back to article Embedded systems vendors careless says Metasploit author

One of the reasons we can't have nice things like a secure Internet is that vendors of consumer kit can't be bothered. That's the conclusion The Register reaches after listening to a presentation by HD Moore, author of Metasploit and now chief research officer at Rapid7, at the AusCERT 2013 security conference today. Moore …


This topic is closed for new posts.
  1. Mystic Megabyte


    My Edimax wifi router came with Telnet and FTP ports open by default.. I needed to enable SPI to close them but the instruction manual was extremely vague on this subject.

    You cannot change the user name from "admin" but fortunately I had created a very long pass-phrase.

  2. John Smith 19 Gold badge

    What gets me is a lot of this stuff sounds *very* easy to get right

    And once got right to simply replicate in your next project.

    And the project after that.

    I wonder if these developers would pay more attention (or any attention) if their home systems got invaded?

    Just incredibly sad.

    1. annodomini2

      Re: What gets me is a lot of this stuff sounds *very* easy to get right

      Probably not developers deliberately avoiding the problem, but a combination of lack of time, lack of experience, lack of sleep and forced use of certain elements by management.

  3. Christian Berger

    Well I recently had an interview at an appliance vendor

    They seem to believe that networks can somehow be secure, their TCP/IP stack is a custom one running on a microcontroller to small to run Linux.

    The big problem is that we are used to having our systems designed by people who know about networking since they are experienced with some form of unixoid system. However there is currently a wave of new devices comming from people to whom the idea of a port-scanner is novel and undocumented protocols are secure... since nobody could exploit a protocol they don't know about.

    The problem is, as long as there is nobody who does it right, we will never see any decent solutions.

  4. Kevin Maciunas

    It is part of the lack of deep understanding problem...

    Stats tell you the vast majority of "new" embedded widgets are leveraging both Linux and to a lesser extent the reference microcontroller implementation provided by the industry.

    So to a certain extent the view is "port linux (which is probably already done) and put our stuff on it; ship". The time to market is quite short - so the QA and field test part of it is just missing.

    The vendors quite quickly move onto a new product - possibly with an entirely different team developing the solution. So there tends to be a little amnesia in the corporate "memory" and each thing is a bit of a seperate miracle.

    Some of our international students have very interesting things to say about how this stuff is actually done!

  5. Wil Palen

    investing a little time in finding hardware that supports OpenWRT or OpenEmbedded takes time and maybe a little bit more money, but I feel a little safer because of it..

This topic is closed for new posts.

Other stories you might like