C. Warren Axelrod

Embedded Exploits

Two major Y2K security and safety concerns were:

  •  embedded systems (such as control systems in elevators, power plants, automobiles, etc. would fail to operate properly when the date changed from December 31, 1999 to January 1, 2000, and
  • computer applications that had been outsourced, particularly offshore, for remediation would be returned with various forms of malware and “back doors” inserted for future criminal activity by those fixing the applications

Neither of these activities appeared to have been rampant, as feared. There were some control systems failures (the displays in the elevators in my company showed the wrong date for a month or two – not life-threatening, but not encouraging either) and there were (unsubstantiated) rumors of malware having been found in applications.

I still believe that the extraordinary efforts of those fixing the systems were responsible for the excellent performance of most of the systems and lack of error situations, although many have argued that the problem was overblown in order to generate consulting revenues.

Now let us fast forward to the present day. We are witnessing a period in which the sophistication and frequency of attacks using embedded physical and software systems is increasing at an alarming rate.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*