If there’s a theme I’ve heard over and over again this year, it’s that it’s time to pay attention to security in embedded devices like routers, other network equipment, televisions, and the other devices around us. This is the soft underbelly, and frankly, it’s probably a time bomb.
The astonishing thing is that we’re now protecting our computers with devices that have bigger security holes than our computers do.Last week in Vegas, I’m sure there were some network vendors wishing that what happened there would stay there. Devices from all of the major vendors proved vulnerable to exploits of the worst kind–a remote, shell running as root–and of the vendors, only relative newcomer TP-Link responded with security patches.
My advice: If you’re in the market for a router, get a TP-Link. At least it stands a chance of getting updates. And if you’re not in the market for a router, you probably ought to be.
Ultimately, the solution is to do automatic updates the way many software packages and operating systems do now. Because the problem is that people set up routers and forget about them, because they’ve always been told to do just that.
As for televisions, many smart TVs run cut-down Linux in single-user mode, so if you can get into the TV at all, you can get access to the camera and microphone. Not good. The lesson there: If it has a microprocessor and a network port in it, it needs security.
Guess why I’m not in a hurry to buy a networked light bulb?
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.