April 24, 2014 By Erkang Zheng 3 min read

Earlier this year, smart refrigerators and televisions were being hacked and were subjected to greater cyber attacks, according to NPR. Also, according to Extreme Tech, it was recently discovered that a Tesla Model S can now be located, unlocked and burglarized with a hack through its connected iOS app. In my own household, we have accumulated a sizable pool of smart devices (smartphones, tablets, smart TVs, streaming media devices, smart thermostat etc.) — 18 of them, to be exact — that can be exploited; and this is not to mention the hundreds of apps running on some of them. You’re welcome, Mr. Black Hat.

I conducted a “smart” calculation of my own. What’s in your household?

Smart Devices: Risky Convenience

These connected smart devices provide us with an unprecedented level of convenience at our fingertips, yet they contain a treasure chest of personal and sensitive information that poses a security threat for simple everyday tasks that we take for granted.

A major theme that emerged from this year’s RSA conference in San Francisco was the growing abundance of personal electronics and smart devices that have embedded software and processors. Internet-connected cameras, industrial meters and sensors, home automation controllers and smart appliances all pose privacy and security risks for consumers and manufacturers. In the case of connected cars and health monitoring devices, these risks can be catastrophic and life-threatening.

3 Ways to Think Like a Hacker

This proliferation of smart devices has caused a renaissance in thinking about security. Attackers often look for vulnerabilities to gain root access on the device. Using this access, attackers can target communications, imaging and location data, install more malware or steal sensitive and confidential information.

Because many mobile platforms are not natively designed to provide comprehensive security, hackers have a strong incentive to develop new techniques or create mobile-centric malware specifically for these devices.

We understand the dangers of mobile device security. But how can manufacturers and enterprises protect themselves? While there may not be a silver bullet solution for mobile device security, organizations and individuals should start to think like hackers and use this approach to protect their smart devices by considering the following:

  1. The Path of the Attack: While mobile devices can certainly pose new threats to personal and enterprise data, it’s important to understand the likely avenues of attack and protect against them instead of viewing the whole mobility issue as a general threat. For example, it may be more efficient for attackers to directly attack the portal to which the mobile application connects and gain access to the entire data repository rather than “pick the pockets” of a multitude of mobile devices. Leveraging threat modeling to understand the specificity of potential attacks can put you back in the driver’s seat in combating these new waves of attacks.
  1. Check Your Inventory: You need to know the kinds of vulnerabilities that may exist on a specific device. Analyze the device’s physical and logical architecture, device driver, communication channels and storage containers, and take a hacker’s approach in order to uncover security issues through penetration testing and source code analysis of a device’s operating system, kernel module and applications. Just as importantly, the testing should be standardized so that it is repeatable as changes are made to the device and its software.
  1. Use Emerging Technologies: Hackers are discovering the benefits of compromising both business and personal data contained within mobile devices. Sandboxing, containerization and trusted transactions are all emerging technologies that promise to provide enhanced protection and to open up the willingness of security and IT executives to further enable mobile applications in the workforce.

The security of mobile devices has become a top concern for many IT executives. While manufacturers continue to embrace this unstoppable trend of embedding intelligence into every possible device and connecting devices to each other and the Internet, this level of sophistication also renders the devices targets for exploitation and security attacks.

Having the convenience provided by these connected smart and embedded devices should not come at the risk of the devices being attacked for malicious purposes or, worse, at the risk of physical damages or life-threatening incidents to their users. Such risks must be identified and mitigated before it is too late.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today