Improving Embedded Operating System Security
Security has quickly risen to the top of mind for embedded developers in the last year. Although the Stuxnet worm was a wake up call for the embedded industry, there have been several other notable incidents since. For example, attackers where able to gain control of a home insulin pump and change its settings (source http://www.cbsnews.com/8301-501465_162-20088598-501465.html). In a recent case in South Houston, Texas, an attacker gained control of the Human Machine Interface (HMI) of the SCADA system controlling parts of the water treatment plant. In that case, the HMI security consisted of an easily guessed password.
Security is now a top priority for embedded developers because the systems they build can and will be used in critical infrastructure. Infrastructure that is increasing more automated and connected, in some cases to the outside world. A fairly large collection of devices, however, is potentially insecure and is the topic for the next series of blogs I’m doing.