Bruce Schneier lets it fly at IoT and rightfully so, but will it change anything? Security is and always has been a last tier feature and among the first cut at even the slightest hint of budget, time or resource shortfalls, but 50 Billion easily hackable and perhaps even non patchable devices by 2020 is a very frightening concept.
Indeed. Few businesses seem to have an idea how to even think about and decide on embedded security, e.g., how to assess potential security threats. Often, device security appears to be more of a fig leaf requirement (“we need to show at least something, in case our devices become hacked and the media get wind of it”).
Nevertheless, we think embedded security will inevitably become more important, and therefore have begun to investigate this topic quite thoroughly. We focus on single-chip microcontrollers, where e.g. using OpenSSL is out of the question. We’ll see where this leads us.