In Depth

The Security of Automatic Updates

Automatic software updates are supposed to make your life easier. But vulnerable updating mechanisms can help your enemies instead.

By Simson Garfinkel

The problem here is that updates are becoming a more and more vital part of our information infrastructure. An increasing number of computers with embedded software—including those in navigation systems, voting machines, cell phones, and even implanted medical devices like pace­makers and insulin pumps—require regular software updates. Even software designed to play audio CDs can have security vulnerabilities, as demonstrated by the recent fiasco with Sony Music's attempt at digital rights management. Indeed, a system that doesn't have provisions for taking software updates but potentially takes data from the outside world, risks catastrophic failure, for there is no way to fix a security vulnerability if one should be discovered. But as demonstrated by the research presented at the Usenix workshop, those software update facilities themselves can be a source of vulnerability if they are not properly implemented.

One of the problems here is that every developer needs to implement its own secure update facility. It would be far better if secure updates were a service provided by the operating system on servers, desktops and cell phones. Just as these platforms provide SSL and secure storage, they could also give developers a way to register for automatic version tracking and updating of their applications.

Until such features are available, the security of updates will be just one more thing that CSOs need to address.

• Email
• Print
• Comments
• Digg This
• SlashDot