Thursday, June 25, 2015
Wednesday, June 17, 2015
NowSecure reports here that they have found a way \for an attacker to use the keyboard update mechanism on several Samsung phone models to execute privileged code on the phone. The vulnerability leverages the software update mechanism for the Swift keyboard software, which is from a third party. Software updates download files in privileged mode but as a plaintext zip file. The exploit modifies this download zip and its associated manifest to install malicious files on the phone.
Thursday, June 4, 2015
Reverse Engineering Mac OS X described here a bug in Mac suspend/resume code that allows malicious programs to modify BIOS, getting around traditional virus protection checks. This isn't strictly embedded but given the emphasis on low energy in the embedded/CPS/IoT world, who knows what other devices have similar problems.
Wednesday, June 3, 2015
The gearbox on my mechanical sewing machine broke. It sounded like it was mixing gravel; I didn't investigate further. I decided to replace it with a cyber-physical model but one that didn't have a lot of features that I wouldn't use. I think this model will have a strong drivetrain as well as fairly reliable electronics, but only time will tell.
My first sewing machine suffered an electronics failure, and a rather mundane one at that. As we integrate electronics and computers into all sorts of devices, I hope that system designers keep in mind that consumer electronics devices (cell phones, audio players, etc.) are designed with very short lifespans in mind. In contrast, many of the cyber-physical devices, such as sewing machines, have much longer lifespans. All the components should be designed to have consistent lifespans. This means building printed circuit boards and chips to higher quality standards than those to which the electronics industry has become accustomed. And, of course, more components of any type means more opportunities for failure.