Page 3 - index
P. 3
SmartPhones & Internet of Things, Insecure New Trojan Horses
Friends,
In this month’s edition of Cyber Warnings, we wanted to share some
ideas in the area of security for smart devices. Whether it’s the car
hacking stories you read about in the news or the internet enabled
webcams turning into botnets, no matter where you turn, you hear about
hackers finding more innovative places to plant their flag and call their
territory.
Imagine you’ve just solved your company’s biggest bring your own device (BYOD) dilemma, only to
find ½ the employees start wearing smart watches that soon will have complete computers built
within and of course wireless and cellular connectivity. Add to that some storage, input/output and
downloadable malware…I mean ‘trusted apps’ with lots of permissions (yes, malware), you have
the ultimate spying device. But unlike James Bond who used these tools on his wrist for his own
benefit, you’ll be the Trojan horse for hackers, cybercriminals and malware and won’t even know it.
We face a new challenge where the OS vendors themselves have accidently, for their own benefit,
opened your network to backdoors for eavesdropping – whether by advertisement networks,
malware or other cyber threats. So, it’s truly a most important moment in time for network security
to include privacy concerns in your risk management and mitigation strategy. Patching Windows 10,
for example, may fix holes that reduce the risk of an exploitation by new malware, yet without
turning off a plethora of privacy-risk features, native backdoors remain open and data leakage
through your firewall could be happening without your knowledge.
Now is the best time to study smartphone hacking as well as the internet of things (IoT). If you don’t
begin to demand of these hardware vendors, a stronger, safer, more secure device, expect them to
become backdoors and botnets. To stay one step ahead of the next step, you’ll need to manage
the risk of these devices being allowed on corporate networks as well as their comings and their
goings. Sometimes employees will complain about their employee-owned equipment becoming
managed but you must inform them that without their agreement to help you secure the complete
network and BYOD environment as a whole, they might inadvertently become an accomplice in
cyber theft within your organization.
Customers are always deaf to the complaints of the corporate victim. They will demand and even
use class action lawsuits and other means to not be responsible for your loss of their data. Be
vigilant and consider IoT and BYOD a big new attack vector in your risk management equation.
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
