Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates. They can also, as Stavrou and his team have uncovered, result in firmware bugs that put users at risk. “The problem is not going to go away, because a lot of the people in the supply chain want to be able to add their own applications, customize, add their own code. That increases the attack surface, and increases the probability of software error. They’re exposing the end user to exploits that the end user is not able to respond to.”

• Uncategorized