It was very sad to see this article about the shoddy job that was done in creating a solid PRNG for the Zigbee smart meters that the TI chips are installed in. Apparently a large number of the current meters have the TI Zigbee hardware:
Texas Instruments to patch smart meter crypto blunder
You have to wonder about the quality of any other software coming out of that group. Were is the QA, code review? This reenforces my opinion that open source is the best path for much of the systems development going on now. Unless you can afford a Space Shuttle software development effort, I do not see other good routes to good software. This was such a basic blunder, with so much very recent history of similar shorts cuts causing WiFi systems to be vulnerable how could this happen?
This guy, Travis Goodspeed, and a couple of others are doing a real service getting these issue out in the light. And I am guessing with no help from the likes of TI, Zigbee or others.
While it not clear if this mistake will make it any more possible for hackers to 'bring the grid down'. It sure looks like it will slow the deployment of energy saving and GHG reducing solutions for residential and commercial buildings and that is bad enough.
Come on, you can do better!
Monday, January 18, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment