It is obviously not new that the security of hardware devices, especially the ones in the IoT space, is not the best. Typically, these devices were not designed with security in mind – much more with functionality and ease of use.
With Spectre and Meltdown last year we have seen a new challenge showing up: Vulnerabilities in hardware we were used to trust. Our computers might have had some technical challenges typically around reliability or they did some creative calculation (remember the bug in an Intel process which made Excel do wrong calculations in some very limited circumstances?).
Rolling out these updates for hardware is another challenge as well as update the Operating System with a possible mitigation. Azure cloud was patched within hours, I know that some customers still do not know whether and if yes, how they want to roll it out.
I guess we are just seeing the start of a development we do not have an answer, yet. Hardware has vulnerabilities, we need to accept this. We need to learn to cope with it. Patching hardware is not really an option at scale. It will be interesting to see, how far the big Cloud provider are able to at least mitigate these threats on a virtualization layer. From my point of view, concentrating people and investments and make sure we can address such questions centrally in the Cloud has to be the right approach – and customers need to be willing to pay for such solutions as well. Not always a given.
The next 12-24 months will be really interesting and challenging.
*** This is a Security Bloggers Network syndicated blog from Roger Halbheer on Security authored by Roger Halbheer. Read the original post at: https://www.halbheer.ch/security/2018/05/16/iot-and-hardware-security-how-bad-will-it-get/