I've just read the summary to an IBM Report which discusses the perceived risk of security problems on mobile devices and even cars akin to those suffered by Personal Computer users today. This is something I've been thinking of writing about for some time - reading the report has finally given me the impetus/excuse to do so :-)
THIS ARTICLE EXPRESES MY PERSONAL OPINION AND IS NOT A RESPONSE FROM MICROSOFT TO THE IBM REPORT. Nor is it intended as criticism of the report. The author of this article(Steve Lamb who is employed by Microsoft Ltd) HAS NOT read the IBM report itself.
Let's take a brief trip back in time to the days when the average home computer user hadn't heard of the Internet let alone connected to it via dial-up or broadband. Little information flowed into or out of their system except by removable media(tape, floppy disc, CD ROM) or of course by the keyboard. USB didn't exist back in the days before I started using dial-up hence memory sticks weren't a concern. I appreciate putting a year to my scenario (late 1980's for me) is difficult as each user achieved connectivity at different stages and of course there are still many users for whom this is still true(nor may it be a requirement as it's quite possible to be happy without internet access so I'm told!) - they don't connect to remote networks.
Given the scenario outlined above the risks posed by worms and viruses is VERY limited. Still a risk - sure. But limited. It's easy to forget the basics. IF the only communications route between your system and others is removable media(and of course physical access) then that's the only transport that malicious code(such as worms and viruses) can take. So if you ensure that only removable media from trusted sources(implicitly this includes the vendor - but more of that in a moment) is used in such a system then such risks have been mitigated. Let's consider the computer systems that are involved in many modern cars today.
"Looking ahead, McIrvine said cars are vulnerable to computer security threats, some malicious, others unintentional.
With the average new car running 20 computer processors and about 60MB of software code, the opportunity for malfunctions, wireless attacks and other security threats is multiplying, he said."
I agree with the sentiment that in general the risks posed by and to mobile devices (and even cars) are certainly increasing however IMHO I question the apparent implication that our cars of the future may become a security liability. I must at the point restate that I've not read the report itself and therefore I may have missed some aspects of it's findings.
Sure if such devices allow users to insert their own media and allow the user to upload applications then YES the risks become akin to the PC of today. And YES I am aware that such devices (even now) normally ARE networked externally via telecommunications networks(GPRS et al). And YES I expect that this functionality & risk is highly probably and certainly the depth and range of functionality such platforms could facilitate would be very interesting. After all the appeal of the personal computer platform to me is the ability for ME as a mere user to choose (and upload) exactly which software and hardware rather than being limited to the functionality intended by the designer of a discrete closed platform such as a typical embedded system. Hence I expect that the battle of maintaining service and safeguarding information security will(and is) indeed be taken to such devices. However I seriously doubt AND would be very concerned if the safety critical systems of devices will be connected to devices that are prone to such attacks.
Let's end with a real-world example. As stated in the report my car includes numerous computer processors, memory and storage. Indeed many such devices are networked. The Engine Management Computer(EMU) is unlikely to be networked to the in-car entertainment system. THIS IS A GOOD THING! Certainly from a security perspective. True separation. Likewise the device controlling the anti-skid, anti-lock brake mechanisms IS NOT networked/connected to the in-car entertainment system. It makes sense to extend the functionality of the in-car entertainment system to incorporate GPS & media capabilities and I’d welcome being able to add my own programs too. Of course I’d have to accept that in doing so I’d be implicitly trusting the author of such user-selected software(and drivers et al) to have written trustworthy software.
In the closing scenario(previous paragraph) I expect the worst case scenario posed by malicious code is that my in-car entertainment system could malfunction and I’d be denied service to it MY CAR WOULD NOT CRASH!!!!!!
IMHO personal computers of the future (be they mobile or not) will embrace a similar degree of separation for critical logic systems(and data storage) from general ones – ensuring safety of data & maintenance of critical services whilst allowing the users and vendors to customise/personalise their experience.
BTW. Earlier in this article I stated the following:
“So if you ensure that only removable media from trusted sources(implicitly this includes the vendor - but more of that in a moment)”
My point was that in running code from a vendor the user is implicitly TRUSTING the author to have taken reasonable steps to guard against compromising the security, integrity, reliability of the system/device upon which it’s installed.
"Worst case - my entertainment system will crash" - perhaps not the WORST case.
Worse case 1 - your compromised SatNav system instructs you to turn the wrong way up a one-way street. You might spot it. Will everyone? I reckon that at least 1 in 100 drivers will do it. How many of those will do it at the wrong time and have a real crash?
Worse case 2 - You are in a strange town (which can be deduced from monitoring of your compromised SatNav). The SatNav in your luxury Mercedes directs you to turn up a small street that turns out to be a dead end. A van blocks your exit and you are being car-jacked.
Worse case 3 - your ICE system suddenly switches to maximum volume as your speed passes 82 mph (perhaps also using data available from onboard sensors to detect lateral acceleration). A sudden, deafening noise as you change motorway lanes. How would you cope.
Maybe I'm paranoid, but I can imagine the existence of the sort of idiot who would find 1 or 3 "fun". Case 2 doesn't sound like fun at all.
Iain> Good comments. Clearly there's a choice to be made between keeping a system closed and accepting the risks associated with an open(configurable) system such as I envisioned with the ICE. Of course good software engineering practises in a green field environment (such as could be applied to a new ICE system) SHOULD mitigate much of the risk.