Introduction
When thinking about embedded devices and codes, the first association that comes to mind is the automated human spaceship from the animated movie titled WALL-E made by Pixar in 2008. It featured a spaceship where everything, from chair movements to wall panels and food distribution, was governed by a central artificial intelligence (Desilver, 2014). This futuristic representation of the future could not have been made possible without total implementation of embedded codes, which is the central idea behind the Internet of Things – a project that seeks to interconnect all devices and appliances into one web. The movie also demonstrated the inherent dangers of the system, when the AI took full control of it with hostile intentions in mind. The security of embedded hardware and software, especially when it is connected to the World Wide Web via a wired connection or Wi-Fi, raises plenty of questions. While there are certain benefits to the program, the amount of potential downsides, especially in the living sector, is very significant. The purpose of this paper is to review some of the concerns presented in an article dedicated to embedded coding security, titled “The Internet of Things Is Wildly Insecure — And Often Unpatchable,” and provide potential solutions to the problem if there are any.
The Four Main Risks of Embedded Codes and Devices
Bruce Scheiner, the author of the article, identifies four critical problems of the embedded devices and codes currently being used in various home appliances – from routers to refrigerators, home alarms, and other devices. These problems are as follows (Scheiner, 2014):
- Cheap and standardized hardware promoted only by a few large chip developers and used by many producers in order to cut costs.
- Outdated programming with plenty of security issues.
- Lack of support and security updates for embedded devices.
- Internet of Things will offer a wide field of operation for hackers and malware developers.
The author offers only one solution to fix these problems, and that is to force the vendors to implement updates and upgrades to the software at their own expense. I believe that this solution will not be effective for several reasons. One of these reasons is that implementing updating software to embedded devices will drastically increase the price of the gadgets, meaning they will lose competitive strength. Another reason is that even if the companies provide adequate protection for their devices, it will not be enough. Computer security existed for decades, and still, hackers cause world-wide attacks every year, shutting down banking systems, monetary exchange services, and attacking individual companies and enterprises (Buntz, 2017).
Merkow and Raghaven (2010) largely share Scheiner’s concerns, as in their book they list many weaknesses and assumptions that make the overall system weak to attacks, one of which is the belief that embedded systems are somehow less vulnerable than non-embedded programming software. They also address the wide net of vulnerabilities currently found in Wi-Fi connections and mobile devices, which are seen as mediums for using and controlling various utensils and appliances under the scope of the Internet of Things.
Why is it Dangerous?
We live in a digital age where computers already play a big part of our lives. Hacking a laptop or a computer with private information can already cause significant damage to a person and their property. Internet of Things is offering hackers an even greater operating field by affecting not only computers but many other appliances, with potentially devastating results (Buntz, 2017). Instead of disabling the banking system of a city, a powerful and coordinated hacking attack can disable the entire city altogether, affecting every house and every room. At the same time, Internet of Things presents itself as a cumbersome and ineffective in terms of security, as the net would be too large and expensive to maintain (Buntz, 2017).
Potential Solutions
Sometimes, the best course of action is to do nothing. There is a reason why we still use keys to lock our apartments and power up cars. While they also have certain liabilities and security risks, they require the criminal to remain close, where he or she is vulnerable and can be spotted. The emergence of the Internet of Things and Wi-Fi technology erases that core security requirement – the criminal can now be continents away and still be able to carry out their agenda (Evan, 2013). So, in order to prevent any potential damage caused by embedded devices and vulnerable codes, the producers, and the customers need to reject the concept as a whole. Humanity does not need a Wi-Fi connection to the refrigerator or a report about the temperature in the house accessible via a smartphone. Being able to turn the water heater and the microwave oven on and off with a smartphone application is not necessary either (Bloomberg, 2014). These tasks can be delegated to dedicated devices that cannot be accessed and controlled from a remote location. Alternatively, the arms race between hackers and security networks will continue, with the former always remaining one step ahead, as they have been for more than 20 years now (Scheiner, 2014).
References
Buntz, B. (2017). The 10 biggest IoT security vulnerabilities. Web.
Bloomberg, J. (2014).7 reasons why the Internet of Things is doomed. Web.
Desilver, D. (2014). As machines take on more human work, what’s left for us? Web.
Evan, S. (2013). Wired vs. wireless in the enterprise. Web.
Merkow, M. S., & Raghavan, L. (2010). Secure and resilient software development. Boca Raton, FL: CRC Press.
Scheiner, B. (2014). The internet of Things is wildly insecure — and often unpatchable. Web.