“Boy what did you expect?” … ”Saw it coming for years!” … “Learn to live with it!” …  “Serves them right!” are just some of the bold and unwavering comments I heard from technically involved people around me, after the recent worldwide ransomware attacks on (mostly) corporate computer systems. Responses like these are typical for engineers who never seem astonished or offended by what a “system” does or fails to do because it was all in the specifications, right?

These attacks were, are, and will be, associated with PCs and PC systems any consumer will instantly recognize as “that computer stuff” and suddenly you may feel anxious about the three laptops and two desktop PCs in your home. Proud as you may be to have extended your Raspberry Pi, BeagleBone, or Arduino with so many bells & whistles it’s actually turned into a little PC, you should at least consider the danger of the system fettering you and your data through … ransomware of the embedded flavour.

Is it farfetched? Maybe for the hobby platforms I just mentioned. I do see though increasing numbers of embedded systems getting equipped with remote access options for diagnostics or data mining purposes. Using that dirt cheap and oh so accessible ESP8266 to provide Internet connectivity on a legacy embedded system in fact opens it up to any server, PC or smartphone on the Internet, making it a potential target for hackers. The danger may not just come from the bad world out there — oops, there are bootloaders and especially secondary bootloaders that allow programming over CAN and Ethernet... from a “harmless” device installed on-site by a “friendly developer”.

What do you think? Should we proceed to install security measures against ransomware on our microcontroller systems by default? Does your embedded system no matter how small or powerful, hold critical data or are you just flashing an LED or mining bitcoins — sorry… data? Please press the Add a comment button below.