We don't often discuss security here on Element14, but those days of innocence are coming to an end. As embedded devices and boards gain all the capabilities of general purpose computers and are connected together and to the Internet, all the same issues of security and privacy and threat risk apply to them as well. Indeed, they apply even more strongly, since these embedded devices often control physical systems which are at risk of creating catastrophes, both small and large.
Bruce Schneier has written a good article on this subject at his blog, titled "Security Risks of Embedded Systems". A key exhortation from near the end:
Bruce Schneier writes (my emphasis):
We simply have to fix this. We have to put pressure on embedded system vendors to design their systems better. We need open-source driver software -- no more binary blobs! -- so third-party vendors and ISPs can provide security tools and software updates for as long as the device is in use. We need automatic update mechanisms to ensure they get installed.
I agree. As customers, we have to demand that manufacturers stop delivering closed systems that cannot be maintained by the community for as long as they are in use. Embedded devices don't stop being used when the product is End-of-Lifed and no longer has manufacturer development support. Companies need to stop living in the blinkered world of yesteryear and delivering liabilities to us instead of assets --- those days are gone.
The more blinkered companies will trot out the usual mantra of "We can't reveal our commercial secrets" and other such excuses, but those excuses need to be called out as irrelevant when they conflict with our security. If companies have old internal constraints that disallow open sourcing embedded control software then they no longer have a viable product, because an insecure device should not be marketable at all today. It's on their shoulders to overcome their internal difficulties and deliver products that can be operated security for their full lifetime in a connected world.
It's not going to be easy, because many manufacturers of embedded systems don't have a background in networking or security, and others have their ears tightly shut on principle. When we do have their ear though, we need to demand open source components that can be maintained for our security indefinitely --- that should always be a required bullet point. And in addition to the carrot, there's the stick --- negative pressure may be even more effective, shaming those who don't care about our security.
The boot is also on the other foot. As engineers who are making product or consultants to companies, it's imperative that we embrace the new realities of the connected world, and not live in denial of the issue. It's going to require new "best practices" to emerge for design and development, as merely delivering something that works under test is no longer enough. It will require a degree of personal refocusing on security too, which may not be a subject of interest but it must become one. It's an inescapable matter today.
Morgaine.
