We could have stopped internet outage, says Digi
November 16, 2016
Digi believes the secure boot technology on its latest postage-stamp module could have stopped the recent internet outage from attacks through IoT devices and prevented the famous hack of a Jeep Cherokee.
Last month’s internet outage was caused by thousands of connected devices being hacked and then using those to mount a distributed denial of service attack (DDoS) on popular web sites. Last year’s Jeep Cherokee attack saw so-called friendly hackers take control of a vehicle remotely.
But at last week’s Electronica event in Munich, Mike Rohrmoser (pictured), director of product management at Digi, said the secure boot system on the ConnectCore for i.MX6UL system on module could have prevented both these attacks.
“We had the internet outage where the IoT devices were accessed,” he said. “With secure boot this can’t happen. A lot of devices were hijacked by replacing the firmware. With secure boot, it is impossible to upload the image without a key.”
With the Jeep Cherokee, it was the cellular connection that was not secure. This let the hackers replace the firmware on the infotainment system.
“But if they had secure boot, they would still have had access to the device but wouldn’t have been able to replace the firmware,” he said. “Secure boot would have stopped all of this.”
A development kit for the device was released in September and it is expected to go into full production in January. The US company already has a customer testing it for a smart meter application.
Built using the NXP i.MX6UL application processor, the module is described as an intelligent communications engine for secure connected devices. It integrates dual-Ethernet and pre-certified dual-band wifi with Bluetooth 4.2 connectivity. It measures 29 by 29 by 3.5mm.