This is the 9th blog in a series about security and how security is about how you think.
ANYTOWN, USA – Researchers have found that many Internet toasters, which use the OPENTOAST module to help communicate with Internet, are vulnerable to a remote attack which can disable the burn control module and may start fires with specially crafted requests. Toasters and other appliances (such as toaster ovens) which use version 2.1.1504.4b through version 2.1.1504.11q are vulnerable.
What if this news article was real? How would I know if my toaster was “vulnerable” and my house was at risk for kitchen fires? How do I decipher this news article and determine how it affects me?
Hopefully, I could look at the toaster manufacturer’s website and they would have posted an article which told me if my toaster was vulnerable (using the serial number, model, and manufacturer date on the bottom of the toaster). The manufacturer may even contact me directly if it’s a very serious problem (probably by mail or email if I had registered the product). This is the approach that many car manufacturers use – if there is a problem which concerns me, then there will be a recall or a service request in which a trained mechanic will make a change to the car for me. But most computer-based products are more “do it yourself”. Therefore, to fix the problem, I should download and update the toaster’s firmware – I just have to go to the toaster’s website and they have a procedure for that.
But what if this is a common module used in a few products on my toaster? Then I can just download the OPENTOAST module and install it into my toaster. In this case, my toaster does not use the “appliance” model of software (where everything is in one firmware and the user just deals with that one file). It then follows more of the “server” methodology with shared components. I can go to the OPENTOAST website and download the new module, but then have to make sure that everything in my toaster can support the new version. I may break some functionality if one or more modules of the toaster don’t support the updated version yet.
Wow. A lot to THINK about – but are there any problems with updating my toaster? Sure – the new firmware could have other issues or potentially not work on my toaster (and how would I get my morning toast?) Or it may introduce new vulnerabilities or even new “features” (note the air quotes when I say that) which I have to understand and deal with. A new version, for example, could enable a toast cataloging feature which I need to know about in order to disable (I don’t want anyone to know what toast I eat). It may not be as easy as just fixing what is wrong without changing other features, functions, and capabilities.
As I look through the description of the latest firmware for my toaster, I see that the toaster manufacturer introduced an “automatic update” feature for my toaster. Should I keep that enabled or turn it off? There are tradeoffs – if I keep it enabled, my toaster is always up to date, and I automatically have the latest (and hopefully greatest) firmware. That’s a good thing. But I may use more bandwidth to download a lot of firmwares (interesting if I pay for access like over a cellphone), and my toaster could be downloading and updating when I need it to make my morning toast! I’d really like to schedule when my toaster updates (hopefully during my normal 1am-4am kitchen maintenance window) as well as know what is contained in each firmware so that I can pick the ones that help me directly. Setting the automatic updates for my toaster is probably the best default operation, but it may not be applicable to all environments (like a roadside diner which uses its toaster 24 hours a day— now, that’s a mission-critical toaster)!
But there is another side of this process—I need to look at all of the appliances and computers in my house and go through this process for each one and also know the entire list of appliances and computers and what components they have. So, when a new vulnerability exists, I know how I’m affected. If I could automate this discovery process – my central command center would tell me when new risks came into my environment, where I was affected, and told me what my options were for solving it.
If we look at the Apple iPhone/iPad devices, they already do something similar—when I turn them on, the App Store tells me how many of the applications I have loaded on my device have changed, along with a description of what has changed. That way I can pick and choose. Microsoft’s Windows Update adds a severity rating (Critical, Important, Recommended, etc.) to their updates so that I can pick and choose which ones I want.
What is at the heart of this process is the concept of DATA INVENTORY. Each one of these devices (and my entire house) has a master list of what’s in it, the methodology used (appliance or server) and possibly all of the modules used in it so that I can keep everything up to date. The goal of DATA INVENTORY is to understand and catalog everything in my environment that I care about so that my environment is up and running and NOT VULNERABLE when I need it. Its main goal is to understand all risks to the environment. The more mission-critical my environment is, the more critical that I know all of the pieces and how they are vulnerable.
So knowing about what I have helps me quantify the risk to my environment. It comes down how we THINK about security, whether we’re talking about an Internet-connected toaster or a computer datacenter.