(In)Security in Home Embedded Device

Speaker: Jim Gettys , Bell Labs

Date: Wednesday, March 19, 2014

Time: 4:00 PM to 5:30 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location: 32-G882

Event Type:

Room Description:

Host: CSAIL Security Seminar

Contact: Frank Wang, frankw@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to: jg@freedesktop.org

Reminder Subject: TALK: (In)Security in Home Embedded Device

We now wander in Best Buy, Lowes and on Amazon and buy all sorts of devices from thermostats, hi-fi gear, tablets, phones, and occasionally laptops or desktops as well as home routers to build our home networks. Most of these we plug in and forget about. But should we?

"Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and Smith makes clear that ignoring these devices is foolhardy; unmaintained systems become more vulnerable, with time.

Structural issues in the market make the situation much worse, as pointed out in Bruce Schneier's Wired editorial in January: "The Internet of Things Is Wildly Insecure — And Often Unpatchable", which I instigated and fed Bruce the ammunition. "Binary blobs" used in these systems have the net effect of "freezing" software versions, often on many year old versions of system software. Even if update streams are available (which they seldom are), blobs may make it impossible to update to versions free of a vulnerability.

There are immediate actions you can personally take, e.g. by running open source router firmware in your network, but fixing this problem generically will take many years, as it involves fundamental changes and an attitude change in how we develop and maintain embedded systems, and hardest, changes in business models to enable long term support of popular hardware.

Jim Gettys is an American computer programmer at Alcatel-Lucent Bell Labs, USA. Until January 2009,[1] he was the Vice President of Software at the One Laptop per Child project, working on the software for the OLPC XO-1.[2] He is one of the original developers of the X Window System at MIT and worked on it again with X.Org, where he served on the board of directors. He previously served on the GNOME foundation board of directors. He worked at the World Wide Web Consortium (W3C)[3] and was the editor of the HTTP/1.1 specification in the Internet Engineering Task Force through draft standard. Gettys helped establish the handhelds.org community, from which the development of Linux on handheld devices can be traced.

Research Areas:

Impact Areas:

See other events that are part of the CSAIL Security Seminar 2013/2014.

Created by Frank Wang Email at Thursday, March 13, 2014 at 3:44 PM.