The rise of the Internet of Things (IoT) has ushered in a whole new era of cybersecurity fears. In 2018, there were an estimated 10-billion IoT devices. By 2025, this will have increased by more than sixfold. The IoT has already suffered a slew of attacks, and attacks have increased up to 300% in 2019. Many of these were Linux Kernel-focussed: Mirai, SegmentSmack, SACK Panic, SACK Slowness, and more.
Most IoT devices run on Linux
Making IoT devices secure starts with making the microprocessors on which they run secure. The vast of IoT devices use Arm-based microprocessors; the majority of these run on Linux as their OS, with distributions like Raspbian, Ubuntu and Debian accounting for almost three quarters of all devices. Data suggests that 71.8% of IoT devices use Linux as their OS.
Properly securing IoT Arm chips running on Linux requires a number of changes. Data in motion needs to be encrypted; default usernames or passwords need to be phased out; there needs to be central monitoring and compliance auditing of all IoT endpoints.
But perhaps above all: organizations need to start properly updating their kernel.
IoT kernels need to be live-patched
Picture this: An IoT device running on an ARM chip ships with an up-to-date version of the embedded Linux kernel. On first release, the kernel is secure, and patched against all vulnerabilities. However, malware attacks are always proliferating, and always getting smarter. Before long, the kernel will be vulnerable. Soon enough, it will be very vulnerable indeed. There is little anyone can do, because due to a lack of temporary swap space, the IoT device isn’t even equipped for kernel updating. Or if it is equipped for updating, this updating requires a reboot, and this won’t happen for weeks or months, if ever.
Amazon gets it; their Echo regularly updates with new features as well as patch security vulnerabilities. But most IoT devices are way behind.
Most manufacturers are embedding their IoT ARM chips with Linux kernels that are out-of-date and/or cannot easily be patched. This is a disaster waiting to happen.
IoT devices with ARM chips running on the Linux kernel need their security to be watertight. All of them should be updatable. And just as importantly, organizations need to be able to patch them as fast as possible.
Why rebooting makes you vulnerable
But if they’re rebooting to patch their kernel, then enterprises are not nearly as secure as they could be. Rebooting is the method that most companies use to apply patch updates to their servers. But because rebooting is a hassle, off-lining websites, kernel patching is always delayed, for weeks or even months.
This gap between patch issue and patch application leaves IoT devices open to every attacker in cyberspace. If an enterprise isn’t applying kernel patches as soon as possible, then they are leaving themselves exposed to hackers who know all the current vulnerabilities, and are eager to exploit them to spy, steal or disrupt.
To be kept as secure as possible, Linux Kernel ARM-based devices need to be patched right away. The solution? Live kernel patching.
With live kernel patching, when a vulnerability affecting supported kernels is announced, a patch is prepared as soon as technically possible. This patch is automatically downloaded and applied to the running kernel, without any reboot required. With this process, kernel updates are applied as quickly as possible, minimizing the window in which IoT devices are vulnerable to bad actors.