Do Embedded Systems Need a Time To Die? 187
chicksdaddy writes: "Dan Geer, the CISO of In-Q-Tel, has proposed giving embedded devices such as industrial control and SCADA systems a scheduled end-of-life in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. 'Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?' he wondered. Geer noted the appearance of malware like TheMoon, which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption. Geer proposes a novel solution: embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of 'end of life,' past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued."
No thanks (Score:0, Interesting)
What the guy is saying is all devices must be connected 24/7 or they will be removed from use. Since removal from use is obviously undesireable in the long run, his message is all devices must be connected all the time (possibly to "trusted" remote points managed by In-Q-Tel's masters - you know who you are).
What is this guy's definition of "remote"? Can I manage my embedded devices from my own servers? Is that not remote enough?
Does it have to be a "cloud" setup hosted somewhere deep in Utah with a bunch of Booz Allen people managing it?
Looking forward to remotely activated microphones in my washing machine and toaster, to improve the user experience.
Planned obsolescence (Score:5, Interesting)
Here's a better idea (Score:5, Interesting)
Here's a better idea. Charge anyone who ships unpatchable and unpatched hardware with sponsoring terrorism, because it's their laziness causing the problem.
Why the hell should I be forced to buy, buy, and rebuy the same god damned hardware over and over to save them from patching their shitty systems that they sell?
Re:No thanks (Score:0, Interesting)
What the guy is saying is all devices must be connected 24/7 or they will be removed from use. Since removal from use is obviously undesireable in the long run, his message is all devices must be connected all the time (possibly to "trusted" remote points managed by In-Q-Tel's masters - you know who you are).
What is this guy's definition of "remote"? Can I manage my embedded devices from my own servers? Is that not remote enough?
Does it have to be a "cloud" setup hosted somewhere deep in Utah with a bunch of Booz Allen people managing it?
Looking forward to remotely activated microphones in my washing machine and toaster, to improve the user experience.
You jest but I seriously think that the NSA is getting away with a lot of things right now, the latest generation proves that they simply cannot live without some form of cellphone on them at all times, now we are apparently being suckered into having mics and webcams in TVs to improve user experience (wait what?) apparently it's all about gestures. (What retard wants to wave at their TV? in all seriousness?) the remote is still the best way to interact with said TV.
And then we have HDMI networking interfaces coupled with on-demand TV, and suddenly the TV can actively spy on you for the NSA or other body.
1984 is here albeit 30 years late.. (thanks to a gullible population)
This is actually already a big problem (Score:4, Interesting)