What does your app say about you?

Mobile apps attempt to hide a lot of secrets. There is a tendency to focus on assets like personal data, credit card information, cryptographic keys and IP. This is understandable as these are technical assets and app security quickly becomes a technical discussion.

IoT typically represents a network of physical objects (or “things”) embedded with electronics, software, sensors, and connectivity to enable those objects to exchange data with the manufacturer, operator, cloud and/or other connected devices.

The end of 2018 saw a rash of cyberattacks mounted by way of networked printers. In one notable incident, as reported by Kaspersky, a hacker targeted 50,000 printers and caused them to print a message supporting a YouTuber named PewDiePie. According to Kaspersky, the hacker had utilized Shodan, a search engine for devices, and found no fewer than 800,000 vulnerable printers from which to choose. This story, and many others like it, should alarm anyone tasked with cyber security duties. The ubiquitous printer can be a dangerous, overlooked attack surface.

The growth in usage means that there is an increase in sensitive data being installed, stored and generated on mobile devices. That data is the users’ personal data – governed by privacy legalisation like GDPR; it is the Intellectual Property in the apps; and it is secrets like cryptographic keys that are used to secure both the data on the device and access to backend services.

Today’s cars have more in common with powerful computers than with their mechanical machine ancestors.

And as more and more cars become internet-connected, cybersecurity has become a pressing issue for the automotive industry.