Thursday, July 30, 2015

New York Subway System Infrastructure

Slate provides here a link to a video on the machines used to operate the New York subway system.  Much of this equipment dates to the first half of the 20th century.  It's a great video.   I had read about some of this before but never in this much detail.

The Slate columnist refers to this equipment "delightful, sure, but also deeply baffling."  I think that this view misses a few points.  First, modern computer equipment isn't always reliable in many aspects, ranging from computer security to electromigration.  Second, much computer equipment isn't designed to last more than a few years.  Replacing computers regularly is OK for data centers but it just doesn't work for a lot of infrastructure.  Infrastructure has to be built to operate safely and reliably for years.  Unfortunately, the computer industry isn't very good at designing things that last.

I find the video's discussion of the old-fashioned signaling system to be much more important than the age of the wires and relays.  The old equipment can't identify the location of a train very accurately, which means that trains have to be spaced farther apart.  One of the important benefits of new equipment and control system---known as CBTC---will be more efficient transit thanks to better location and control.

Wednesday, July 22, 2015

Georgia Tech Center for the Development and Application of Internet-of-Things Technologies

CDAIT, the Georgia Tech Center for the Development and Application of Internet-of-Things Technologies, is run by Alain Louchez.  Their web site posts a number of interesting items.  Here is one item on our research on long-term care for people with special needs.

Jeep Cherokee Zero-Day Exploit

Wired reports here on the demonstration of a zero-day exploit on Jeep Cherokees. 

Monday, July 6, 2015

Yet Another Software Timing Bug

Extremetech reports here that New Horizons, the NASA Pluto probe, stopped communicating for an hour and that NASA says the bug was probably caused by a "hard-to-detect timing flaw" in software.

Thursday, June 25, 2015

A Great Tagline

See this article from Tom's Hardware: the founder of Kapersky refers to IoT as the "Internet of Threats."

Wednesday, June 17, 2015

Samsung phone security problem

NowSecure reports here that they have found a way \for an attacker to use the keyboard update mechanism on several Samsung phone models to execute privileged code on the phone.  The vulnerability leverages the software update mechanism for the Swift keyboard software, which is from a third party.  Software updates download files in privileged mode but as a plaintext zip file. The exploit modifies this download zip and its associated manifest to install malicious files on the phone.

Thursday, June 4, 2015

Mac suspend/resume vulnerability

Reverse Engineering Mac OS X described here a bug in Mac suspend/resume code that allows malicious programs to modify BIOS, getting around traditional virus protection checks.  This isn't strictly embedded but given the emphasis on low energy in the embedded/CPS/IoT world, who knows what other devices have similar problems.