Internet of Things Problems – Computerphile


Up until now… An awful lot of information security mechanisms and the policy debate has been about the use of security to protect the privacy of personal data and the confidentiality of business data But in the future once we get software and communications in everything, it’s going to be much more about safety And this is going to change the policy debate as well Because at present many people might not object too much to the idea that the FBI has a golden master key that That lets them break into your iPhone and read all your embarrassing private chat messages But I think people will be very much more nervous about the idea that the FBI will have a golden master key that will enable them to break into your car remotely and turn it into a weapon that could kill you And if this golden Master key is available also to other intelligence and police agencies around the world Then perhaps that begins to become a real problem, and we have to revisit the whole question of government special access to cryptographic keys and the systems in General So far, people have talked about the possible privacy risks of the internet of things and we saw the Cayla doll being banned in Germany Because it’s basically a remotely commandable room bug and we also saw the Mirai Botnet last year where some bad person recruited a couple of hundred thousand TV cameras to DDoS a DnS service which took Twitter offline for a few hours in the US Eastern seaboard But I think that the big problem with the internet of things isn’t going to be privacy Or availability, it’s going to be safety what we are now doing is putting online an awful lot of devices On which people depend for their lives, and which can kill people if they go wrong the obvious cases are cars and medical devices, but there are many more And the other thing that’s going to make this complex and difficult is the fact that up until now We’ve known how to make two kinds of dependable system The first is a system like a mobile phone, where are you upgrade it every month to make sure that all the security Flaws are patched but where you’re expected to throw it away after two or three years and nobody bothers to patch really old versions of your phone software or your laptop software and the other type of thing that we build is stuff like cars and medical devices and electricity substations And other durable things that we expect to last for 30 or 40 years. Now, in the case of cars, what we do is We test the software to death before the thing goes on sale, and we hope that’s going to be good enough And we never upgrade it afterwards unless there’s some real panic. Now This is going to change because tesla is already shipping monthly software upgrades for their cars Ford and BMW Have already shipped some upgrades and everybody will be doing this within three or four years. All of a sudden Your car becomes something like your phone or your laptop Which gets a monthly software upgrade. And this is great for some purposes and terrible for other purposes. It’s great because it means that if there’s some safety vulnerability like for example when a Tesla driver was killed when his car went into the back of a truck which was painted white because the sky was was gray and It wasn’t visible enough Something like that you can fix by shipping a software upgrade and it will be very very much cheaper than having to Recall millions of cars and Reflashing all the firmware at a cost of billions and billions and billions but although it brings us the possibility of steady growth in vehicle safety It brings a terrible cost with it Which is that we’ve got to maintain the capability to patch that software not just for years but for decades And we don’t know how to do that either in organizational terms or in technical terms So let me state the problem Suppose you’re working in Cambridge, England or in Cambridge, Massachusetts on some software that will, say, help do navigation In a land rover, or a jeep, or a phone or whatever that you expect to go on sale in 2020 How are you going to be able to patch that software In 2030? In 2040? There are small numbers of systems that have been maintained for a long time for example Deep-space probes Another example is avionics software where, basically, Stuff may be replaced or may get a midlife upgrade But where regular updates aren’t expected Because the kind of devices that you have in an airport, in an airport’s air traffic control system, or in an aircraft cockpit Tend not to be connected directly to the internet and so you don’t have the same attack surface you don’t suddenly have the need to patch stuff because of Shell Shock or something like that which could actually Render it open to attack, but in the future We’re looking at a world in which all our cars are online all the time Right? Because the car will be autonomous or at least partly autonomous. It will be communicating over the Network; it will be downloading maps, it’ll be downloading traffic information It will be contributing to traffic information. It will be getting updates of all sorts of kinds of kinds of code and data it will be a very very complex beast, and How we manage that is going to be a big problem. Now, at present we have serious problems in getting OEMs to patch Systems like Android and so most of the Android phones in the world are insecure simply because their vendors Can’t get it together, or don’t have the incentives to patch them Now this is going to become considerably worse from once we start talking about cars Because the car is not just a simple system that’s made by one vendor anymore. The brands that you buy, be it Volkswagen or Mercedes or Peugeot or General Motors or whatever are basically integrators who buy in components from lots and lots of people who sell the parts, who sell the The ABS, who sell the automatic emergency braking, who sell in future the robo chauffeur Which will actually drive You to work while you’re sitting there hacking some code, and so you then got the technical problems and the business problems of how do you produce software upgrades which marry together code written by potentially dozens of different firms? Then there’s a question of who’s going to be liable for it all when things go wrong And then there’s going to be the question of who pays for it all. Now, at present software firms try and get rid of the liability for software going wrong And that’s not going to be possible when software is in devices that can kill people. Legislators simply won’t allow it. laws in both America And Europe see to it that if you sell a device that kills people, then you’re liable and it doesn’t matter how often you get your users to click on the “Don’t Sue Me” button. That basically doesn’t work. For now. We won’t talk about exactly what’s going to see understand, but the idle hold that [observations] of [a] bottom PP It’s been very difficult yet out all the shuttle enter, but then we fight around making Difficulties all these done them to see minute [very] [tiny] bringing in [duplication]. That’s already having

100 Comments

Add a Comment

Your email address will not be published. Required fields are marked *