One of the recent issues of the IEEE Spectrum carried an article of a security breakin into the Greek telephony system.
In order to keep the telephony system updated, the switch manufacturer usually updates firmware in a "live" manner. In many cases, this happens remotely. During this procedure for a Greek telephony switch, some miscreant had tampered with the firmware and used the tampered software to tap many calls. Even the high level Greek government officials were not spared. Finally, the issue came to light due to several SMS being bounced causing people to look at the firmware versions and their authenticity.
Switch over to similar problems that may occur during any remote firmware updates. Such cases where firmware is used include cars reaching to manufacturers to give information about the car's health. Well, what's to say that a disgruntled or malicious employee replaces this with a software which for instance, connects to the GPS and keeps giving your coordinates always.
From thereon, it is not much to track you or your loved ones easily. Well, that's what tech does to society. Seemingly innocuous stuff being used for totally unknown purposes. Atleast, it keeps the security industry occupied and gives them job security.
Time for the embedded systems industry and engineers who have so far stayed away from main-stream security problems to start paying attention, especially if they are going to start updating firmware remotely.
Saturday 1 September, 2007
Subscribe to:
Posts (Atom)
