The Raspberry Pi Foundation was reportedly offered cash to put malware on its latest boards. The organization declined the offer.
Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
(Click image for larger view and slideshow.)
Malware on your nice, new system could be as close as a hacker's checkbook. That checkbook will need to work with an organization other than the Raspberry Pi Foundation, though. Open slots in Raspbian Linux are not for sale.
Numerous news sites are reporting that Liz Upton, the Raspberry Pi Foundation's communications director, received an email offering to pay the foundation to put an executable file on its small controllers that would take users to a particular website. Upton declined the opportunity and tweeted an image of the solicitation with critical details redacted.
Certain details of the file to be included (such as the ".exe" extension) indicate that the latest version of the Raspberry Pi -- a version capable of running Windows 10 Embedded -- is the target. Windows 10 compatibility opens the new Raspberry Pi to a new realm of malware, though the Internet of Things doesn't require Windows to provide a malware vulnerability.
In fall 2015, malware was found that infects IoT devices running Linux. While the malware, Linux.Wifatch, behaves oddly for its kind, its ability to infect IoT devices is a demonstration that a GUI and attached keyboard are not required for malware infection.
Linux.Wifatch seems to actually protect infected systems from other malware, but researchers and security analysts know that malware authors can't be counted upon to behave altruistically in the future.
One of the significant problems facing IoT developers is a lack of choice in anti-malware packages dedicated to the embedded system market. McAfee offers a product aimed at embedded systems, but it is limited in its target platforms and notably lacking in extensive competition.
Until robust security is available across IoT platforms, it's a near certainty that companies depending on malware for their business will continue to chip away at vendors in the embedded systems market. It should be only a matter of time before they find one with standards that are sufficiently low -- or cash-flow requirements that are sufficiently high -- to make deal, at which time the IoT will change, and not in a good way.
**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.
Curtis Franklin Jr. is executive editor for technical content at InformationWeek. In this role he oversees product and technology coverage for the publication. In addition he acts as executive producer for InformationWeek Radio and Interop Radio where he works with ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.