The hackable everything

My enthusiasm about embedded systems these days is tempered by some realities that can become dangerous.

Some of them are downright spooky.

Last July 4th, I ran in a little race (the "Flat Half" here in Portland). After the competition, as I was gulping water and munching on a snack, I ran into a friend I wasn't expecting to see. We chatted for a while and then I wandered off.  Later, I realized that I should have passed on some stuff to her that her husband had left in my car. But I couldn't find her in the crowd as much as I searched.

So I called her cell phone. Of course, she had never (knowingly) given me her cell number.

When she picked up the call and we arranged to meet, I asked her, "So do you know how I was able to call you just now?  You've never given me your number."

She pondered it for a while, but couldn't figure it out.

The answer? We're friends on Facebook, and she had her cell number in her profile information. My Android phone's Facebook app automatically synched up any shared Facebook profile information into the contact list on my phone.

So I had her number with me on my phone, even though she didn't think she had ever given it to me.

(I checked today, and her number is now gone from the contact list on my phone. Probably because she turned it off in her profile on Facebook).
Now think about internet connected intelligence being in embedded in literally everything.

I spoke with one developer whose company builds home appliances which have a display panel and run Linux and the Firefox browser. A very cool product. But I learned that they kept a secret "back door" enabled in their product so that their support engineers could login if necessary to fix problems.

I started to get excited about this. What if everything out there has "back doors", from the surveillance camera in the hotel elevator to the parking meter with access to my credit card to the public toilet I sit on. Can hackers get in and access this information, or worse, subvert the function of these devices. Maybe put my image in an elevator when I'm not there or to put my car on a particular street.  How exposed am I to the hackable everything?

Practically speaking,

  • Everyone needs to become conscious about what amounts to their digital signature (phone number, email address and credit card info) and avoid typing it into anything anywhere

  • Suppliers of telephone services, email services and credit cards need to find more ways to keep us safe from abuse of their products by bad guys.

  • Developers of Embedded Everywhere need to be really careful when leaving back doors open for anything. Perhaps there should be some UL regulations here.


Too paranoid?
Categories:
For more complete information about compiler optimizations, see our Optimization Notice.

Comments

's picture

I often think about this (not to the point of doing something about it though). But sadly these back-doors probably exist out there because developers/engineers think the trade off between convenience vs. security/privacy is ok on the side of convenience. I think it's a human issue.. people will always go the easy way (a back-door is much more convenient for a support engineer than proper acknowledging problems and dealing with angry customers)... and hackers will be able to navigate this sea of back-doors, surfing on human weakness, as always.

's picture

Hi,
I fully agree with your conclusion. If suppliers of devices and services do not focus their attention on safety aspects we will lose our personal data again and again.

Aleksey