NXP Partner Webinar: Bringing Security and Device-level Insights to IoT Products

Transcript

1. Sternum: The only Runtime Security & Deep Observability NXP partner

   All attacks NXP crafted were prevented by the EIV technology… The CPU overhead was less than 3% “ “ Marc Vauclair, Senior Security System Architect, Fellow, NXP Semiconductors Supported Products • i.MX 6,7,8 series • LPC 1,5,8 series • And many more

2. About me Natali Tshuva CEO & Co-Founder Sternum Computer Science

   Student (age 14) Reverse Engineer, Unit 8200 (Israel NSA) Exploit Designer Sternum Founder Talking to you today! Forbes 30 under 30 1. Top 10 VCs 2. Track record includes Slack, Trello, JFrog, Fireblocks, Checkpoint, Twitter Working with Leaders Backed by Top Investors Best IoT Product Award

3. 1.5 Billion IoT device breaches in 6 months IoT devices

   connect to the internet every second Global IoT security spending by 2023 $1.1 Trillion Source: IoT Analytics, Gartner, Statista The Rise Of IoT 127 New Devices

4. ENTERPRISE DEVICE MANUFACTURERS Core to Business Reputation Implications Financial Impact

   INFRASTRUCTURE Loss of control Physical harm The easiest entry point NOT SO SIMPLE. IOT DEVICES ARE THE MOST VULNERABLE & CONSEQUENTIAL ASSET

5. IOT Limitations • Limited resources • High diversity • 3rd

   party & supply chain dependencies • Relies on patching and perimeter defenses • No on-device (EDR/XDR-like) solutions Implications • Manufacturers caught in expensive “cat and mouse” game with security patches • Devices have no proactive protection from zero-day threats as well as known vulnerabilities • 3rd party software vulnerabilities open the door to supply chain attacks • High overhead requirements force engineers to make tradeoffs between security and performance IoT Security Solutions are Falling Behind

6. LIMITED OPTIONS: REACT. PATCH. CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly

   available Direct access from the Internet HACKER ON THE INTERNET FULL ENTERPRISE NETWORK EXPOSED CHANGE CONTROLS LATERAL MOVEMENT RANSOMWARE DISRUPT SERVICE Complete takeover on the VPN/Gateway ACCESSES THE NETWORK AND DEVICES CISCO RV340 BUSINESS CLASS ROUTER Exploitation Video: https://youtu.be/O1uK_b1Tmts Hacker View: Cisco Router No prevention on-device. No search for indicators of attack.

7. IOT Limitations • Black box effect - no device-level visibility,

   once shipped • No standardized observability or application monitoring solutions • Lack of resources including bandwidth needs more accurate and effective solutions • Massive amounts of logs makes it harder to generate insights Implications • No visibility into performance, and security events in-field • No way to proactively address emerging quality and security issues • Partial data delays root cause analysis resulting in high MTTRs • Remote debugging is difficult and resource intensive • Lack of usage insights hinders data-driven innovation Limited Observability What You Can’t See CAN Hurt

8. Sternum Universal On-Device IoT Platform How we can help: Make

   devices secure by design and in real-time, and cut down on patching costs Full endpoint protection to all RTOS & Linux systems. Embedded Security Get granular device-level visibility and view of fleet-level trends and anomalies Portable, C-only lightweight SDK; Coupled with advanced cloud portal and AI. Real-time Observability Reduce MTTR by streamlining root cause analysis and speeding up debugging AI that flags bugs, malfunctioning and security alerts, works on user defined data. Understand Changes

9. SECURITY RASP-like security , purpose-built for IoT

10. • Agentless low-overhead solution • Mitigation of known and zero-day

    threats • Supply chain protection (3rd-party code and libraries) • Live attack information • Security for gated and isolated devices • Seamlessly works with both Linux & RTOS devices • CI/CD and IDE integration Embedded Runtime. Security Hooks Across Software “All attacks NXP crafted were prevented by the EIV technology” Marc Vauclair, Senior Security System Architect, Fellow, NXP Semiconductors

11. Exploitation Fingerprint™ Patented Technology Sternum Is Uniquely Able to Deliver

    Benefits of EPP/XDR & RASP How we do it Memory override (stack, heap, data) Manipulation of execution flow Memory corruption Injection of malicious code Information leak

12. CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly available HACKER ON THE

    INTERNET NO REACTION REQUIRED NOTIFICATION SENT FORENSICS SHARED VISIBILITY INTO BIGGER PICTURE DEVICE INTEGRITY MAINTAINED Manufacturer View Power flips OPERATIONAL VISIBILITY ENRICHED DEVICE DATA WORKFLOW AUTOMATION (SIEM, XDR, SOAR, ITSM) API INTEGRATION Power flips + added services

13. OBSERVABILITY Seeing inside the “Black Box”

14. • Out-of-the-box efficiency, encryption and analytics for Linux, Android, baremetal

    OS, Zephyr, FreeRTOS, Micrium, VxWorks and more • All data automatically synchronized with Sternum cloud and anomaly detection is activated on them Sternum’s Observability SDK Initialization & Usage Observability SDK Customizable data collector (traces, metrics, logs) Sternum Platform Cloud-based advanced detection system Customized Analytics, Alerts & Anomaly Detection

15. • User interaction with devices (button clicks, etc.) • Errors,

    logs and debug information • Battery health and charging status • Resource consumption (e,g,m CPU or memory) • Temperature or pressure levels • Loop time(s) for critical functions • Application inner operations - doses, functionalities, arguments, metrics • Network/cellular connectivity status and usage, open ports, IP addresses • Status of update requests and certificate validations • Crash and reboot reports And more Granular Device-Level Visibility Collect any type of data and understand changes with ease

16. Above: Example of loss of communication spotted by AI, that

    - if not caught on time- could lead to security or performance issues OBSERVABILITY BENEFITS • Preemptive detection of emerging quality issues • Understanding of hidden dependencies Extra Set of Eyes Keeps you one step ahead Get to Root-Cause of issue quicker SECURITY BENEFITS • Discovery of security blindspots • Alerts about suspicious activity (e.g., DDoS or brute force)

17. DEVELOPMENT POST-MARKET Uncovered security flaws and code vulnerabilities early in

    the product life cycle. (Memory Leak found) Quickly resolved persistent BT disconnect issue Access to live device-level information helped quickly identify and troubleshoot devices in the field 40-50% workload reduction thru less patchwork, freeing up resources Improved patient safety lower cyber-risks and improved product quality >$6m annual cost savings fewer CAPAs and test/certify/patch cycles Faster time-to-market sped regulatory approval saving millions in deferred revenues Use-Case: When it all comes together Security and Observability Magic Sternum’s solution saves us time, manpower and money. Being able to lean on Sternum for active mitigation is a game changer and the data insights help us build better products and make better decisions. “ ” KYLE ERICKSON, PRODUCT SECURITY DIRECTOR AT MEDTRONIC

18. Improve Product Performance, Quality & Security at Every Step Build

    > Operate > Innovate > Spot security gaps with code and memory profiled in runtime, in development Use granular device-level insights to resolve issues faster and improve engineering velocity Make 3rd party libraries safe to use, allowing engineers innovate with confidence Simplify deployment and management with fleet-wide visibility Catch emerging issues with AI-powered anomaly detection Speed up remote debugging with continuous stream of live in-field data Focus on innovation by streamlining compliance and patch management Make device security and performance tangible for end users Leverage activity insights to inform future design choices

19. [email protected]

20. Demo with NXP LPC55S69 MCU Up Next