The Internet of Things makes new demands on the security of embedded software. Professor Hans-Joachim Hof from Munich University of Applied Sciences and head of the Munich IT Security Research Group (MuSe) urges a rethink. Too often going “fitted and forgotten” according to the principle procedure
The issue of IT security needs associated with the Internet of Things will be rethought -.. Which Professor Hans-Joachim Hof is convinced Firstly whether at all important to get an understanding of IT security per se. Because too often prevails in the area of embedded software that Prinzipo “fitted and forgotten”.
this means that embedded devices, including those that are connected to the Internet, are all too rarely patched. “I have the impression that overlook electrical engineer, that it is quite necessary in computer science to keep the software up to date. in electrical engineering, it naturally happens rarely that components need to be replaced, in computer science, it is unfortunately common practice “
an example:. pointed When called heartbleed incident an Open SSL library for the transport encryption of online data is used, two years ago a critical vulnerability on. “That was about the worst case scenario, because with Open SSL is a majority of the compounds protected on the Internet,” said Hof. When finally came out of the patch, the corrected version was recorded within a short time by most IT administrators.
“In the IoT is practically not happened,” says the security expert. Many products from the IoT environment, so Hof are equipped with a web interface. But this must be securely configured and constantly adjusted, emphasizes Professor Hof: “This understanding is not yet available, because it is never thought across many devices in how to go about it actually.”
An example : In a heating system with web interface is not clear who should ever patch this interface. As long as a device is not connected to the Internet, all this was not so tragic, says Hof: Because these devices are however linked increasingly to the Internet, the problem emerges clearly: “You have unsafe equipment and you can also as a user no update patches themselves – and the devices depend on your home network “
It also had to observe a convergence of networks.. Classical protocols for building automation and networks for the WLAN are joined together in the course of smart home initiatives – because users need to make their home control with your smartphone.
danger of excessive complexity
From the perspective of farm may arise here a complexity that is too high. Professor Court cited the IT security expert Florian Oelmaier who has warned that IT could take a development similar to the nuclear energy. In the seventies, nuclear power was seen as the future technology. Today, however, it was unanimously of the opinion that the complexity of the technology can not be controlled -. With the consequence of exit
“The same can actually happen to us with the IT also,” says Professor Hof. The most important consequence of this is the requirement for a significant improvement of software quality. “When we looked at because accustomed that software has poor quality?” Asks the MuSe ladder.
This issue will however mostly not even recognized by manufacturers of IoT products. That stems firstly because there mostly engineers from the Electrical Engineering are active, who do not come from the thought world of computer science. Secondly, the price pressure could be a barrier for IoT products. In addition, IoT devices possessed usually only relatively small IT resources. The implementation of IT security mechanisms would therefore cost too much energy under certain circumstances.
No comments:
Post a Comment