Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2010
    Posts
    2,658

    Security threats of ' embedded systems ' used in controls are some serious stuff

    This one describes how the vulnerability in off the shelf commercial micro controller often used in embedded systems can be tampered with. They say that malware can be injected into the firmware into HP printers through ordinary print command which can add backdoor to the printer that can steal data that is sent to printers, infect other devices in network and create a work-around to firewalls. http://ids.cs.columbia.edu/sites/def.../ndss-2013.pdf

    I can see this becoming the future...
    Malware gets on a tech's computer, which then infects the firmware on his flash memory, that can then infect the thermostat's firmware. The thermostat has access to home's WiFi, so the malware can then transfer over to computer. http://www.tripwire.com/state-of-sec...on/danger-usb/


    There's no doubt computerized, communicating controls enable a lot of stuff. Many HVACR controls are designed as so called " embedded systems " which means much of controls' functions are controlled by software residing within devices.

    In the past, computer viruses were used as malicious sabotage that was generally not gainful for perpetrators. In modern days, the major concerns is theft of data. There is significant interest by criminals to obtain data which is a real motive.

    Many of us had to have our credit cards reissued following the Target attack, an attack that involved " embedded systems " , a questionable technology that is double edged sword. In the yesteryears, equipment service usually required use of special wire harness and physical connection and they lack data transmission ability. Unfortunately, the digitally writable features of microcontroller chip is a breeding incubator for malware. With many devices now having outbound traffic capabilities, it creates a major threat when authorized or trusted devices are able to execute codes.

    http://krebsonsecurity.com/2014/02/t...-hvac-company/

    The common features in these embedded systems is a flash memory that can hold a substantial amounts of data and rewritable for firmware updates and configurations. Sometimes, even have "poisoned supply chain" where disreputable vendors bug the devices. So... using those China sourced controls might not be a good idea.

    http://www.scmagazineuk.com/embedded...rticle/361356/
    Beer can cold bandit stoled my superheat.

  2. #2
    Join Date
    Mar 2013
    Location
    Springville, NY
    Posts
    2,758
    too bad no one is writing a Chernobyl for the Nest...
    ~~
    Nest is poo...

  3. #3
    Join Date
    Aug 2009
    Location
    Prattville, Alabama
    Posts
    2,036
    That you know of....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Comfortech Show Promo Image

Related Forums

Plumbing Talks | Contractor Magazine
Forums | Electrical Construction & Maintenance (EC&M) Magazine
Comfortech365 Virtual Event