By Brian Contos, CISSP, Customer Security Strategist and Senior Director, Vertical & Emerging Market Solutions, McAfee
There are embedded computers all around us. Take, for example, printers; printers were once used to…well, print. Now today’s multifunction printers not only print, but they can copy, scan and fax. They are connected to networks and offer integration with mail servers and user directories. They have storage capabilities, security settings, and tons of advanced features. This is largely thanks to embedded devices – the printer is the computer.
Embedded devices are also found in the automobiles we drive, the medical devices that make us better, the refrigerators that keep our milk cold, the control systems that bring power into our homes to keep that refrigerator running, the phones we occasionally use for actually talking, and a plethora of other devices. For the sake of this blog let’s just consider automobiles since most of the other embedded examples won’t be driven down the freeway at 75mph.
From entry-level vehicles to luxury sedans and sports cars, In-Vehicle Infotainment (IVI) is becoming standard from automobile manufacturers and aftermarket suppliers such as makers of GPS systems. These IVI systems communicate via Internet and cellular networks. They are often configured with Bluetooth and in some cases will turn your car into a wireless hotspot without having to wait in line for coffee. Beyond the IVIs, many automobiles are equipped with more than 70 dedicated computer systems and are sporting over a hundred million lines of code to monitor and control everything from tire pressure and braking to self parking and integrated apps that let you stay connected to Facebook. Is it any wonder that Google has already started testing the autonomous car?
Where this all starts to get really interesting is security. Consider patching. We’ve grown accustomed to updating our laptops, smartphones, and even Blu-ray players. Sometimes the threats require physical access, but because of greater connectivity demands, remote exploits are often possible. There have been many attacks on embedded devices ranging from smartphones to morphine drip systems in hospitals. McAfee recently released a report titled – Caution: Malware Ahead about risks in automotive system security.
Government organizations such as the National Highway Traffic Safety Administration are taking these risks seriously and therefore are working with automakers to address these issues. Additionally, McAfee, Wind River and our parent company, Intel, have been diligently working on industry-specific security solutions within industries ranging from printers to spacecraft.
From a consumer perspective it is important to be aware, and ask questions. What exactly are the computers within my printer, automobile, and refrigerator doing? How are these systems protected from malware, rootkits and other security threats? How are these devices connecting to the Internet or cellular networks? Is any of my personal information being stored locally, or remotely? Should I decide to get rid of my mobile device, smart toaster, or IVI system, where is the factory reset button? These certainly aren’t questions that most of us are accustomed to asking when making purchases, but they should be. A little knowledge can go a long way. Drive, toast, talk, and print safely.
——-
The content shared in this blog post is the author’s opinion and does not necessarily reflect the views of Xerox. Brian Contos is the customer security strategist and senior director of Vertical & Emerging Market Solutions at McAfee. To read more blogs by Brian Contos, please visit: http://mcaf.ee/had81.
