How many other embedded systems on our networks have these backdoors? As the number of important devices (Nest, I'm looking at you) on my home network increases, so does my risk profile.
I used to do R&D for the US defense industry. Three years back I was catching up with a friend from that industry and asked what they're up to these days. Her answer? Hacking into connected appliances (furnace, video games, espresso machines, etc) with the goal of turning them into listening devices, making them explode or catch fire, or otherwise malfunction.
If you can dream up a sick way to mess with people, odds are there is a government somewhere funding research into it.
You call it a sick way to mess with people, governments will refer to it as cyberwarfare. I'd say that the US / Israel's attacks on the Iranian uranium enrichment facilities (Stuxnet) was just a tame and reserved trial, and that most modern countries have plans in place that will unleash a devastating cyberattack on loads of internet-connected devices.
I'd say routers are particularly vulnerable, if only because they are smart (Linux) machines, but in most cases users will never check them for anything odd going on. As this article shows, it takes but a simple command for them to execute stuff, and given how Linux is a general purpose OS, they could install and perform any kind of task - like install backdoors and whatnot on the PC's behind the routers, which can then in turn be disabled or used in a massive botnet to perform a DDoS or other attacks on other systems.
Just think about the implications of there being a backdoor in every internet-connected computer system, or the consequences of all-out cyberwar.
A senior VP of a prominent credit card processing company in the US told me that he fields an average of 200,000 attacks originating from Chinese and Iranian IP addresses every day. Governments having backdoors everywhere would be terrifying.
You are completely correct. And I don't want to add fuel to the fire, but it gets even worse than that. Aside from backdoors and the security of these appliances/devices from a system perspective, what about network connectivity and the transport layer? Only recently, within the past few years [1], has SSL/443 become a requirement for some of the bigger organizations out there. Seems to me that security is often an afterthought. Smart Appliances/Devices run the same risks, and it stands to question; are they connecting securely? And if not, how long will it take them to secure their transport? Because even if that brand new IP-enabled Door Lock is secure from a system perspective, it wouldn't matter if someone can subvert the transport layer, take control, and open the Lock.
One of my Projects attempts to solve this problem for the new generation of IP-enabled Appliances/Devices. I plan to make the process painless and easy. Everyone wins, both customer/consumer and developers/providers. Does anyone want to build it with me?
