On Thursday, 3 January 2019 11:29:14 -02 Roland Hughes wrote: > Or you architect out everything which could be a security issue. There > is no command line or terminal. The few medical devices I know of > removed all support for inbound connections. The only method of > accessing them is to take the screws out of the case, open it up and > connect the custom debug board.
Physical access is still an attack vector. And those devices still have an input mechanism: their scanner ports. It's possible to send malformed data to their I/O pins to cause an exploit. Heck, it's theoretically possible to do that with the scanning head itself: paint your chest with some pattern in UV and when you go for a tomography, bam! the device gets hacked. Remember how the iPhone 1 was jailbroken by a 1x1 pixel TIFF image opened in the Safari browser? But I do understand the cost of re-certifying a medical or avionic device. I'm not saying people should update every day or every week, but they should still keep up with the software, in their development tree. So like Konstantin said, they will not be surprised when the time to update does come. And please don't forget all other segments, where updating *is* possible and even necessary, if they are connected to *any* kind of network. > Do you really want a surgical robot which is cutting on you running a PC > OS on a PC processor able to connect to the Internet? Some little hacker > poking around looking for financial/identity information could > accidentally have it remove your heart instead of your appendix. Yes, so long as that device does proper security hardening, which includes the ability to deploy fixes quickly. It also means it's not your regular desktop OS, but a hardened version, like Safety Critical Linux. We had this discussion 20 years ago, when Linux was getting into telcos, and Carrier-Grade Linux came about. Maybe the IoT surgical robot is not a 2019 technology, but there are plenty of other IoT ones that are. Those MUST update. Frequently. For those, if you're not able to deploy a fix within one week, do us all a favour and don't sell your device. > Control systems have to be sealed. To an extent. I agree that there needs to be sufficient separation. But it will be short of a full airgap. See also the Industry 4.0 activities in Europe and China. The OT networks where control commands are currently transiting is merging with the IT network. There will still be some separation, bandwidth reservation, priority queues, etc., but the wire will likely be the same. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
