San Diego (CA) - Cheap computers for the world's poor could mean big security headaches. The $100 One Laptop Per Child (OLPC) project is inviting hackers to break test out and even break the security on the upcoming computers. Speaking at the Toorcon computer security convention, OLPC representative Ivan Kristić said the OLPC will create the largest monoculture in history and the it will present some "very scary" security problems.
The low-pricedLinux-based computers will be sold to third-world countries and will have a 500 MHz AMD processor along with 128 MB of system memory and 512 MB of Flash storage memory. Standardized hardware along with a standard software image is one reason why the machines will be so cheap, but Kristić explains that this standardization will cause security issues.
If tens of millions of OLPCs are sold, the device could create one of the largest computer monocultures in history, similar to what has happened to the Apple Macintosh. One single exploit could easily wipe out millions of computers.
One huge security risk, according to Kristić, is that new computers will transparently transmit application code from one computer to another. The cheap laptops are meant to operate in a mesh wireless network and if one computer doesn't have an application, then it can acquire it wirelessly from another computer. Kristić calls this scenario "bloody scary".
The OLPC is also designed to be very hackable and Kristić told Toorcon attendees that there was, "a lot of value" from having kids take apart the machine. If something goes wrong, the computer is designed to be easily restored from a server, USB sticks or from the mesh network. But the same easily hackable and easily restorable machine has to be made secure and that's where hackers come into play.
Kristić said, "I want to help you break these machines... before there is a billion of them out in the field."
http://www.tgdaily.com/2006/10/03/toorc ... rityrisks/