Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Software Hardware

Do Embedded Systems Need a Time To Die? 187

Posted by Soulskill from the upgrade-or-perish dept.
chicksdaddy writes: "Dan Geer, the CISO of In-Q-Tel, has proposed giving embedded devices such as industrial control and SCADA systems a scheduled end-of-life in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. 'Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?' he wondered. Geer noted the appearance of malware like TheMoon, which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption. Geer proposes a novel solution: embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of 'end of life,' past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued."
This discussion has been archived. No new comments can be posted.

Do Embedded Systems Need a Time To Die? More

Do Embedded Systems Need a Time To Die?

Comments Filter:

  • Dan Geer, the CISO of In-Q-Tel, (Score:5, Informative)

    by wiredog ( 43288 ) on Wednesday May 14, 2014 @06:31AM (#46997443) Journal

    In-Q-Tel [iqt.org]

    The IQT Mission

    We identify, adapt, and deliver innovative technology solutions to support the missions of the Central Intelligence Agency and broader U.S. Intelligence Community.

  • Terrible idea (Score:5, Informative)

    by mirix ( 1649853 ) on Wednesday May 14, 2014 @06:33AM (#46997451)

    You'll have to install custom firmware to prevent things from having to go to the dump on their third birthday?

    Seems pretty ridiculous, not to mention that it can still have a hole exploited on the day they launch the device, and not be updated for years (in it's allotted lifespan).

    I'm more for the option of make things easier to update, and, the important part... actually release bloody updates! I'm looking at you, almost every embedded device manufacturer out there.

  • Blinkered (Score:4, Informative)

    by AlecC ( 512609 ) <aleccawley@gmail.com> on Wednesday May 14, 2014 @07:09AM (#46997593)

    This guy has an incredible blinkered view of "embedded devices". Most embedded devises are not connected to the Interned. Should my wristwatch, washing machine, car ignition controller, garage door opener, swimming pool pump, dumb TV, bank vault, disk drive, mouse, keyboard, etc all die prematurely because somebody else makes a router that can be prejudiced. There are literally billions of embedded devices in the world,. of which probably less than one a thousand is connected to the internet. Yet this seems to be suggesting that we should kill a thousand devices because one /might/ be prejudiced.

  • Re:Or you could just you know... (Score:4, Informative)

    by Lumpy ( 12016 ) on Wednesday May 14, 2014 @10:26AM (#46998951) Homepage

    and it's easy to do. every polycom comes with the admin password set to the serial number of the unit. Any programmer that made it out of the first year of college could easily add this feature during firmware initialization.

Slashdot Top Deals

Thus spake the master programmer: "After three days without programming, life becomes meaningless." -- Geoffrey James, "The Tao of Programming"

Close