informa
/
Commentary

Raspberry Pi Foundation Says 'No' To Malware

The Raspberry Pi Foundation was reportedly offered cash to put malware on its latest boards. The organization declined the offer.
Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
(Click image for larger view and slideshow.)

Malware on your nice, new system could be as close as a hacker's checkbook. That checkbook will need to work with an organization other than the Raspberry Pi Foundation, though. Open slots in Raspbian Linux are not for sale.

Numerous news sites are reporting that Liz Upton, the Raspberry Pi Foundation's communications director, received an email offering to pay the foundation to put an executable file on its small controllers that would take users to a particular website. Upton declined the opportunity and tweeted an image of the solicitation with critical details redacted.

Certain details of the file to be included (such as the ".exe" extension) indicate that the latest version of the Raspberry Pi -- a version capable of running Windows 10 Embedded -- is the target. Windows 10 compatibility opens the new Raspberry Pi to a new realm of malware, though the Internet of Things doesn't require Windows to provide a malware vulnerability.

[Want to know more about the Internet of Things? Read 10 Raspberry Pi Projects For Learning IoT.]

In fall 2015, malware was found that infects IoT devices running Linux. While the malware, Linux.Wifatch, behaves oddly for its kind, its ability to infect IoT devices is a demonstration that a GUI and attached keyboard are not required for malware infection.

{Image 2}

Linux.Wifatch seems to actually protect infected systems from other malware, but researchers and security analysts know that malware authors can't be counted upon to behave altruistically in the future.

One of the significant problems facing IoT developers is a lack of choice in anti-malware packages dedicated to the embedded system market. McAfee offers a product aimed at embedded systems, but it is limited in its target platforms and notably lacking in extensive competition.

Until robust security is available across IoT platforms, it's a near certainty that companies depending on malware for their business will continue to chip away at vendors in the embedded systems market. It should be only a matter of time before they find one with standards that are sufficiently low -- or cash-flow requirements that are sufficiently high -- to make deal, at which time the IoT will change, and not in a good way.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.