I am seeing this more and more. I've seen the ability to have a phone take over an airplane, a laptop control a car, now a laptop taking over a ship... where are all the security guys at when this stuff is implemented?
>where are all the security guys at when this stuff is implemented?
It doesn't matter where they are, because where they're not is in management. During development, if attacks like this are even considered at all, its a very low probability incident, isolated to a very small number of targeted units and requires people doing things that can be dismissed by rhetorically asking "why would anyone ever do X?"
Computer security in general is abysmal. It's not for a lack of security guys trying. Good security costs time and money, but the return is practically invisible. The only reason the little bit we have exists at all is either that people have lost money, regulation, or an easy to spot practice has become trendy enough that people will chide others for not following them.
that's sad. I wonder if anyone has done a case study on companies that listen to their IT and implement as much as possible compared to the "let's just make it pass inspection" guys. I know in every cartoon I've seen, the first group wins, but in reality it may truly be worth it to skimp
