By Bill Graham
Many security issues with embedded systems stem from their connection via a network with access open to a large population (enterprise network) or even directly to the Internet. Also, devices designed for small local private networks are increasingly connected to large corporate networks or the Internet directly.
It’s safer to assume that all external connections to your device are insecure – proliferation of your device to your customer base may go beyond your perceived use cases. In other words, expect the worst when it comes to network communication security – don’t assume the data you transmit is not sensitive or not of interest to outside parties. The best practice is to secure all communications in and out of your device (at a minimum make it optional).