Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Homogenous Edge and IOT devices open the door to hackers

By Phillip Cockrell

Diversity stops them dead in their tracks

On Wednesday we launched Polymorphing for SUSE Linux Enterprise Server. That was a personal milestone for me as I led alliances and business development for several years at SUSE before joining Polyverse. One area that was in my responsibility was Embedded – working with partners and customers that needed a lightweight, secure operating system for their IOT devices and Edge solutions.

Typical customers for us included some of the best-known brands of cars and healthcare device manufacturers. Over time, it was very interesting to watch as the connection of their products to the internet brought new opportunities to provide better user experiences for their customers, as well as improved service and support through AI and real-time analytics. In some cases, they even redefined their businesses because of it. As per Charles McLellan, ZDNet ‘The modern automobile is fast becoming a sensor-laden mobile Internet of Things device’. However, it also opened up a new problem – that of security.

I have had many conversations with customers and partners about the security of the underlying Open Source code in devices and products. Linux is widely used and considered to be secure as vulnerabilities and fixes are dealt with swiftly by the community and distributors. The biggest issue, however that most don’t consider is the homogeneity of the source code within the devices. Once a hacker has found a way into a device, they are able to gain access to all the devices like it. This can have horrible results for the people affected, and financial and reputation damaging repercussions for the producer. Even the FBI is warning about the issues of hacking and smart TV’s.

So, how to deal with this? Well, clearly the usual security measures are not working as IOT and Edge device breaches are increasing daily. The problem is that most widely used protection relies on the end user to apply it at their end. ‘Don’t depend on the default security settings. Change passwords if you can’. We know that this is set for failure as even in the corporate world, systems remain unpatched and default security settings in place.

The ‘human element’ will always bring risk to even the best security practices. That’s largely the reason our CEO, Alex Gounares founded Polyverse. To do something different, try another way. Polymorphing takes a totally new approach to securing Edge and IOT devices. It scrambles the source code at the binary level. By replacing your compiler with the Polyverse compiler, this code can be deployed individually or in batches ensuring enough diversity to protect your product from unwanted attacks. That means that even if someone manages to hack one device or product, they can’t get into the rest. This massively reduces the damage that can be done.

If you’d like to read more about our solution, please read our whitepaper on Polymorphing here. Stay safe!



Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.