There are a lot of great movies out there in the world, but Maximum Overdrive is probably not one of them (even if some circles may debate its stature as a borderline cult classic). If you haven’t had the pleasure of seeing it yourself, it is an all-too-80’s action thriller starring Emilio Estevez. Its plot centers on a day when a range of machines are suddenly possessed and go on a homicidal rampage. While cinematic commentary is beyond the typical purview of this blog, the movie raises some interesting ideas about the risks associated with all types of everyday devices.
The growing connectivity capabilities of today’s devices present a range of opportunities for new features and value added services, but it also leaves many embedded engineering organizations woefully unprepared to mitigate (or even consider) the accompanying security risks. Even within the US defense market – which generally has some of the strictest processes in place to safeguard systems – engineering organizations struggle to design devices that leverage new capabilities while also maintaining security. Just this month, students from the University of Texas at Austin demonstrated how GPS spoofing could be used to redirect a civilian UAV. Iran even claimed last year that they were able to capture a CIA drone via a similar technique.
In some ways, you can understand how it can take one breed of engineer to design something well and another to think of all the ways to break it. This dilemma is at the heart of why we believe that engineering organizations should take proactive measures to inject security at every level of the device stack – from the processor level up through the OS and application.
Please let us know if you have any questions on steps you should take to ensure you are developing (or selecting) the most secure components and devices possible. Likewise, please share any best practices you’ve observed from any personal/professional experiences. As we see it, the industry at large is suffering from a lack of understanding of both the challenges and available solutions for securing the Internet of Things. Hopefully together we can move the needle!