Earlier this year, smart refrigerators and televisions were being hacked and were subjected to greater cyber attacks, according to NPR. Also, according to Extreme Tech, it was recently discovered that a Tesla Model S can now be located, unlocked and burglarized with a hack through its connected iOS app. In my own household, we have accumulated a sizable pool of smart devices (smartphones, tablets, smart TVs, streaming media devices, smart thermostat etc.) — 18 of them, to be exact — that can be exploited; and this is not to mention the hundreds of apps running on some of them. You’re welcome, Mr. Black Hat.

I conducted a “smart” calculation of my own. What’s in your household?

Smart Devices: Risky Convenience

These connected smart devices provide us with an unprecedented level of convenience at our fingertips, yet they contain a treasure chest of personal and sensitive information that poses a security threat for simple everyday tasks that we take for granted.

A major theme that emerged from this year’s RSA conference in San Francisco was the growing abundance of personal electronics and smart devices that have embedded software and processors. Internet-connected cameras, industrial meters and sensors, home automation controllers and smart appliances all pose privacy and security risks for consumers and manufacturers. In the case of connected cars and health monitoring devices, these risks can be catastrophic and life-threatening.

3 Ways to Think Like a Hacker

This proliferation of smart devices has caused a renaissance in thinking about security. Attackers often look for vulnerabilities to gain root access on the device. Using this access, attackers can target communications, imaging and location data, install more malware or steal sensitive and confidential information.

Because many mobile platforms are not natively designed to provide comprehensive security, hackers have a strong incentive to develop new techniques or create mobile-centric malware specifically for these devices.

We understand the dangers of mobile device security. But how can manufacturers and enterprises protect themselves? While there may not be a silver bullet solution for mobile device security, organizations and individuals should start to think like hackers and use this approach to protect their smart devices by considering the following:

  1. The Path of the Attack: While mobile devices can certainly pose new threats to personal and enterprise data, it’s important to understand the likely avenues of attack and protect against them instead of viewing the whole mobility issue as a general threat. For example, it may be more efficient for attackers to directly attack the portal to which the mobile application connects and gain access to the entire data repository rather than “pick the pockets” of a multitude of mobile devices. Leveraging threat modeling to understand the specificity of potential attacks can put you back in the driver’s seat in combating these new waves of attacks.
  1. Check Your Inventory: You need to know the kinds of vulnerabilities that may exist on a specific device. Analyze the device’s physical and logical architecture, device driver, communication channels and storage containers, and take a hacker’s approach in order to uncover security issues through penetration testing and source code analysis of a device’s operating system, kernel module and applications. Just as importantly, the testing should be standardized so that it is repeatable as changes are made to the device and its software.
  1. Use Emerging Technologies: Hackers are discovering the benefits of compromising both business and personal data contained within mobile devices. Sandboxing, containerization and trusted transactions are all emerging technologies that promise to provide enhanced protection and to open up the willingness of security and IT executives to further enable mobile applications in the workforce.

The security of mobile devices has become a top concern for many IT executives. While manufacturers continue to embrace this unstoppable trend of embedding intelligence into every possible device and connecting devices to each other and the Internet, this level of sophistication also renders the devices targets for exploitation and security attacks.

Having the convenience provided by these connected smart and embedded devices should not come at the risk of the devices being attacked for malicious purposes or, worse, at the risk of physical damages or life-threatening incidents to their users. Such risks must be identified and mitigated before it is too late.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…