|
|
Subscribe / Log in / New account

Intel's zero-day problem

Intel's zero-day problem

Posted May 9, 2017 5:26 UTC (Tue) by ringerc (subscriber, #3071)
In reply to: Intel's zero-day problem by raven667
Parent article: Intel's zero-day problem

Actually, I think with the IoT "revolution" we're right back there again.

Pathetically insecure devices that never get security audits or updates. That have no user or admin configurability or documentation. Devices hacked together by a rushed team adapting a related product's code in a single 36-hour sprint to try to beat a competitor to market, before completely forgetting about it.

Devices where if you're lucky you might be able to update or fix them with a vendor-pushed remote firmware update (assuming an attacker doesn't abuse the inevitably insecure mechanism instead). Or with a soldering iron to access pads for USB-serial, RS232, or even JTAG. Occasionally you'll have a webui to upload a firmware blob. But your chances of actually fixing anything without the vendor supplying a canned update image are nearly nil.

The more that these seething piles of crap can be hidden from the rest of the Internet, the better.

to post comments

Intel's zero-day problem

Posted May 10, 2017 16:17 UTC (Wed) by raven667 (subscriber, #5198) [Link]

> Actually, I think with the IoT "revolution" we're right back there again.
> Pathetically insecure devices that never get security audits or updates

I think you are right and its frustrating because unlike in the past, where the technology to secure devices wasn't built yet, people building IoT devices are taking tools which have access control, auth, etc. available and turning those features off, making by their action something reasonably secure, pathetic. In the same way that SSH raised the bar for default remote access/admin we need the same kind of effort to make the defaults for these kind of embedded devices reasonably decent. Basic netfilter rules and key-based auth using widely audited tools, could make these kinds of devices secure against the kind of wholesale attacks we are seeing.

Intel's zero-day problem

Posted May 12, 2017 6:37 UTC (Fri) by if.gnu.linux (guest, #88877) [Link] (1 responses)

> Devices hacked together by a rushed team adapting a related product's code in a single 36-hour sprint to try to beat a competitor to market, before completely forgetting about it.

I think that there are two other sides we have to consider.

The first one is we as consumers are 'guilty' for always demanding new products which are more speedy, have more RAM etc. and for replacing one year old devices with new ones.

The second one is softwares need more RAM, more GPU power etc. to run. I think software developers think that "Nowadays a device has 4 GB RAM so what is wrong if my application use 1 GB of that RAM."

Intel's zero-day problem

Posted May 12, 2017 11:16 UTC (Fri) by pizza (subscriber, #46) [Link]

> The second one is softwares need more RAM, more GPU power etc. to run. I think software developers think that "Nowadays a device has 4 GB RAM so what is wrong if my application use 1 GB of that RAM."

Note that it is often *cheaper* to put more RAM in the device than less.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds