When Spinal Tap Meets IoT

Introduction

Many people talk of the next wave of the Internet, where billions of devices will connect (known as the Internet of Things - IoT), but the new wave could bring a whole lot of problems, especially in fixing bugs and with security vulnerabilities. So this week, Ford has recalled 433,000 2015 Focus, C-MAX and Escape vehicles because of a software bug where drivers cannot switch off their engine, even when they take their ignition key out:

Figure 1: Ford's "always-on" service

Recently, too, a security researcher showed how BMW cars could be controlled by sending commands that told the cars to open their doors and lower their windows. Overall BMW had to issue a security patch for over two million vehicles, including for BMW, Mini and Rolls-Royce. 

Figure 2: BMW remote control problems

As we move into a time where there are increasing amounts of software within cars, and an increasing range of embedded systems, we are facing a nightmare in terms of patching them. With our desktops, and even our mobile devices, we have auto-updates so that users do not have to bother updating them, but embedded systems will be less easy to update.

Can you imagine how you would patch your Smart TV if an intruder managed to listen to your conversations, or download a patch for your wi-fi kettle? Overall the recent problem with Ford and BMW show that patching software can be expensive for car manufacturers, but that's the tip of the iceberg, as the same procedure may have to apply to a range of devices.

70mph and the brakes went on...

Few things in this world are less reliable than computer software. Imagine if you were driving along at 73mph, and a blue-screen appears on your dashboard saying:

Error 1805: This car has encounter a serious error and will now shutdown and reboot

You would sent it back to the dealer in an instance. With software, we have put up with bugs for decades and have even got used to them. In fact the term "bug" and "debugging" goes back to the 1940s when Grace Hooper found that an actual moth stuck in an electrical relay, and which had been caused a computer malfunction.

With the millennium bug, we couldn't even trust developers to get the date right, so can we trust all these little embedded systems to be free of bugs, especially in safety critical systems? With the intelligent car we have the marketed statement of (Figure 3):

(Almost) as smart as you!

The (Almost) seems to hint that it is actually smarter than you, but they just don't want to say it. You have really got to worry about whether they have really tested it for every single operation that the car would go through, or do they just leave some things for us to find?

Figure 3: The Intel Intelligent Car

You must also start to wonder if car designers are really taking security seriously, as a recent hack shows that an intruder could stand outside someone's home and open their car. As seen in Figure 4, the intruder stands outside the house and picks up the near-field wi-fi from the key fob, and then amplifies it so that the car thinks that the owner is near - and we have a vanishing car!

Figure 4: The "wi-fi enabled" vanishing car

Not-so-smart testing

Many software development courses focus on design and implementation, but may just scratch the surface on validation tests, but few institutions ever really concentrate on a proper evaluation of the software. Increasingly it is software testing and evaluation that can consume much of the time in the development process, with code walk-throughs and penetration testing.

In 1998 developers could not even get the units for a calculation correct, and where NASA's $655-million Mars Climate Orbiter robotic space probe disintegrated in space as it approached Mars's upper atmosphere at the wrong angle. The fault was traced to a software module which used pound–seconds rather than newton–seconds. For this, one is reminded of the classic Spinal Tap moment, where the designers had mixed up feet (') for inches ("), and ended up with a rather small version of Stonehenge [video]:

So you must worry if designers of a half-a-billion-dollar project can get a safety-critical thing wrong, what sloppy practices are around in the Internet of Things. Perhaps a braking algorithm might assume km/hr and when speaking with a sensor recording in m/hr, and breaking too fast?

Along with the confusion around inches and feet, there can also be problems in converting between metric and imperial. For this we find that the big six energy suppliers in the UK have been under or over estimating meter readings. This relates to older meters using imperial measurements (cubic feet) and newer ones using metric measurements (cubic metres).

It is likely that customers have been overcharged by more than ￡1.7bn, where those with a newer meter which was read in imperial being undercharged by 60%, and those with older meters being read as metric being overcharged by 130%.

Not-so-smart grid

One would think that embedded systems which could run without the requirement to be continually updated would be designed in a secure manner. Well the lack of thought in the design of these types of systems has recently been highlighted with a flawed implementation of cryptography on millions of smart grid devices. The focus was on the Open Smart Grid Protocol (OSGP), which is used extensively with smart meters and smart grid devices. Overall the OSGP was developed by ESNA (Energy Service Network Association), and is defined as a standard by ETSI (European Telecommunications Standards Institute). It was standardised in 2012, but has been under fire on the way it has went its own way in developing new cryptography methods. It is estimated, in 2015, that there are over four million devices using OSGP.

Figure 3: The not-so-smart grid!

Not-so-smart kettle

It seems that virtually every device in your home is getting a wi-fi upgrade, including your fridge and your kettle. Unfortunately, the first wi-fi kettle on the market actually gives away your wi-fi router password. The following shows a simple setup, and where an intruder can actually mimic the SSID of the wireless network that the kettle connects to, and then the kettle gives the password of the user's wireless router to the intruder. So the kettle could become a target for an intruder, as it literately gives away the user's details.

Not-so-smart IP cameras

The sloppiness doesn't end with wi-fi kettles, it spans to IP-enabled cameras, such as for CCTV systems, which can have simple default passwords, and have no lock-out on multiple password attempts. In the following example, the IP camera even has the Telnet service enabled, so that any intruder can log-in and do whatever they want on the camera (go to 14:00 to see the IP camera in its full glory):

Overall this camera, out-of-the-box, suffers from [details]:

• No lock-out on Web username and password tries.
• A Telnet port can be connected to remotely, using a default password. There is a time-out on three tries of incorrect user details, but a default password can be set on the service.
• Firmware instance can be used to determine the operation of the device, such as the default usernames and passwords.
• There is no facility for a secure connection, where and where the insecure HTTP is used as the standard method for accessing the images and video.

Conclusions

I hate to scare you, but software is one of the most unreliable things that we have, and computer systems have gained a bad reputation from them. When was the last time that your microprocessor developed a hardware fault? Compare this to the last time that Microsoft Word crashed, and you can see the fault is not in the hardware, it's mainly software's fault, and often it's because of sloppy design, implementation and test. Too often developers forget to properly test their software, and often they leave things in the final build that were there for testing, and which can be used to exploit the system.

A crash of Microsoft Word is possibly acceptable, but a crash in a car is not so good. So if you have a Ford, please wait for it to switch itself off before you return it back for a two-minute update at the dealer. Car owners of the future are going to have to be a lot more savvy on downloading updates and installing them, as there will be an increasing requirement for manufacturers to patch their systems.

Finally answer this question ...you get into your Audi A4, and, as you are driving along, it says 

You have a critical update for your braking system, please select YES or NO to install the update. A reboot of the car is not required, and the update will be installed automatically from your wi-fi enable vehicle

Would you answer YES or NO? If you answer NO, you don't trust software, and if you select YES, you are probably reading this article while driving at 100mph along a motorway!