Tuesday, October 25, 2016

Designing Webcams and Other Network Devices for Network Security

The distributed denial of service (DDoS) attack on Friday that slowed one corner of the Internet was a mystery at the time but is well understood a few days later. It was the work of a small (if unidentified) criminal group. The attack worked mainly by reprogramming Internet-connected devices. The heart of the attack botnet consisted of webcams made by Hangzhou Xiongmai Technology. Virtually all Internet devices made by this company were compromised.
The company is blaming a password problem, but there is a deeper issue. Devices like cameras should not be capable of being reprogrammed in this way. There is no need for a webcam to incorporate a general-purpose computer, but in particular, a webcam has no need for the ability to disguise its identity — an essential component of an effective DDoS.
In general, the proposed Internet of Things (IoT) will be possible only after these fundamental security issues can be sorted out. It doesn’t take much imagination to consider what a camera or microphone might do if it is capable of being reprogrammed over the network, but think beyond that. Reprogrammed lights could self-destruct in a relatively short time, leaving people in the dark. A coffee maker could be reprogrammed to explode and start a building fire, a danger that looms larger if you imagine this happening in a million apartments in the same city on the same night. A loudspeaker reprogrammed could plant subliminal suggestions — or it could make the loudest sound you can imagine, causing hearing loss and possibly even earthquake-like structural damage. 
Excluding these unintended capabilities is simple enough in theory. It involves pulling out the general-purpose computer built into the devices, substituting a special-purpose controller that has an intentionally limited set of capabilities chosen with safety in mind. Yes, that requires more design work, but the current approach of relying on good programming practices, firewalls, and passwords clearly is not enough.