Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Maarten Ectors
on 23 February 2016

The Internet of Scary Things – #IoScaryT


Your broadband modem is likely vulnerable to critical security bugs that allow hackers to remotely control it and you are at their mercy because your telecom operator is not going to do anything about it. Imagine a connected world with billions of things that are insecure. What should you do?

Last Thursday a critical GNU C bug was discovered that let’s anybody remotely bring down a Linux machine. This bug comes months after Shellchock, Heartbleed, LogJam, etc. All bugs that let you either remotely bring down or even take administrative control of a Linux system. Every Linux system that uses C, SSH, encryption, Bash shell, etc. is affected, i.e. most. Ubuntu users got updates before the news about these bugs was made publicly available. However did you upgrade your broadband modem since last Thursday? Did your telecom operator upgraded it? The chances that your broadband modem, WiFi access point or anything in your house or business that runs Linux, i.e. TV, Radio, home appliances, your alarm system, etc. is still not patched are close to a 100%. Cheap hardware has come at the price of badly maintained Linux. Most embedded Linux systems you find in cheap network equipment and home appliances never get an upgrade during its lifetime. Even if a telecom operator wanted to upgrade the broadband modem, they don’t have a way to rollback if the upgrade would fail. So the risk of doing the right thing comes with an even bigger risk of cutting your service if there is any failure in the upgrade.

Why worry?

Botnets can now take control of broadband modems in a country and completely disconnect it from the Internet, spy on everybody, even create RansomWare [i.e. I have encrypted all the files I found in your home or business network and if you don’t pay me I will destroy the key!].

Modern cars have a 100 million lines of codes and recent hacks like the Jeep in which hackers could take over total control of the car and drive the poor Wired journalist from the road.

Baby monitors could be hacked by Paedophiles.

In a world were 100 billion devices will be connected in the next years, it is scary to know how badly maintained lots of Linux systems are and how widespread Linux is.

What can you do?

Transactional updates has been a key feature from Snappy Ubuntu Core in which you can remotely upgrade a connected smart device and if the upgrade fails it will be automatically rolled back. By default any correctly created Snappy Ubuntu Core device will automatically upgrade when security bugs are available. Canonical, the company behind Ubuntu, has taken the stand that by default security updates should be free and installed daily.

The Internet of Scary Things – IoT can kill

Don’t be part of the club of companies that delivers devices and software to customers and prays they will never have a bug. Don’t be part of the Internet of Scary Things, #IoScaryT. Even a connected light bulb that is remotely switched on/off thousands of times a second can provoke a fire and kill the people living in that home. You can’t risk launching a connected product which does not transactionally upgrade. The risk is too high that you or the world pays a high price.

Original article

Related posts


Michelle Anne Tabirao
13 December 2024

How does OpenSearch work?

Data Platform Article

How does opensearch work? OpenSearch is an open-source search and analytics suite. Developers build solutions for search and more! ...


Michelle Anne Tabirao
13 December 2024

What is RAG?

AI Article

RAG explained: is a technique that enhances generative AI models by utilizing external knowledge sources such as documents and extensive databases. ...


Matthew de Klerk
12 December 2024

What is vulnerability management?

Security Article

Vulnerability management is the holistic process of identifying and handling security risks in an organization’s networks, systems and devices. Vulnerability management serves an overarching strategy that describes and outlines the many individual efforts and steps taken to reduce cyber incident risk to acceptable levels and improve overa ...