Forgot your password?
typodupeerror
Security Software Hardware

Do Embedded Systems Need a Time To Die? 187

Posted by Soulskill
from the upgrade-or-perish dept.
chicksdaddy writes: "Dan Geer, the CISO of In-Q-Tel, has proposed giving embedded devices such as industrial control and SCADA systems a scheduled end-of-life in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. 'Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?' he wondered. Geer noted the appearance of malware like TheMoon, which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption. Geer proposes a novel solution: embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of 'end of life,' past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued."
This discussion has been archived. No new comments can be posted.

Do Embedded Systems Need a Time To Die?

Comments Filter:
  • by wiredog (43288) on Wednesday May 14, 2014 @06:31AM (#46997443) Journal

    In-Q-Tel [iqt.org]

    The IQT Mission

    We identify, adapt, and deliver innovative technology solutions to support the missions of the Central Intelligence Agency and broader U.S. Intelligence Community.

  • Terrible idea (Score:5, Informative)

    by mirix (1649853) on Wednesday May 14, 2014 @06:33AM (#46997451)

    You'll have to install custom firmware to prevent things from having to go to the dump on their third birthday?

    Seems pretty ridiculous, not to mention that it can still have a hole exploited on the day they launch the device, and not be updated for years (in it's allotted lifespan).

    I'm more for the option of make things easier to update, and, the important part... actually release bloody updates! I'm looking at you, almost every embedded device manufacturer out there.

  • Blinkered (Score:4, Informative)

    by AlecC (512609) <aleccawley@gmail.com> on Wednesday May 14, 2014 @07:09AM (#46997593)

    This guy has an incredible blinkered view of "embedded devices". Most embedded devises are not connected to the Interned. Should my wristwatch, washing machine, car ignition controller, garage door opener, swimming pool pump, dumb TV, bank vault, disk drive, mouse, keyboard, etc all die prematurely because somebody else makes a router that can be prejudiced. There are literally billions of embedded devices in the world,. of which probably less than one a thousand is connected to the internet. Yet this seems to be suggesting that we should kill a thousand devices because one /might/ be prejudiced.

  • by Lumpy (12016) on Wednesday May 14, 2014 @10:26AM (#46998951) Homepage

    and it's easy to do. every polycom comes with the admin password set to the serial number of the unit. Any programmer that made it out of the first year of college could easily add this feature during firmware initialization.

Advertising is the rattling of a stick inside a swill bucket. -- George Orwell

Working...