Paul C. Williams

Interfacing Technology & Business
View Paul Williams's profile on LinkedIn
StackOverflow
 3.3k 

Friday, November 29, 2013

The Long Tail of Making Things Work

There's been quite a bit of news circulating these days about worms or other malware that is starting to exploit what we have started calling the Internet of Things.

The Internet of Things is a confusing enough concept.  Everything from your fridge to your thermostat to your TV and all the points in between like routers and VoIP bridges are connected to the internet, and most of them run Linux.  These devices -- which without doubt make our lives better -- make our home networks as juicy targets as big corporate networks, but a lot softer.  Be honest with us: have you gone to the lengths to harden your home network?

The Long Tail of Making Things Work

What happens after a company has made a product?

Of course, they sell it.  

In a corporate environment, as customers we demand a certain level of maintenance.  This maintenance ensures that the firmware for our WiFi routers and other appliances is updated with the latest patches and bug fixes. People have their jobs on the line to make sure that security threats are mitigated.  We pay, on average, 18% of the purchase price annually to make sure software and firmware is up to date.  When the hardware is no longer viable and cannot be reliably updated, it is replaced, often at great expense.

This maintenance, to keep things working and safe over time is the Long Tail. It's an immense amount of work that never, ever stops. 

This differs from the home market in a radical way. In the home market, we are used to microwaves, clothes driers and TVs which we purchase once and never pay for again. We would refuse to pay $180 every year to update the TV's software; and so it stays the same.  Issues that were discovered, exploited and solved will be ignored for these devices, for the manufacturers will spend their energy on development of the next new product that will garner revenue, not the last generation which consumers will not pay to update.

DDOS Fodder

These devices, with security holes in time mapped like the catacombs under Paris or Rome, are the platforms which are used to launch a DDOS attack against whatever hapless business runs afoul of some extortionist scheme. Yes, your old Linksys router might be one of ten million devices, sending 3 requests per second against a specific Yahoo server to disrupt some service.  You will never know, of course, because the traffic is so light for any one device that the additional bandwidth gets lost in the noise of YouTube and Google Docs.

Avoid the Trap

Some consumer electronics companies avoid the trap. Among consumer electronics manufacturers, Apple has the best record of keeping software up to date, by using the same software base for 3-4 generations of devices, and making it harder to avoid updating than it is to just update your software.

Others, like printers or WiFi router manufacturers do not succeed as well. These devices languish on the desktops and in the closets of homes and small businesses everywhere, ripe for exploitation.

Friends, I implore you: DO NOT BECOME AN ACCIDENTAL PARTICIPANT!

Be picky.  Choose your devices not for their current updates or implementation of the newest 802.11 abcgn-mouse protocol; rather make sure that you've looked at some 3rd party controller firmware for whatever device you have. 3rd party firmware does not need to justify to shareholders why it is spending 18% of revenue on maintenance of legacy platforms .. it can be worked on and kept up to date just because its fun to do so.

And, of course, disable any outside access to your networks.  You don't need it.  Really.

3rd Party Firmware

No comments:

Post a Comment