from Hacker News

Ask HN: Thoughts on Embedded Device Security?

by mlmitch on 3/24/22, 4:10 PM with 2 comments

I’m thinking of pursuing a project to improve embedded device security for enterprises. It seems like a weak spot in cyber security to me.

However, I’m looking for some insight into how enterprise security people and embedded developers think about this topic before I dive in.

Replies here would be awesome and much appreciated. However, I’m hoping I can tempt you into a deeper conversation over email with the following… First, I haven’t written a line of code so I don’t have anything to sell (yet). Second, I’m an experienced software developer on cyber security products so I should be able to contribute to an interesting conversation on the topic.

Thanks for reading. My email is in my bio.

  • by AnimalMuppet on 3/24/22, 4:23 PM

    You want much of the conversation to happen here, not in email. The magic is in people replying who weren't you or the top-level commenter.

    My two cents: Embedded systems don't usually get managed like computers, so their updates happen slower (or not at all). When a new exploit is announced, IT races to patch the computers, but often doesn't think of the embedded systems.

    Worse, the embedded system manufacturer may be more likely to go out of business than the computer manufacturer, and almost certainly is more likely to go out of business than the OS vendor. Updates simply may not be coming for the embedded system, so it may remain vulnerable forever.