Posts Tagged ‘linux’

New BlueBorne Security Flaw Affects Embedded Systems Running Linux

Monday, October 16th, 2017 Michael Barr

A major security flaw in the Bluetooth communications protocol was recently discovered and has since been confirmed as exploitable in the real world. It is important that designers of embedded systems are aware of this security issue potentially affecting their products.

So-called “BlueBorne” is an attack that can be performed over the air against an estimated 8.2 billion Bluetooth-enabled computers, including those that run operating systems variants such as Microsoft Windows, Apple’s OS-X and iOS, Google’s AndroidOS, and many Linux distros.

Many of the vulnerable computers are embedded systems or Internet-of-Things devices.

Specifically, any system running Linux kernel version 3.3-rc1 or later may be vulnerable to a remote code execution (RCE) attack following compromise by BlueBorne. This includes rebranded Linux derivatives such as Samsung’s Tizen operating system.

BlueBorne is potentially a very serious issue for embedded systems designers. For example, a medical device or other mission-critical product built on Linux within the last 5 or 6 years could be vulnerable to attack. Such an attack could include remote code execution or system takeover by an ill-willed party. In one hypothetical (for the moment, phew!) scenario, a BlueBorne-powered worm could deploy a ransomware attack that shuts down your products until a ransom is paid by you or your customers.

Designers of systems that may be affected should read this white paper for technical details:

Importantly, until a patch can be applied to your product to eliminate this vulnerability it is only possible to ensure system security by DISABLING Bluetooth entirely. That’s because BlueBorne is able to attack systems even when they are not in “discovery mode” or pairing.

Should your team need help securing affected products, Barr Group has security experts who can help.

The End for Embedded Linux?

Tuesday, October 3rd, 2006 Michael Barr

Last week at the Embedded Systems Conference in Boston, I moderated a panel discussion premised on the recent downward trending slope of Linux use in such systems. The panelists were Dr. Inder Singh (CEO, LynuxWorks), consultant Bill Gatliff, and John Carbone (VP of Marketing, Express Logic).

The graph to the left shows the operating systems use data. The source of this data is an annual (except 2003) subscriber survey by Embedded Systems Design (nee Embedded Systems Programming) magazine. To create this graph, I aggregated individual Linux distribution numbers, as well as combining data for pSOS and VxWorks under ISI acquirer Wind River Systems and Nucleus and VRTX under Accelerated acquirer Mentor. Similarly, all variants of DOS and Windows are lumped into Microsoft.

The question for the panel discussion revolved around the future trend: Will Linux’s share growth return or has it peaked? Whatever the answer, Linux is clearly very popular with embedded software developers. And other surveys support this finding.

An interesting subplot concerns Wind River Systems (Nasdaq:WIND). When Wind acquired competitor Integrated Systems (ISI), the combined market share of ISI’s pSOS and Wind’s VxWorks products (according to the data cited above) was more than 30%. Today the combined share for the same two products has fallen to about 10%. Over the same era the company’s stock price has fallen from a high of $60 to about $10. I see little reason to be optimistic about the company’s future and noted that they were not even present at the aforementioned industry gathering.

Is VxWorks dead? Is the company’s recurring market share around 10% simply due to past users at large companies continuing to use the product? How much has Linux contributed to the early demise of a previous market share leader? What do you think about the future of either operating system?

Open Sores

Saturday, January 5th, 2002 Michael Barr

In the past two years, increasing numbers of embedded programmers have been getting to know Linux and other open source software packages intimately. What has primarily attracted this interest is the non-existent pricing structure. But some of the initial enthusiasm—particularly for Linux—seems to be fading.

Is the use of open source software as building blocks for embedded systems just a fad?
I’ve just found a couple of interesting insights about Linux buried within a recent survey of embedded developers by Evans Data Corporation. The survey asked a number of questions focused on Linux, and the results are cross-tabulated in interesting ways. One table, titled “Perceptions of Linux’ Biggest Technical Difficulties by Degree of Community Interaction,” presents data gleaned from a question asked of those considering and already using Linux to various degrees, sorted by their experience level. Developers who hadn’t actually done anything with Linux yet (about 84% of those surveyed) perceived its biggest technical hurdles to be “availability of device drivers” and “lack of board support packages.” However, developers with hands-on Linux experience including kernel modifications (about 6%) were most concerned about the “size” of the package.

You’d think that the size of the Linux code (which is measured in Megabytes), its worst-case interrupt latency and other performance characteristics, and RAM requirements (also Megabytes) would be the overriding concerns for embedded programmers. And yet the big issues that I hear everyone complain about are legalities surrounding open source licensing terms and fragmentation of the, widely distributed, code base. In reality, these latter are not big problems for embedded programmers—as those who’ve actually investigated Linux already know. It’s the memory and performance issues that really get in our way.

As the reality begins to overtake the hype, a consultant/author friend had this to say about the evolving market for his Linux services:
Two years ago I was pumped up on embedded Linux. You said it would pass; I thought you were crazy. Well… I just stopped work on my book. I only found two Linux clients and I ran out of money. Back to VxWorks to pay the bills—and get me out of debt for the time and effort I put into Linux.

Though there are certainly companies out there embedding Linux, the market isn’t growing as rapidly as most analysts predicted it would.