I’ve assumed for years the major cost of ubiquitous embedded system networks is low-level radiation from Wi-Fi hot spots and Bluetooth devices. That’s not the only cost, however. The problem with networked embedded systems — as they grow more powerful and more plentiful — is the potential for harm.
It’s one thing for a government to remotely destroy the equipment purportedly used to make nuclear weapons, and quite another for someone to change the setting on your IV drip while you’re in the hospital. Or, to cause your car’s anti-skid brake system to lock up as you accelerate to pass. Or, by someone who remotely shuts off the oxygen to your aircraft cabin. What if someone parked in a car outside your home or office could shut down your pacemaker?
The problem with malicious embedded system crashes is that they can result in physical crashes, as opposed to the soft crashes on a computer screen. Recognizing this, DARPA and other government agencies are funding research to develop means of automatically detecting and patching vulnerabilities in networked, embedded systems.
This is no small task. Think about the difficulty in handling malware on desktop computers. You have to first identify the malware with a program such as McAfee or Symantec. Then, you have to get rid of the malware and patch the corrupted software.
As you may have experienced first-hand, it’s rarely straightforward. I can recall having to format my hard drive and reinstall software at least once in the past few years because of malware I couldn’t remove by other means.
So, what are the practical implications of this reality? I suggest you consider the worst-case scenario. Let’s say everyone in your family has a tablet computer with GPS and video cameras. What could someone do with the location information and perhaps a few real time snapshots? Certainly, these would be an advantage to a would-be burglar.
What about that quadcopter you’ve been building, complete with waypoint software? What if, on your next flight, someone usurps your uplink, and they fly the quad into a moving car? Or, simply force it to land and take your investment with them?
For now, the operative term is vigilance. To my knowledge, there isn’t a standard ‘security ‘ library for the Arduino, Propeller chip, or other popular microcontroller capable of automatically identifying and eradicating malware. Of course, as with malware for the big iron, as soon as protection becomes standardized, the malware makers will adapt.
Perhaps it’s a good time.
