From Vincent Zimmer’s Twitter feed, there’s a new article by Tom Gaffney, a Security Advisor at F-Secure Corporation on IoT firmware security concerns:
Is Firmware Kryptonite for Routers and the IoT?
The Internet of Things (IoT) promises to capture people’s dreams for a “smart lifestyle” and turn them into a reality. As manufacturers create new devices and product lines that capitalize on the IoT opportunity, they’re coming across a question cyber security professionals ask everyday – how will device security evolve with the IoT? Skeptics have done a good job demonstrating how far there is to go. There’s no shortage of reports about hackable Internet-connected security cameras or smart cars. But looking at small office and home (SOHO) routers can provide the most useful insights into the security issues facing IoT device manufacturers. […]
This article has a very broad definition for firmware, any software that is on a device. I wish that people would stop using that, and refer to the system firmware, the various peripheral firmware, and the remaining OS/app software on the embedded device.