Zombie Devices in Embedded Systems

One might think that zombies exist only in horror movies and TV series, but factories, utilities, hospitals, other facilities, and even cars can be overrun by zombies; zombie devices, that is.

What Is a Zombie Device?

Typically, a zombie device is one that has already been exploited. However, in this article, we consider all devices that have been left unmaintained and are at risk of being exploited. These are devices that remain connected, powered, and network-accessible but are no longer maintained, patched, or actively monitored. Any connected device; industrial controllers, IoT devices, medical equipment, etc. can become a zombie device.

Why Avoid Becoming Infected?

The primary reason is security risk. There may be exploitable vulnerabilities, botnet recruitment for DDoS attacks, and depending on the network architecture, a zombie device could serve as a stepping stone to a broader embedded network.

This also raises compliance issues with new and existing cybersecurity standards and regulations. For example, under the upcoming CRA (EU’s Cyber Resilience Act), devices must have a mechanism to keep firmware updated and protected against known vulnerabilities. Non-compliance penalties can reach €15 million or 2.5% of the manufacturer’s annual revenue, whichever is greater.

In addition, industry-specific cybersecurity standards impose similar requirements, such as IEC 62443, and data-protection requirements like from ISO 27001 and HIPAA, to name a few.

Zombie devices can also become operational hazards. Once devices are no longer updated or patched, there’s no way to verify that their operation is safe. Medical devices, industrial machinery, or automotive systems can pose life-threatening risks if attacked and their behavior becomes erratic. This may also expose the company to liability risks if serious injury or damage occurs.

From a financial perspective, operational risks are equally critical. Unpatched devices can cause system downtime, consume power, bandwidth, and memory, and may have hidden dependencies that only become apparent when the device is taken offline, potentially causing downtime elsewhere. Downtime can cost up to 11% of a manufacturer’s annual revenue, a loss that could be avoided with the right measures.

How to Avoid Getting Infected

Maintain a device inventory and ensure network visibility. The only way to know what devices exist in a facility is to monitor them regularly, conduct maintenance checks, and keep firmware updated.

Isolate legacy devices to prevent them from causing problems, and develop proactive retirement and replacement plans. Consider using modern devices that support over-the-air (OTA) updates, allowing vulnerabilities to be patched quickly and routine updates to be performed efficiently.

Conclusion

Whenever devices are left unattended, they are at risk of being exploited and used in cyberattacks. Such devices can cause harm to equipment or people. From a compliance standpoint, new and upcoming legislation will require that all products remain updatable throughout their lifecycle. Downtime is costly, and the reputational damage and penalties from non-compliance can have an even greater financial impact.

Fortunately, there are effective ways to prevent zombie devices from emerging in your facilities.

Want to learn more?

If you’re interested in learning how Tuxera can help:

Connect with our experts at [email protected] or use

our contact form