Smart Edge Devices…Wrong Model
Microsoft has released it’s Azure IoT Edge software bundle that supposedly enables edge-based computing. While Microsoft has been moving more and more towards the IoT with great results (see Windows Core), this effort is going to be a security disaster.
The main issue is that Microsoft utilizes a great model for software development in all areas EXCEPT security. In every case, Microsoft releases libraries and tools that make hard tasks easier but still require domain expertise to properly leverage. For security, given the almost complete lack of proper knowledge, more tools for generic developers equates strongly to more security flaws.
When we looked at this release, we found a horror of all horrors – open tool access to the inner sanctum of security chips. This is akin to providing a kid learning to shoot a bow and arrows a bunch of SCUD missiles. This previously safe area is called the Trust Zone and it is supposed to be very restricted to those people who understand how to use it. Many smart applications store highly-sensitive data in the Trust Zone and it is (or was) the safest place on a device.
Now anybody can download the Microsoft kit, gain easy access to this core area…and provide easy access to hackers looking at these highly-insecure applications.
Talk about a disaster waiting to happen…