1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Shuttleworth: Firmware is the universal Trojan

Discussion in 'Security Updates' started by snoopy, Mar 19, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    Shuttleworth: Firmware is the universal Trojan
    Kill proprietary firmware

    Canonical boss Mark Shuttleworth has called on the world to abandon proprietary firmware code, calling all such code “a threat vector”.

    In this blog post, Shuttleworth makes the case that manufacturers are simply too incompetent, and attackers (including government security agencies) too competent, for security-by-obscurity in firmware to ever work.

    “Any firmware code running on your phone, tablet, PC, TV, wifi router, washing machine, server, or the server running the cloud your SaaS app is running on” is a threat, he writes, calling on the industry to abandon secret firmware entirely.

    “Arguing for ACPI on your next-generation device is arguing for a trojan horse of monumental proportions to be installed in your living room and in your data centre. I’ve been to Troy, there is not much left,” he continues.

    Certainly, there's plenty of evidence out there to support Shuttleworth's concerns. Widespread router vulnerabilities like the Linksys bug, HP's “printer firebomb” bug in 2012, Belkin's home automation bug, and hard-coded SCADA passwords all show how easy it is for experts to identify weak firmware.

    Details here: http://www.theregister.co.uk/2014/03/18/shuttleworth_firmware_is_the_universal_trojan/
     
    snoopy, Mar 19, 2014
    #1

Share This Page