The Internet of Scary Things – #IoScaryT

Maarten Ectors

on 23 February 2016

This article is more than 8 years old.


Your broadband modem is likely vulnerable to critical security bugs that allow hackers to remotely control it and you are at their mercy because your telecom operator is not going to do anything about it. Imagine a connected world with billions of things that are insecure. What should you do?

Last Thursday a critical GNU C bug was discovered that let’s anybody remotely bring down a Linux machine. This bug comes months after Shellchock, Heartbleed, LogJam, etc. All bugs that let you either remotely bring down or even take administrative control of a Linux system. Every Linux system that uses C, SSH, encryption, Bash shell, etc. is affected, i.e. most. Ubuntu users got updates before the news about these bugs was made publicly available. However did you upgrade your broadband modem since last Thursday? Did your telecom operator upgraded it? The chances that your broadband modem, WiFi access point or anything in your house or business that runs Linux, i.e. TV, Radio, home appliances, your alarm system, etc. is still not patched are close to a 100%. Cheap hardware has come at the price of badly maintained Linux. Most embedded Linux systems you find in cheap network equipment and home appliances never get an upgrade during its lifetime. Even if a telecom operator wanted to upgrade the broadband modem, they don’t have a way to rollback if the upgrade would fail. So the risk of doing the right thing comes with an even bigger risk of cutting your service if there is any failure in the upgrade.

Why worry?

Botnets can now take control of broadband modems in a country and completely disconnect it from the Internet, spy on everybody, even create RansomWare [i.e. I have encrypted all the files I found in your home or business network and if you don’t pay me I will destroy the key!].

Modern cars have a 100 million lines of codes and recent hacks like the Jeep in which hackers could take over total control of the car and drive the poor Wired journalist from the road.

Baby monitors could be hacked by Paedophiles.

In a world were 100 billion devices will be connected in the next years, it is scary to know how badly maintained lots of Linux systems are and how widespread Linux is.

What can you do?

Transactional updates has been a key feature from Snappy Ubuntu Core in which you can remotely upgrade a connected smart device and if the upgrade fails it will be automatically rolled back. By default any correctly created Snappy Ubuntu Core device will automatically upgrade when security bugs are available. Canonical, the company behind Ubuntu, has taken the stand that by default security updates should be free and installed daily.

The Internet of Scary Things – IoT can kill

Don’t be part of the club of companies that delivers devices and software to customers and prays they will never have a bug. Don’t be part of the Internet of Scary Things, #IoScaryT. Even a connected light bulb that is remotely switched on/off thousands of times a second can provoke a fire and kill the people living in that home. You can’t risk launching a connected product which does not transactionally upgrade. The risk is too high that you or the world pays a high price.

Original article

Talk to us today

Interested in running Ubuntu in your organisation?

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Meet Canonical at the Mobile World Congress 2025 in Barcelona

Canonical is excited to return to the Mobile World Congress (MWC), taking place in Barcelona on March 3-6, 2025.  Next year’s event brings attendees together...

Canonical announces Ubuntu Security Research Alliance Program 

Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source...

Documentation, development and design for technical authors

Typically, a technical writer takes the product created by a development team, and writes the documentation that expresses the product to its users. At...