I recently did an interview with Motherboard about IoT device security, and what role firmware plays in the overall software picture.
As computers grow more ubiquitous (linking household appliances to phones to cars in a vast, nebulous “Internet of Things”), new security challenges have emerged. Chief among them is how best to protect our firmware, the software that boots our computers. In recent years, firmware attacks have become increasingly more common, sophisticated and lucrative.
- Protecting Firmware is Crucial for IoT Technology
There are a myriad of issues related to securing platforms, things or otherwise, that are connected to the internet. The problems get stranger as the devices require less human interaction. Virus scanners and malware detectors can annoy you with pop-ups and toolbar notifications when you’re about to wander into one of the Internet’s less reputable back alleys.
No, but your coffee maker knows what you did. IT KNOWS!
M: Now we have all kinds of tiny sensors and computers that don’t rely on user interaction as much as, say, a laptop. How does this complicate things?
R: If I have my standard laptop and I go to the wrong website and download something I’m not supposed to, there are all kinds of user indications that maybe I shouldn’t click on that. Maybe that person really isn’t blond and Russian and wants to talk to me. There’s a higher degree of user interactivity that we can use as a part of a security measure.
In a connected device that isn’t monitored as heavily, there are more chances for somebody to just randomly slip firmware on your platform.
This has become a pretty common demonstration at security conventions. Someone will take a consumer electronic device like a “smart” television and demonstrate how to inject code into it. This is why you have people concerned about “smart” thermostats and the cameras that they’re using as baby monitors: someone was able to inject software because they found some kind of bug in the OS or firmware stack.
— Protecting Firmware is Crucial for IoT Technology
Copy and pasting my own words into my own blog isn’t that interesting, so check out the full interview to find out why things on the internet need secure firmware.