In the fight against cybercrime, every detail is important; from the software to the hardware itself. Find out more about hardware design.
There are several problems that for many years have gone unnoticed in the world of computer security; some because they have been given more importance to other threats; others because it is not always considered as something that could present a threat. This time we will talk about hardware design and how it can be potentially dangerous to your organization.
What is hardware design all about?
It is composed of a series of steps that end up in a complex process; it aims at creating the physical device of the equipment. More specifically, hardware design is done through the PCB (printed circuit boards). These boards are made of a non-conductive material; and in them are made some kind of paths made with conductive material, such as copper; this is to interconnect the different components of the hardware. Generally, these routes are created by layers, to avoid that these are crossed.
Stages of hardware design.
This has three different phases which are: definition or scope of the device; form factor and industrial design; and component selection and printed circuit board design.
- Device functionality: during the first phase of the creation process, the use or function that each device will have must be established; in the same way, the work environment for which the device will be created is also defined. One of the main characteristics is related to the safety of the device; this safety refers to safe design regulations to prevent interference with the rest of the devices; electrical isolation is also required to avoid overvoltages or short circuits.
- Aesthetics of the device: the second phase of device creation is what the device will look like. As in the previous phase, it must also take into account the use that will be given and based on this, the aesthetics of this is designed. To exemplify this, we can take into account smartphones; to create the design we must take into account different variables, including screen, battery, camera, sensors, material, among others. And after defining these characteristics, the design that best integrates all these functions, in the most aesthetic way, is created.
- Component selection: in this final step, the devices that comply with the two previous steps are selected; that is to say, that they fulfill their function and have an adequate aesthetics. Now, much depends on the production of these products; because this will define whether an exclusive hardware can be designed for the device, or it will be made using prefabricated parts.
Risks or threats in hardware design
Within the threats of hardware design there are different expressions of these hazards. In the case of old components, we can highlight that these represent a danger is the appearance of new vulnerabilities that end up overcoming the classic hardware designs. However, we cannot deny that working with old hardware designs provides certain benefits; the main advantage is that the hardware design is perfectly known, thus significantly reducing the errors that may arise.
If we talk about hardware vulnerabilities this may not make much sense to us; mainly because vulnerabilities tend to occur mostly in software. However, there are physical parts that can count on updates; so, in case of damage they should be replaced to prevent further damage to the system.
On the other hand, we have the design of new hardware, which also has its implications. To begin with, we must admit that there are advantages to working with new and innovative hardware designs. In this case one of these advantages is the supply of the product, because it will have an expected life time for its production. Now the problem with the development of new devices is that there is no certainty that they will have vulnerabilities, and there is no certainty of how they will behave in the long term.
Possible vulnerabilities in new hardware
This can be interpreted by two factors:
- Hardware Errors: usually related to a design flaw in a specific component, which affects its operation; usually these errors are associated with calculations, oversights, etc. In order to solve these errors, it is necessary to redesign and assemble the component from scratch.
- Firmware errors: the most common is that the stacks of some of the information protocols present failures; this interferes with some communication modes or that there are fluctuations. The most common solution is for the manufacturer to update the software embedded in the part or component.
Other types of threats
There are other factors that can also pose a risk within the hardware design. On the one hand, we have a design flaw; this is something that could be more frequent than we imagine. It occurs when the design of a component does not meet the required characteristics.
Likewise, we have the factory defect factor; when assemblers order parts from other factories and these appear to have the necessary characteristics; however, when they are used, they do not work.
The wear and tear of the device is also a risk factor; the repetitive use of the hardware creates wear and tear in its components to the point where it loses its effectiveness, starts to fail or stops working. This can be determined by several factors, such as the lifetime of the component, the continuity with which it is used, the care that is taken, etc.
Continuing with this idea, there is also the misuse or neglect of the component; each manufacturer includes with its products a user manual. This manual reflects the good practices of each component, the recommended time of use, maintenance periods, among others. This indicates that every time we ignore these recommendations it is more likely that our hardware will suffer and eventually develop failures.
Now knowing this information, it is important to evaluate these vulnerabilities to know what kind of care you should give to your physical components. This way you minimize the risks and have the opportunity to maximize the lifetime of your hardware.
Interesting related articles: The Android operating system and its vulnerabilities.
Other articles that may interest you: Vulnerability assessment: another good solution?