How to secure your code signing certificates
Let’s simulate a situation: somehow you got the information that you are being chased by powerful software hacking gangsters. For some time, it seems insignificant until the moment when you are driving your car in the unfamiliar suburban area, it is a dark night and it is raining heavily, the streets are empty and not illuminated. You have gathered speed and at a certain point, your headlamps are spontaneously off. Terrible but that’s not the half of the story: right after darkness have wrapped up your car and you pulled over, the doors are self-actively blocked, so you can’t leave the car, the seats are warmed up to the maximum temperature and the alarm system is hooting for everyone to hear. It looks likes someone has poked around your wheels.
This kind of situations may seem to be a fantasy but, nevertheless, more recently the cybersecurity experts have acknowledged that it can happen in real life too. In the automobile world, the experts have demonstrated the possibility to get remote control over the range of car models, for example, Tesla Model S and Jeep Cherokee. Besides, the experts have shown similar tricks with the electronic devices used in healthcare, industrial production, traffic control and so on.
The common reason which enables the possibility of such attacks is the manufacturer of the equipment or gadget doesn’t pay attention to the integration of code signing processor doesn’t sign a code functioning on the devices at all. Signing a fragment of code allows declaring that this program has been developed by your company and the authentic origin of the code is verified. Besides, by signing the code you show that it complies with quality and safety parameters set by your organization. This is the cause why software development giants such as, for example, Microsoft, always sign the new upgrades that provide them with the possibility to show that only original software updates can be installed, being provided by the authorized vendor, not be a cybercrime entity.
Due to this precise reason the broad range of organizations such as Browser Forum, the Industrial Internet Consortium, and many others accentuate the criticality to secure the code upgrades by setting due code signing procedures.
Although code signing is crucial, that’s more to come. The company has to secure the code signing certificates in order to guarantee that it is not stolen. From this prospective code signing private keys are “secret code words” to unbar all doors accessing corporate data. That’s why these keys become extremely valuable stuff to be kept and preserved locked.
In fact, private keys play the essential role in software security since they fly the flag of your company to any person or entity communicating with your code. The experts say that often the cybercriminals sell legal code signing certificates and sometimes the price of these certificates is really high. This tendency stimulates the hackers to chase code signing certificates by obtaining them after penetrating the system or under false pretenses. It is even hard to assess the scope of damage which may arise when the legitimate software vendor fails to secure code signing certificates for all future upgrades and system modifications. In a nutshell, if such theft happens, the only thing the vendor has to do it to suspend issuing any updates and patches until getting new certificates and annulling the previous ones. However, it is worth to mention that annulling the keys is time-taking, budget-unfriendly procedure, and even its full-scale performance doesn’t provide an iron-clad guarantee of safety.
For example, this year the network communication device manufacturer D-Link fell the victim of a similar situation when their code signing certificates were deployed for signing the password-stealing ware. Earlier a South Korean developer of mobiles apps was affected by similar breaching and it led to the range of hacker attacks all over the world in the next several years.
Basically, the aforementioned examples are just a small share of incidents demonstrating the vulnerability of code signing certificate security. The obligation of signing the code mainly falls on the shoulders of the software development team and DevOps society. The problem is the developers have solid expertise in coding but they are lacking knowledge about the danger of insufficient securing private keys or about the possible ways to reinforce the safety of code signing certificates. Therefore, the private keys are often stolen where their security is weakest, for instance, in the process of development, on servers and so on. In turn, IT security personnel are often unaware of the amount of code signing certificates that their company has or where they are located.
Since the cyber attacks on the code signing certificates are becoming more frequent, it is crucial to create and integrate the principle ensuring improved safety of the private keys. Below there is a list of basic recommendations in order to protect your company’s code signing certificates:
- Legitimate code signing procedure. Record, trace and scrupulously stick to the methodology and processes needed to sign a code being a fragment of the software development course (or also called software development lifecycle) and DevOps procedures. The working processes, prior to actual signing, can be different for each individual app, however, they usually comprise the following stages: Quality Assurance tests, scanning for malware, analyzing fixed source code, tests when penetration and so on;
- Determine functions and individual obligations. Decide who is authorized to send the code to be signed, who can approve the action of signing by tracing the aforementioned stages and who is permitted to sign the code. Distribution of the duties among various participants will allow guaranteeing that no one will be able to sign the code incorrectly;
- Keep coding private keys in the hardware security module. HSM is the most efficient method to keep code signing security keys controllable. Basically, code signing private keys can be created inside the hardware security modules and can be deployed for signing code without logging off the gadget. Majority of hardware security modules provides with extra stages of rigid control besides exploiting private keys they secure;
- Integrate code signing certificates into the certificate operation life plotting. The entire amount of certificates in the company have to be managed by the operation life plotting taking into account how they are inquired, released, updated or annulled;
- Record, track and verify your company’s scrupulous compliance with the aforementioned principles. Same as in case of any rule, it is useful only when it is exercised.
Possessing secure procedures in your company for code signing and safekeeping private keys is crucial, however, it might require significant efforts to ensure the necessary level of protection. Nevertheless, more organizations learn about the necessity to reinforce the security of software upgrades because of multiple incidents that happened due to the aforementioned fragilities. As these cases demonstrate, failure in securing the procedure of software updates and holding private keys may lead to drastic consequences, but the danger of such after-affect can be vastly minimized thanks to precise plotting.