Securing legacy embedded systems in the IoT

Jay Thomas, LDRA Technology, Dec. 06, 2016 – The rapid expansion of the Internet of Things (IoT) is transforming our national infrastructure and that of the whole world. With embedded connected devices now running the national grid, water supplies, transit systems, and more, this expansion has taken place so fast that it has badly neglected security. Even if we start installing well-secured devices today, it is not practical or even possible to retrofit or replace those already in place. Today's IoT devices not only connect to each other and to control systems; they also form part of larger applications that absorb huge amounts of data in order to make intelligent decisions affecting vast numbers of devices and people. We can't put the genie back in the bottle, so what do we do?

Security for legacy embedded systems is a huge problem that involves not only device manufacturers, but also application developers and end users. For example, the denial of service attack in October 2016 that took out services including Netflix, Twitter, and PayPal took advantage of a simple consumer oversight: it looked for consumer devices such as routers and webcams where users had neglected to change the default passwords and then invaded these connected devices with devastating effects.

 Back