[Interest] Segmentation fault on exiting Qt event loop

Thiago Macieira thiago.macieira at intel.com
Thu Jan 3 22:50:50 CET 2019 

On Thursday, 3 January 2019 11:29:14 -02 Roland Hughes wrote:
> Or you architect out everything which could be a security issue. There
> is no command line or terminal. The few medical devices I know of
> removed all support for inbound connections. The only method of
> accessing them is to take the screws out of the case, open it up and
> connect the custom debug board.

Physical access is still an attack vector.

And those devices still have an input mechanism: their scanner ports. It's 
possible to send malformed data to their I/O pins to cause an exploit. Heck, 
it's theoretically possible to do that with the scanning head itself: paint 
your chest with some pattern in UV and when you go for a tomography, bam! the 
device gets hacked. Remember how the iPhone 1 was jailbroken by a 1x1 pixel 
TIFF image opened in the Safari browser?

But I do understand the cost of re-certifying a medical or avionic device. I'm 
not saying people should update every day or every week, but they should still 
keep up with the software, in their development tree. So like Konstantin said, 
they will not be surprised when the time to update does come.

And please don't forget all other segments, where updating *is* possible and 
even necessary, if they are connected to *any* kind of network.

> Do you really want a surgical robot which is cutting on you running a PC
> OS on a PC processor able to connect to the Internet? Some little hacker
> poking around looking for financial/identity information could
> accidentally have it remove your heart instead of your appendix.

Yes, so long as that device does proper security hardening, which includes the 
ability to deploy fixes quickly. It also means it's not your regular desktop 
OS, but a hardened version, like Safety Critical Linux. We had this discussion 
20 years ago, when Linux was getting into telcos, and Carrier-Grade Linux came 
about.

Maybe the IoT surgical robot is not a 2019 technology, but there are plenty of 
other IoT ones that are. Those MUST update. Frequently. For those, if you're 
not able to deploy a fix within one week, do us all a favour and don't sell 
your device.

> Control systems have to be sealed.

To an extent. I agree that there needs to be sufficient separation. But it 
will be short of a full airgap.

See also the Industry 4.0 activities in Europe and China. The OT networks 
where control commands are currently transiting is merging with the IT 
network. There will still be some separation, bandwidth reservation, priority 
queues, etc., but the wire will likely be the same.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

More information about the Interest mailing list