by Bryan Bergeron, Editor by Bryan Bergeron, Editor
Vulnerabilities of Networked,
In case you haven’t noticed, just about everything can be networked with embedded hardware. Take automobiles.
systems — as they grow more powerful and more plentiful
— is the potential for harm.
It’s one thing for a government to remotely destroy
the equipment purportedly used to make nuclear
weapons, and quite another for someone to change the
setting on your IV drip while you’re in the hospital. Or, to
cause your car’s anti-skid brake system to lock up as you
accelerate to pass. Or, by someone who remotely shuts
off the oxygen to your aircraft cabin. What if someone
parked in a car outside your home or office could shut
down your pacemaker?
The problem with malicious embedded system
crashes is that they can result in physical crashes, as
opposed to the soft crashes on a computer screen.
Recognizing this, DARPA and other government agencies
are funding research to develop means of automatically
detecting and patching vulnerabilities in networked,
This is no small task. Think about the difficulty in
handling malware on desktop computers. You have to first
identify the malware with a program such as McAfee or
Symantec. Then, you have to get rid of the malware and
patch the corrupted software.
As you may have experienced first-hand, it’s rarely
straightforward. I can recall having to format my hard
drive and reinstall software at least once in the past few
years because of malware I couldn’t remove by other
So, what are the practical implications of this reality?
I suggest you consider the worst-case scenario. Let’s say
everyone in your family has a tablet computer with GPS
and video cameras. What could someone do with the
location information and perhaps a few real time
snapshots? Certainly, these would be an advantage to a
What about that quadcopter you’ve been building,
complete with waypoint software? What if, on your next
flight, someone usurps your uplink, and they fly the quad
into a moving car? Or, simply force it to land and take
your investment with them?
For now, the operative term is vigilance. To my
knowledge, there isn’t a standard ‘security ‘ library for the
Arduino, Propeller chip, or other popular microcontroller
capable of automatically identifying and eradicating
malware. Of course, as with malware for the big iron, as
soon as protection becomes standardized, the malware
makers will adapt.
Perhaps it’s a good time to buy stock in a malware
protection company. NV