(In)Security in Home Embedded Devices

When: 
Thursday, June 26, 2014 - 7:00pm
Room: 
E51-325
Lecturer(s): 
Jim Gettys
Lecturer Photo

We now wander in Best Buy, Lowes and on Amazon and buy all sorts of devices from thermostats, hi-fi gear, tablets, phones, and laptops or desktops as well as home routers to build our home networks. Most of these we plug in and forget about. But should we?

"Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and Smith makes clear that ignoring these devices is foolhardy; unmaintained systems become more vulnerable, with time.

Structural issues in the market make the situation yet worse, as pointed out in Bruce Schneier's Wired editorial in January: "The Internet of Things Is Wildly Insecure — And Often Unpatchable", which I instigated and fed Bruce the ammunition. "Binary blobs" used in these systems have the net effect of "freezing" software versions, often on many year old versions of system software. Even if update streams are available (which they seldom are), blobs may make it impossible to update to versions free of a vulnerability.

There are immediate actions you can personally take, e.g. by running open source router firmware in your network, but fixing this problem generically will take many years, as it involves fundamental changes and an attitude change in how we develop and maintain embedded systems, and hardest, changes in business models to enable long term support of popular hardware.

This joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM will be held in MIT Room E51-325. E51 is the Tang Center on the corner of Wadsworth and Amherst Sts and Memorial Dr.; it's mostly used by the Sloan School. You can see it on this map of the MIT campus. Room 325 is on the 3rd floor.

Jim Gettys is an American computer programmer. He coined the term "bufferbloat" and has organized efforts to combat it in the Internet (see gettys.wordpress.com), and has been working on home routers. He was the Vice President of Software at the One Laptop per Child project, working on the software for the OLPC XO-1. He is one of the original developers of the X Window System at MIT and worked on it again with X.Org, where he served on the board of directors. He previously served on the GNOME foundation board of directors. He worked at the World Wide Web Consortium (W3C) and was the editor of the HTTP/1.1 specification in the Internet Engineering Task Force through draft standard. Gettys helped establish the handhelds.org community, from which the development of Linux on handheld devices can be traced.