CompTIA Security+ SY0-601 – 2.6 Security implications of embedded and specialized systems
March 24, 2023

1. Embedded Systems

In this video we’re going to be talking about embedded systems. So first of all, what are embedded systems? Embedded systems are basically systems or computers that are generally there to serve a single purpose. It’s basically a system that contains its own memory, its own processor, its own memory management and different, a variety of different interfaces. Now, you’ve probably interacted not probably, you will interact with many different types of embedded systems. For example, a DVD player is considered an embedded system. It has its own CPU, it has its own Ram in there. Memory management has its own operating system. Cameras, for example, like this camera that we’re using to film all these videos. These types of cameras also have their own memory, they have their own CPU, they have their own software.

So embedded systems basically are systems that contains a whole computer built into these smaller systems generally to serve that single purpose. Now it could be serving generally they always serve one purpose, but sometimes they’re part of a larger system. But generally they’re there to execute one particular purpose. Like a DVD player is there just to play a DVD for you. Now, one example of these particular systems that we should know for our exam here is known as a Raspberry Pi. Now, I have a raspberry pi here that I use. This is my personal raspberry pi. So a Raspberry Pi is a system, it’s basically a blank system that you can purchase. It’s basically a small little computer on a chip. So it’s like taking my big desktop and micro size it.

But you’re going to get a lot less process and power and this is good to serve in a single purpose. So this Raspberry Pi has a CPU, it has Ram inside of it, it has interfaces. This year isn’t hard to see that there. But this is actually an HDMI input. It has the ability to take you can connect speakers to it. It has a USB ports and many USB ports here with an ethernet port. So this particular one, what am I using this for? I use this to stream from my stream movies, from my network attached storage, my Nas to my TV. With this little device, you have to know how to program it. You can add operating systems to it and then it serves a purpose.

People uses these throughout their houses to do all different types of home automation and turning on lights to lock indoors. People will use this for Raspberry Pi’s are very popular. So if I go here to Amazon, I can see and I have searched here for Amazon or Raspberry Pi. So here’s about the one I have here for about $31 and they go all the way up. And this is one of the most expensive one. There’s a newer one for $88. I saw another one here that seems to have 9000 reviews for $59. So this one is four gigs of Ram. The other one, there was eight gigs of Ram.

So it depends what you need these systems for, what you’re going to be building a competing technology or technology similar is Adrenals. So these are basically going to serve almost the same type of purpose, but people use these to do all different types of things, more different types of home automation. But these here does allow you to connect a variety of different sensors to it. So for example, what you could do with this is you could put a sensor to detect motion. So you can set this up in a room, and when people are walking into the room, it detects the motion and turns the lights on for you. So that’s what you can use these for.

These have a wide variety of usages and different types of sensors and controllers and different types of add ons that you can add into this highly customizable to doing different types of projects. Okay? The other one here are what’s known as field programmable gatorade. So what these are are going to be chips that you can program, that you can program or reprogram. Back in the days, if you have little chips and you write little programs to create different types of embedded systems, you would send a code to the chip and then you can’t really write back over it. Now you could, with the FPGA, these here, you can reprogram. Okay? So in this video, we just talked about embedded systems like a Raspberry Pi, which you guys should take a look at if you ever have a little project to do where you need a little computer to do some processing. Hey, $30, you can’t go wrong. We talked about Adrenal and the FPGA.

2. Industrial control system

In this video we’re going to be talking about industrial control systems. So what exactly is this an industrial control system are systems that we will use to get power or electricity to our house, water to our houses and even gas supply systems. Industrial systems are used throughout the world in order to provide developing nations, or in fact all nations electricity. Now, these types of system runs on a few different types of protocols that we want to discuss. And we want to discuss some security vulnerabilities with them. Because you can imagine that if there is security vulnerabilities in places like a power plant and being able to take that out, a hacker taking out a power plant or a water supply or gas supply system can have a drastic impact on the communities that use it.

So of course this is going to be important to know and not important to know not just for your exam, but in real life. Now, your exam doesn’t need you to go in depth into any of these things. You just got to be familiar with the terms more than anything else. So one of the terms that we’re going to know so we just talked about industrial control systems. One of the term we’re going to need to know our SCADA, which stands for Supervisory Control and Data Acquisition. We’ll need to know the term of Plc programmable logic controllers. And then you have the other one there of DCs Distributed Control Systems. Now just before I get into that, just to keep in mind that these types of industrial control system is what manages different types of facilities. Power, gas, water supply facilities. They are industrial manufacturers will use them also to manufacture different products and so on.

Energy system we talked about power and even shipping systems that does logistics will use these types of things. So SCADA plc DCs. Let’s talk about this here. So in these types of systems, what you want to know is the security aspect of them. Now you got to remember, if you think of a power plant, you go back these systems were built back in the 1960s. They’re very, very old. The world was a lot different place than what they live in now. Back in the 1978s we didn’t have the proliferation of Internet and security problems like we do now. So these types of systems are very, very vulnerable. First of all, there they might be outdated and even putting in updates into them can cause them to crash. Another thing is they have a lot of default settings that may not be able to be changed. So what can you do to secure them? Well, security of these systems generally lie in segmenting them off your network. We haven’t got to this yet, but later on the class will talk about DMZ, basically like how a DMZ is a part of your network.

 You can then segment these. You put them in a VLAN, completely taking them off the network, putting them in their own network instead of keeping them in your normal land, where you have all your desktops and your laptops. And your phone and whatnot. Because first of all, they can’t defend themselves. It’s not systems that was made with security. Nowadays, when we’re building software, we think of security quite often. But when these systems were built, security was not even a taught because the makers of these systems wouldn’t have never imagined the world that we live in today. Okay, so just for your exam, all you have to know for your exam, just know these terms knowing. That Skater Plc DCs systems are basically industrial control systems and the best way to secure them is to basically segment them off in our.

3. IoT

In this video, we’re going to be talking about IoT and specialized embedded in IoT systems. Let’s get started. IoT the Internet of things. Notice term for your exam. The Internet of things basically means everything connects to the Internet. What connects to the Internet nowadays? If you think about it, your TV, your phone, your watch, your microwave, your fridge, your coffee maker, your car, your broom, your vacuum, your pillow maybe. I don’t know that one I made up. I’m not sure if your pillow does. Maybe they do. I know a bed connect your toothbrush.

I’ve seen. Okay, so basically, I think you get the point. Everything connects to the Internet nowadays. There are millions and millions or even billions of devices that connect to the Internet nowadays because it needs network connectivity to function. And what happens is now we have a large, large network of these devices that need to be protected. You know what I say, guys? Job security for us, but these can pose enormous risk to us. So first of all, let’s talk about some of these things, and then we’ll talk about the security aspect. So the IoT first of all, IoT devices contains a variety of different sensors, like my watcher. This is a Samsung Galaxy watch. And this watcher can have sensors that can detect my heartbeat.

They have sensors that can detect movement to track steps. Here is smart devices, anything with smart, smart speakers, smartphones, smart thermostats. These are devices that is able to compute, talk, and share information. Of course, you have different forms of wearable, like a Fitbit Apple Watch, my Galaxy Watch. But IoT also allows you to do facility automation and automated many tasks that are repetitive. One of the problems with IoT devices is that they may be weak defaults. Now, weak defaults means a lot of the default settings on these types of IoT devices may not be secure, such as having weak passwords, such as having open ports on them. One of the things we have to do as administrators is we have to go and secure them. You may have a TV on your wall that you may never update it or don’t even know if it has a firewall on it.

You have to go in there and check to see and see how we can secure these types of devices. Now, keep in mind, IoT devices are being used in botnets. The Mariah botnet that we talked about in our DDoS section of this class, you saw how they were able to compromise things like baby monitors, routers and camera systems and then use them to launch botnets. So IoT devices are being compromised. The next thing that I have is going to be now they have a variety of specialized embedded systems and IoT devices. A lot of this you can find in the medical system.

These systems, whether they help them to perform surgery or just doing general medical procedures, will be used throughout your medical and hospitals. One of the biggest proliferation of embedded and IoT is going to be with vehicles, autonomous driving vehicles, cars that drive themselves. In the future. You may have cars that basically don’t have a steering wheel and gas pedal, but the cars are then able to talk to each other on the road. So one car will tell the other car, yeah, I need to make it right here. And that car will then move out the way or help the change lane so you can make it right here.

This is coming. This may sound far fetched, and probably not right now at all. This Tesla year of the year is 2020, as I filmed this video. And here we have Tesla already saying they have this type of technology that works. Another thing you have here are aircrafts. Aircrafts are like giant flying computers. Aircrafts are loaded up with all types of machinery and computers that does a lot of calculation. Remember, most of the time the aircraft is in autopilot. Pilots are ditched there to monitor it and basically land it and bring it and land it and put it in the air. Most of the time, the aircraft does a lot of it by itself. The other one here are smart meters. Now, smart meters are basically meters that you would have on your home that allows you to take power, allow the company, the power company to track how much power and consumption you’re using. Okay, so in this video, we talked about IoT devices such as smart devices or wearables. And then, of course, there’s a bunch of specialized devices that are out there.

4. IoT Communication and considerations

In this video we’re going to be talking about some other different types of embedded systems, some communications considerations and constraints when using embedded systems and IoT devices. So let’s get started. So a couple of different things. First of all, what are some other types of embedded systems that we have out there? Well, VoIP systems are just embedded systems. Sometimes you have VoIP systems that are dedicated just to doing that task. For example, putting a VoIP system on a raspberry pi, which is something that’s popular people are making little phone systems out of these raspberry pi. Heat and ventilation and ACS are generally done using symbedded systems. Different kinds of different types of heating systems or coolant systems will have their own memory, programming logic and processor within them. Drones and avs also with the same concept. Now, if you think of a multifunction printer, a multifunction printer like I have in the corner sitting there, a multifunction printer has its own operating system. It has its own memory, it has its own processor because when you send data to it, it has to store it in memory, spoon it up and then print it out. Now, surveillance systems like camera systems will have the same. Also this is big camera systems, network, NVR systems, DVR systems that stores data, processes it. Now, what I do want to talk about here is going to be something called a real time operating systems and systems on a chip.

Now, real time operating systems real time operating systems are systems that are continuously running, making decisions very quick, very fast and not spending too long with programming. Imagine a self driving car that has to wait for certain things to be processed or certain types of system to be hanging or processes hanging or not functioning. Real time operating systems are systems that processes very quickly and just does a particular function. The other thing is going to be system on a chip. System on a chip is popular for these types of system because basically it’s one chip that stores the memory, stores the processor within this single chip so it has memory management there also and different types of control is built into a single chip.

So hinted term system on chip, right? SoC okay, they’re the terms that we see our communications consideration. Now, depending on where these systems are, if they’re far out there, they could be using a variety of different cellular networks, and that’s going to be networks such as 4g or even five G. And if they’re far out there and they need to communicate, they can use what’s known as narrow ban or baseband to get far communication. The other one here you have is subscriber identity module SIM cards that can be added to help authenticate those different embedded systems back to the networks such as the 5G network. Now, I do want to mention to you guys in a term that you should know for your exam it’s zigbee. And the other one is called Zwave. I’m not sure why this was not listed in your objective. Generally when you’re talking about Zigbee or Zwave, generally talking about Zigbee, you’re also going to be talking about Zwave and also Bluetooth. These are the technology that the IoT device. These are the protocols that the IoT technologies will use to communicate.

Now Zigbee, Zwave and Bluetooth is generally done for short communication. Small distance, not short, small distance communication. I’ll show you guys what I mean here. So if I go to Amazon and I type, you’ll see that we have a variety of Zigbee devices. Here is a Zigbee smart plug that you can plug in. Here is Zigbee. What is that? Light bulbs. Zigbee light bulbs that you can plug in. So these are going to be smaller devices that you can use that basically runs on Zigbee. The other one is Zwave. And Zwave is going to allow you to have more IoT. Here’s one that’s done with a carbon monoxide detector. Okay, here’s one with power switches. So, variety of home automation devices use a Zigbee, Zwave, and also a variety of different IoT. These are all IoT devices that use this.

 You remember we just saw durlock, that was Zigbee. Here’s a zwave one. The other technology that’s used here is going to be Bluetooth. In order to have these things communicate. Bluetooth, I think we talked about that before. You guys should know what Bluetooth is. But just notice two protocols for your exam. Now, when talking about these devices, there are some constraints that we should be familiar with. Because these devices are small, there’s going to be a lot of different constraint that you’re going to have. Let’s go through it. So first of all, power constraint.

These devices may be located in different places. And because they’re small, it may be hard to get power. But like this one, the bony power it supports is power coming through a USB here. So obviously you can’t get a lot of power through these devices. Computing is very limited on these devices. You can’t have a giant intel processor. Well, not giant, but generally a normal processor is about this big. And you put it onto these devices, they’re not big enough. Networking can be very limited on these devices. Even encryption can be hard to do. Encryption requires a lot of CPU power. And these devices just doesn’t have the CPU power to do a lot of encryption. So sometimes these devices may lack encryption. The other one here is the inability to patch.

So the inability to patch is something that’s common. Sometimes these devices don’t have the ability to patch. Basically, you get them, you install them and you keep them. For example, that door lock we saw with that Zigbee or Zwave door lock we saw, how do you patch something like that? Something would have to check with the manufacturer because then someone can hack that device. And lock you out of your house and then charge you money just to get back into your own house. Authentication to these devices may not be very well and may do have an implied trust. In other words, the device is going to say, well, it’s implied that if you own me and you’re in my house I can trust you and just allow you in.

So sometimes they may lack authentication costs may be an issue depending on the device. These raspberry pipes may not be expensive. And of course ranges if you’re using these short range communication protocols, ranges can of course be an issue when trying to communicate with these devices. Okay, so we could see that these embedded systems does have a variety of issues, right? The way the communication considerations such as whether they’re using 5G or kind of SIM card or Zig be and then of course the constraints that can really limit us with these kinds of devices.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!