Almost all connected device makers claim to care about security in their sales pitch, but the reality seems that the security of most device firmware is terrible. According to recent research the firmware security has not improved in any measurable way over the last 15 years, even as attacks on connected devices like home routers have spiked. It seems that “Nobody is trying,”
“A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.*
Huge Survey of Firmware Finds No Security Gains in 15 Years
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
2 Comments
Tomi Engdahl says:
Just for fun, replace word “firmware” with “antivirus”.
Tomi Engdahl says:
Medical device cybersecurity will be rubbish for 20 more years
https://www.zdnet.com/article/medical-device-cybersecurity-will-be-rubbish-for-20-more-years/
Good cybersecurity guidelines are being published, but slow development and approval processes, and long service lives, will guarantee chronic problems.