Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

The Internet of Scary Things – #IoScaryT

Maarten Ectors

on 23 February 2016

This article is more than 8 years old.

Your broadband modem is likely vulnerable to critical security bugs that allow hackers to remotely control it and you are at their mercy because your telecom operator is not going to do anything about it. Imagine a connected world with billions of things that are insecure. What should you do?

Last Thursday a critical GNU C bug was discovered that let’s anybody remotely bring down a Linux machine. This bug comes months after Shellchock, Heartbleed, LogJam, etc. All bugs that let you either remotely bring down or even take administrative control of a Linux system. Every Linux system that uses C, SSH, encryption, Bash shell, etc. is affected, i.e. most. Ubuntu users got updates before the news about these bugs was made publicly available. However did you upgrade your broadband modem since last Thursday? Did your telecom operator upgraded it? The chances that your broadband modem, WiFi access point or anything in your house or business that runs Linux, i.e. TV, Radio, home appliances, your alarm system, etc. is still not patched are close to a 100%. Cheap hardware has come at the price of badly maintained Linux. Most embedded Linux systems you find in cheap network equipment and home appliances never get an upgrade during its lifetime. Even if a telecom operator wanted to upgrade the broadband modem, they don’t have a way to rollback if the upgrade would fail. So the risk of doing the right thing comes with an even bigger risk of cutting your service if there is any failure in the upgrade.

Why worry?

Botnets can now take control of broadband modems in a country and completely disconnect it from the Internet, spy on everybody, even create RansomWare [i.e. I have encrypted all the files I found in your home or business network and if you don’t pay me I will destroy the key!].

Modern cars have a 100 million lines of codes and recent hacks like the Jeep in which hackers could take over total control of the car and drive the poor Wired journalist from the road.

Baby monitors could be hacked by Paedophiles.

In a world were 100 billion devices will be connected in the next years, it is scary to know how badly maintained lots of Linux systems are and how widespread Linux is.

What can you do?

Transactional updates has been a key feature from Snappy Ubuntu Core in which you can remotely upgrade a connected smart device and if the upgrade fails it will be automatically rolled back. By default any correctly created Snappy Ubuntu Core device will automatically upgrade when security bugs are available. Canonical, the company behind Ubuntu, has taken the stand that by default security updates should be free and installed daily.

The Internet of Scary Things – IoT can kill

Don’t be part of the club of companies that delivers devices and software to customers and prays they will never have a bug. Don’t be part of the Internet of Scary Things, #IoScaryT. Even a connected light bulb that is remotely switched on/off thousands of times a second can provoke a fire and kill the people living in that home. You can’t risk launching a connected product which does not transactionally upgrade. The risk is too high that you or the world pays a high price.

Original article

Talk to us today

Interested in running Ubuntu in your organisation?

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Managing OTA and telemetry in always-connected fleets

If you’ve been reading my blogs for the past two years, you know that the automotive industry is probably the most innovative one today. As a matter of fact,...

Charmed Kubeflow 1.9 Beta is here: try it out

After releasing a new version of Ubuntu every six months for 20 years, it’s safe to say that we like keeping our traditions. Another of those traditions is...

Bringing Real-time Ubuntu to Amazon EKS Anywhere customers with Ubuntu Pro

Earlier this year at Mobile World Congress (MWC) 2024 in Barcelona, Canonical announced the availability of Real-time Ubuntu on Amazon Elastic Kubernetes...