Reading this article, the first thought that came to my mind are the small computer systems such as the Raspberry Pi, BeagleBone, and many others of the same type with IoT capability, with the well trusted Linux kernel and various options of Linux-compatible OSs. People think because they have such a system that they have no worries, but that's not so - one still needs to exercise caution. The very thing mentioned in the article about the flashing, applies, since the OS is actually flashed onto an SD card either before or after purchase of such "mini computer" system.
I make use of such a system for web-hosting from my home, not for the actual web-site hosting aspect per se, but because the Apache server software also provides an interface for use of PHP, Python, and other scripting possibilities, as well as a MySQL database and CRON-jobs, allowing me to communicate with and control "things" at my house, while away, via the web, without concern for the the typical hacking sometimes possible by the usual home IoT systems which are so popular these days, but managed in the cloud often by reputable sources, but sometimes "those" sources may be hacked by outside sources, or as I for one often wonder, possibly a disgruntle employee in charge of the management aspect of the systems.
I can't help but wonder if there is a problem these days with such "main" systems that "really" need to be concerned about hacking (power grids, pipeline management systems, etc.), which may have at least one or moreĀ "geek-type" employees who see a solution to a problem such as monitoring a particular solenoid, regulator, video monitoring system, or whatever, having a simple solution of adding on a mini-computer to handle one or more such "simple" tasks due to it's flexibility of I/O and network/internet connectivity, making it possible to deal with a task, while at the same time communicating with the main system, or worst case scenario, undetected internet communications - all while on the "other" side of the main system's firewall or other security systems. Such "mini" systems, as already mentioned, can be configured to automatically update their software, via the internet, which is one reason why they may be, without consideration of the risks, connected to the internet, bypassing the main system's firewall without correct configuration of their own firewall.
I make use of such a system for web-hosting from my home, not for the actual web-site hosting aspect per se, but because the Apache server software also provides an interface for use of PHP, Python, and other scripting possibilities, as well as a MySQL database and CRON-jobs, allowing me to communicate with and control "things" at my house, while away, via the web, without concern for the the typical hacking sometimes possible by the usual home IoT systems which are so popular these days, but managed in the cloud often by reputable sources, but sometimes "those" sources may be hacked by outside sources, or as I for one often wonder, possibly a disgruntle employee in charge of the management aspect of the systems.
I can't help but wonder if there is a problem these days with such "main" systems that "really" need to be concerned about hacking (power grids, pipeline management systems, etc.), which may have at least one or moreĀ "geek-type" employees who see a solution to a problem such as monitoring a particular solenoid, regulator, video monitoring system, or whatever, having a simple solution of adding on a mini-computer to handle one or more such "simple" tasks due to it's flexibility of I/O and network/internet connectivity, making it possible to deal with a task, while at the same time communicating with the main system, or worst case scenario, undetected internet communications - all while on the "other" side of the main system's firewall or other security systems. Such "mini" systems, as already mentioned, can be configured to automatically update their software, via the internet, which is one reason why they may be, without consideration of the risks, connected to the internet, bypassing the main system's firewall without correct configuration of their own firewall.