Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Embedded Systems Need a Time To Die?

Posted by Soulskill on from the upgrade-or-perish dept.

chicksdaddy writes: "Dan Geer, the CISO of In-Q-Tel, has proposed giving embedded devices such as industrial control and SCADA systems a scheduled end-of-life in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. 'Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?' he wondered. Geer noted the appearance of malware like TheMoon, which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption. Geer proposes a novel solution: embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of 'end of life,' past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued."

5 of 187 comments (clear)

  1. No thanks by Anonymous Coward · · Score: 0, Interesting

    What the guy is saying is all devices must be connected 24/7 or they will be removed from use. Since removal from use is obviously undesireable in the long run, his message is all devices must be connected all the time (possibly to "trusted" remote points managed by In-Q-Tel's masters - you know who you are).

    What is this guy's definition of "remote"? Can I manage my embedded devices from my own servers? Is that not remote enough?

    Does it have to be a "cloud" setup hosted somewhere deep in Utah with a bunch of Booz Allen people managing it?

    Looking forward to remotely activated microphones in my washing machine and toaster, to improve the user experience.

    1. Re:No thanks by Anonymous Coward · · Score: 0, Interesting

      What the guy is saying is all devices must be connected 24/7 or they will be removed from use. Since removal from use is obviously undesireable in the long run, his message is all devices must be connected all the time (possibly to "trusted" remote points managed by In-Q-Tel's masters - you know who you are).

      What is this guy's definition of "remote"? Can I manage my embedded devices from my own servers? Is that not remote enough?

      Does it have to be a "cloud" setup hosted somewhere deep in Utah with a bunch of Booz Allen people managing it?

      Looking forward to remotely activated microphones in my washing machine and toaster, to improve the user experience.

      You jest but I seriously think that the NSA is getting away with a lot of things right now, the latest generation proves that they simply cannot live without some form of cellphone on them at all times, now we are apparently being suckered into having mics and webcams in TVs to improve user experience (wait what?) apparently it's all about gestures. (What retard wants to wave at their TV? in all seriousness?) the remote is still the best way to interact with said TV.

      And then we have HDMI networking interfaces coupled with on-demand TV, and suddenly the TV can actively spy on you for the NSA or other body.

      1984 is here albeit 30 years late.. (thanks to a gullible population)

  2. Planned obsolescence by Melkman · · Score: 4, Interesting

    What could possibly go wrong ? A PLC controlling a plant stopping at some random date is perfectly acceptable, right. I'm sure manufacturers will love this. A guaranteed replacement market is a wet dream for any market.

  3. Here's a better idea by msobkow · · Score: 5, Interesting

    Here's a better idea. Charge anyone who ships unpatchable and unpatched hardware with sponsoring terrorism, because it's their laziness causing the problem.

    Why the hell should I be forced to buy, buy, and rebuy the same god damned hardware over and over to save them from patching their shitty systems that they sell?

    --
    I do not fail; I succeed at finding out what does not work.
  4. This is actually already a big problem by StephenBryant396 · · Score: 4, Interesting

    There are a lot of cars, insurance telematics devices, security alarms, etc. sitting on mobile phone networks generating signaling and consuming radio resources. They were designed in the early days and largely not reachable. Simply terminating the credentials in the network doesn't help - it actually makes the problem worse because the firmware on the device is often quite aggressive and keeps trying to attach. This is something that has absorbed a lot of my time combating and there are efforts in standards bodies to address. This approach actually a pretty good idea IMO.