Computer security expert Bruce Shneier wrote an excellent editorial in Wired Magazine about the security of Internet of Things device. He makes some excellent points about the dangers that are lurking in embedded systems and how they’re quickly becoming the go-to strategy for many hackers.
If we don’t solve this soon, we’re in for a security disaster as hackers figure out that it’s easier to hack routers than computers. At a recent Def Con, a researcher looked at thirty home routers and broke into half of them — including some of the most popular and common brands.
Shneier talks a it about the underlying problem and the difficulty in addressing it because of the many players involved, none with any economic interest in solving the problem.
The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn’t a priority.
This is exactly the issues that we’re trying to address with RouterCheck – providing the public the opportunity to understand the risks involved with some of their devices that are otherwise black boxes. We hope that some of these warnings and concerns will affect how vendors view device security in the future.