofold new approach must be introduced to augment existing solutions, in order to successfully thwart advanced malware: Separation of the detection layer from the attack surface (this blog) Placement of high-interaction honeypots closer to the attacked users (next blog) First things first: Why is it so hard to detect advanced malware? Well, the short answer is: Because malware has become so sophisticated and fast-changing, while operating systems have become unbearably large and complex. Malware detection is uncomfortably situated between the rock and the hard place: It needs to deal with both the vulnerabilities and complexity of the operating system and the malicious activity to the malware. The attack surface: Size matters Windows XP, Windows 7 and Windows 8 are in the vicinity of 40-50 million lines of code each. It is estimated that Windows 7 kernel alone measures more than 2 million lines of code. This is a huge attack surface, and it's not likely to decrease in [...]

The dawn of the "intelligent" car is here. Vehicle manufacturers can now provide on-demand entertainment, smart sensor safety applications, and autonomous driving. Intelligent vehicles are filled with a variety of sensors, processors, software, and displays that are increasingly being connected to the internet. Increased computation complexity and connectivity will demand greater computing power, application support, and heightened security that pose significant cost and design challenges for manufacturers. Convenience is the new basis of competition in the automobile industry. Cars are starting to offer customized "infotainment" experiences to users, similar to smart phones. The possibility of banking, paying bills, and shopping right from your vehicle will soon become a reality. In addition, the United States Department of Transportation's (DOT) National Highway Traffic Safety Administration has been studying and announced plans to move forward with vehicle-to-vehicle (V2V) networking to provide collision warnings in light vehicles. With these new innovations, vehicles will be connected in several different ways both to the internet, infrastructure, and each other. However, each new connectivity port also opens up a point of attack to internal computing platforms. Most attacks on [...]

LynuxWorks is now Lynx Software Technologies! I believe the new name offers the best representation of the company's forward direction as the LynxOS RTOS family of products and the LynxSecure hypervisor continue to gain increased traction both with our current customers and markets, and now within the new Internet connected embedded world. With the advent of Internet of Things and the desire to have everything connected, there is now a real security strain on how we use the embedded devices of today and tomorrow. The constant media stories of major security breaches in our connected world are really starting to show quite how exposed we really are to the advanced cyber threats and attackers of today, and how close it is to our seemingly safe embedded world. The "Target" security breach that stole information on millions of our credit cards was using compromised point of sale terminals, which are essentially embedded systems. A potentially bigger concern than the theft of financial information is the warning issued by the FDA on vulnerabilities in medical devices, which with the increase in connected and tele-medicine, [...]