1) Explain what embedded operating systems are and where they’re used for

In layman’s terms, an embedded system is an application environment. The most typical form of an embedded system would often require a semiconductor chip in charge of processing user inputs and displaying a proper output. A good example of such an embedded system is a typical automobile’s center console. In order to achieve the various functionalities of a center console, the likes of which, that is, connecting a phone to it via Bluetooth or navigating using its built-in GPS, it would certainly require some sort of SOC chip. Once the chip is in place, the car manufacturers would typically write out a computer program specifically designed for this particular chip with a state-of-the-art user interface and instruct the chip on ways to process those user inputs.

2) Describe Windows IoT (Internet of Things) and other embedded operating systems

Windows IoTs are pretty similar to that of a typical Windows operating system. Nevertheless, the key that sets it apart from a traditional operating system is that those embedded operating systems are tasked to perform a specific task for the various machines that they were equipped with. A good example of such a Windows IoT is the ATMs and Point-of-Sale machines. They will often come with Windows’s intuitive user interfaces but with some of the functionalities eliminated to cut down on the operating system codebase while also improving processing efficiencies. Quite frankly, many of the medical types of equipment we use also come with an embedded operating system; a good example is an X-Ray or MRI machine.

3) Identify vulnerabilities of embedded operating systems and best practices for protecting them

Quite frankly speaking, all operating systems have vulnerabilities; it is not just embedded systems that are the most vulnerable. Every piece of hardware that connects to the internet is vulnerable to attacks and is susceptible to being compromised. However, one of the best ways to alleviate this vulnerability is to open-source the codebase of those embedded systems for independent security expert auditing. Quite frankly, this is the cheapest way to mitigate this risk. However, this also comes with immense risk because bad actors can dig deeper into your system. This is one of the reasons why Android systems are more susceptible to attacks than Apple iOS. Although it is not a way of saying that Apple is flawless and risk-free, holding on to it with tighter control will, without a doubt, decrease prying eyes from those bad actors. However, similarly, you are also missing out on independent audits. In turn, you will have to resort to offering bug bounties, which is not all that financially viable, especially for smaller companies.