, 2005-09-09
Perhaps an embedded version of windows in every device isn't such a bad thing after all.
Expand all |
Post comment
|
Embedded market ripe for picking
, 2005-09-09 Perhaps an embedded version of windows in every device isn't such a bad thing after all.
Expand all |
Post comment
|
|
|
Privacy Statement |
4. I will find a way to update my embedded system silently and flawlessly so no-one has to interact with it at all."
Naw, I consider this harmful. In the UK, we have Digital TV set-top boxes that accept firmware upgrades over-the-air. This results in at least three additional risks, even if the firmware received is as intended by the manufacturer - a) that the firmware is bad, or undetectably corrupt, and leaves the device irrecoverable after the upgrade b) that the flash device has reached its write limit and results in an unusable firmware image c) change in behaviour, either malicious or undesired.
I've personally experienced c) with my parents' box. As purchased, it had a bug that meant I needed to cable it in a specific way to make it work in a consistent manner. After a (silent) firmware upgrade, the bug was fixed, and my elaborate cabling meant that it stopped working entirely (at least, from my parents' point of view).
Futhermore, silently upgradeable firmware is a vulnerability in itself; I've personally lost a DVD-Rom drive - every other byte of the firmware was apparently corrupted by some rogue piece of software. Devices with field-upgradeable firmware should have a *physical* user control to disable firmware upgrades - i.e. a switch or jumper that cuts the write enable line to the flash device(s).
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/353/32425#32425