About Me

My photo
By day I'm a propeller-head geek. I design software for electronic components for a major automotive supplier. When I'm not earning a paycheck, I enjoy playing music -- primarily jazz and classical but I dabble in other genres as well. I also compose, arrange, and play with electronic gadgets and toys. My other hobbies include photography, colored pencil drawing, genealogy, model railroading, and crosswords.

Wednesday, August 21, 2013

Embedded Systems Virus?

I posted this in response to a question on the LinkedIn Embedded group:
I was thinking if it is possible to inject some virus in a micro-controller based embedded system?
As we move toward the Internet of Things (or pervasive computing, or ambient intelligence, or ...) there appears to be a convergence toward standard interfaces, whether these interfaces are widely published or not. Look at the automotive industry. Every modern car has dozens of embedded systems that are interconnected (via CAN or some other network). Connectivity with the World at large is becoming more affordable and common (e.g. GPS navigation, Wi-Fi internet, and over-the-air services like OnStar and Sync). Also consider that a computer does not necessarily have to be connected to the internet to be vulnerable to attacks -- in the "old days" viruses passed from machine to machine on floppy disks (aka "sneakernet") and today we still use portable media (i.e. USB drives). 

To answer the OP's question: is it possible to inject some virus in a micro-controller based embedded system? I believe it is *possible*. Perhaps not likely at this moment but we are fast approaching a time when the likelihood of attacks on embedded systems will dramatically increase. There have, to date, been a few academic studies on hacking into automotive systems and these have proven successful to some extent. Automotive companies (most notably GM) are now taking a serious look at cyber-security and we can expect to see stringent security (as well as safety) requirements for at least the most vulnerable modules for model years as soon as 2016. 

As far as non-automotive micro-controller-based embedded systems, they are all around us - and SPECIFICALLY connected and accessible. Every smartphone (iPhone, Android, etc.) is such a device. Also, we are becoming more and more dependent on "the cloud" -- what if a way was discovered to "poison the pool" by infecting the cloud?I'll bet there have already been some serious attempts!

No comments: