While technology is becoming more powerful and user-friendly, various subjects like cyber security are often overlooked during development of applications and devices that make up the Internet-of-Things. (IoT)
The most overlooked aspect is making sure that all of our gadgets stay updated with the latest patches. There is actually a very large market on the Internet for what are called “Zero-Day” exploits. These are flaws and errors in software that were missed during the development phase of testing and were uncovered by black hat attackers.
Recently, there was a bounty put out for a vulnerability that would facilitate a remote takeover of a mobile device without user interaction. The price paid out for that was about $500,000, and lesser amounts for less intricate exploits. If you think about the all of the different applications for mobile phones, tablets and computers, the size of the problem becomes very large.
That all being said, there are also white hat security researchers that actively look for flaws in code, and then contact the developer and give them a heads up. There is an official disclosure model that most white hats try to abide by since it outlines a 90 day time frame before the researcher makes the information available to the public.
It might seem counter-intuitive for a white hat to make public a serious software flaw, but the intent is to motivate the developer to release a patch to make the system more secure.
This is why it is very important for all users of technology to regularly check for updates on their devices. While corporate IT teams do a great job of securing, patching and updating endpoints, they often do not have access to EVERY device on the network, such as personal devices belonging to individuals, like tablets and mobile phones. Most devices now regularly check for updates, but do not install them unless prompted by the end user (you).
Whether you are on iOS, Android or Windows Mobile, it is imperative that we be diligent in habitually checking and updating the software on our personal devices. Given the amount of personal information (banking, medical, insurance) applications have access to, our personal devices are a potential goldmine for bad actors. Vulnerabilities that enable attackers to carry out things like Remote Code Execution and Remote Command Execution are primarily how our data gets exfiltrated.
If we make sure that our devices are always up to date, we reduce the attack surface that bad actors have to compromise our devices, and that makes them have to work harder.