Talk for Penn State SRA Club on the challenges of doing security audits on systems including embedded devices in limited time and with a limited budget.
Like probably everyone else in the room, I asked Google…which told me I should have started with Wikipedia. Note what is doesn’t say: nowhere does it say an embedded system can’t use general purpose software and hardware components, only that it isn’t designed to.
Laziness The quality that makes you go to great effort to reduce overall energy expenditure. It makes you write labor-saving programs that other people will find useful, and document what you wrote so you don't have to answer so many questions about it. Impatience:This makes you write programs that don't just react to your needs, but actually anticipate them. Hubris: Also the quality that makes you write (and maintain) programs that other people won't want to say bad things about. Common software components mean that existing techniques will work, albeit with custom payloads. People securing servers have pretty much gotten it. Hopefully your programming classes are showing it to you. If not, please ask your professors to stop hurting the world. The designers of small, limited function devices? Not so much.