Earlier this year, smart refrigerators and televisions were being hacked and were subjected to greater cyber attacks, according to NPR. Also, according to Extreme Tech, it was recently discovered that a Tesla Model S can now be located, unlocked and burglarized with a hack through its connected iOS app. In my own household, we have accumulated a sizable pool of smart devices (smartphones, tablets, smart TVs, streaming media devices, smart thermostat etc.) — 18 of them, to be exact — that can be exploited; and this is not to mention the hundreds of apps running on some of them. You’re welcome, Mr. Black Hat.

I conducted a “smart” calculation of my own. What’s in your household?

Smart Devices: Risky Convenience

These connected smart devices provide us with an unprecedented level of convenience at our fingertips, yet they contain a treasure chest of personal and sensitive information that poses a security threat for simple everyday tasks that we take for granted.

A major theme that emerged from this year’s RSA conference in San Francisco was the growing abundance of personal electronics and smart devices that have embedded software and processors. Internet-connected cameras, industrial meters and sensors, home automation controllers and smart appliances all pose privacy and security risks for consumers and manufacturers. In the case of connected cars and health monitoring devices, these risks can be catastrophic and life-threatening.

3 Ways to Think Like a Hacker

This proliferation of smart devices has caused a renaissance in thinking about security. Attackers often look for vulnerabilities to gain root access on the device. Using this access, attackers can target communications, imaging and location data, install more malware or steal sensitive and confidential information.

Because many mobile platforms are not natively designed to provide comprehensive security, hackers have a strong incentive to develop new techniques or create mobile-centric malware specifically for these devices.

We understand the dangers of mobile device security. But how can manufacturers and enterprises protect themselves? While there may not be a silver bullet solution for mobile device security, organizations and individuals should start to think like hackers and use this approach to protect their smart devices by considering the following:

  1. The Path of the Attack: While mobile devices can certainly pose new threats to personal and enterprise data, it’s important to understand the likely avenues of attack and protect against them instead of viewing the whole mobility issue as a general threat. For example, it may be more efficient for attackers to directly attack the portal to which the mobile application connects and gain access to the entire data repository rather than “pick the pockets” of a multitude of mobile devices. Leveraging threat modeling to understand the specificity of potential attacks can put you back in the driver’s seat in combating these new waves of attacks.
  1. Check Your Inventory: You need to know the kinds of vulnerabilities that may exist on a specific device. Analyze the device’s physical and logical architecture, device driver, communication channels and storage containers, and take a hacker’s approach in order to uncover security issues through penetration testing and source code analysis of a device’s operating system, kernel module and applications. Just as importantly, the testing should be standardized so that it is repeatable as changes are made to the device and its software.
  1. Use Emerging Technologies: Hackers are discovering the benefits of compromising both business and personal data contained within mobile devices. Sandboxing, containerization and trusted transactions are all emerging technologies that promise to provide enhanced protection and to open up the willingness of security and IT executives to further enable mobile applications in the workforce.

The security of mobile devices has become a top concern for many IT executives. While manufacturers continue to embrace this unstoppable trend of embedding intelligence into every possible device and connecting devices to each other and the Internet, this level of sophistication also renders the devices targets for exploitation and security attacks.

Having the convenience provided by these connected smart and embedded devices should not come at the risk of the devices being attacked for malicious purposes or, worse, at the risk of physical damages or life-threatening incidents to their users. Such risks must be identified and mitigated before it is too late.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…