You are on page 1of 27

Summer 2010

Device Security
Report

Mobile & Smart Device


Security Survey 2010:
Concern Grows as Vulnerable Devices Proliferate,
Smartphones are the Tip of the Iceberg

By:
Kurt Stammberger, CISSP
Mocana

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104
415-617-0055 Phone | 866-213-1273 Toll Free
info@mocana.com | www.mocana.com
Copyright © 2010 Mocana Corp.
EXECUTIVE SUMMARY

Respondents to our 2010 Mobile & Smart Device non-PC, connected devices. Yet over 57% responded that
Security Survey recognize the quickly growing world of their device security budgets would either be “staying the
connected smart devices — the Internet of Things — and same”, “decreasing” or “decreasing substantially.”
acknowledge that device security problems are not only
inevitable, but potentially serious. 71% of our respondents We can see from these results that there is a growing
expect a serious incident arising from attacks on, or awareness of the urgency of the security threats that face
problems with, connected smart devices within the next our expanding world of smart devices. The incredibly
24 months. Additionally, 65% report that attacks against popular smartphone market has likely aided this
their smart devices already require the regular attention awareness — 77% of our respondents report that they’re
of their IT staff, or will start requiring it this year. In fact, concerned about mobile phone security. Protective
23% of organizations surveyed already repel device measures, however, are lagging while new categories of
attacks at least once monthly, while 10% must do so on a smart devices continue to connect to networks across the
daily basis. globe. With virus attacks (just one category of the greater
ecosystem of device threats) — and the defenses against
Despite this level of awareness, results show that them — already costing businesses billions each year,
relatively few organizations are prepared for today’s now is the time to address smart device security head-on.
device security problems and those that lie ahead. Less
than half of respondents described their organizations
as having “completely” or “mostly” adequate resources
dedicated to protecting themselves from attacks targeting

INTRODUCTION
Methodology & Demographics

PCs are no longer the dominant form of computing. By Mocana distributed this survey via e-mail in July, 2010
far, most “computers,” and most nodes on the Internet to its internal database of over 11,000 professionals
are now non-PC smart devices—an “Internet of Things.” who have expressed an interest in learning more about
In the next few years, as this trend accelerates and “smart devices”—the 20 billion mobile, datacom,
everyday gadgets and machines of every imaginable type smartgrid, federal, consumer, industrial and medical
connect, security threats to individuals and society at non-PC devices that connect across every sector of our
large are likely to grow substantially. But how real is this economy.
threat to those actually creating the device ecosystem?
And to what extent are these organizations actually
preparing for it?

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 1


What kind of
business is your
company in?

What
kind of
networked
devices
does your
company
use (or
make)?
Check all
that apply.

The 269 self-selecting respondents came from network printers, routers and datacom equipment
a variety of industries, with particular at their companies while over half said their
concentrations in manufacturing (including company used VoIP devices or networked
computers, electronics and telecom equipment); building security features (such as digital cameras
professional, scientific, and technical services; and and computerized electronic locks). As might
information (including software publishing). be anticipated in a survey of a population of
individuals connected to Mocana, a substantial
Our survey (unsurprisingly) confirms the percentage of respondents—much larger than
increasing pervasiveness of non-PC, connected would be anticipated among IT professionals
devices within business settings. Over two-thirds in general - participate in the actual creation or
of respondents reported the use of smartphones, marketing of these connected “smart devices.”

©2010 Mocana 415.617.0055


www.mocana.com
Selected Organizations Represented in Survey

6Connex Captech Ventures Fujitsu


A.L.M. Associates Centers for Disease Control Garrettcom
ABB CDH Adventures GE Sensing & Inspection
ADVA Optical Networking NA, Inc Certivox Genesee Isd
AES Cisco Systems GEP Washington
Alamjaad Est. Cnisf GMV
Alcorn Mcbride Inc. Comcast Cable Goodrich Corp
Alsim Comtech Aha Corp Graham Consulting
Ambient Condoplex Monitoring Systems Green Hills Software
Amy Sa Conocophillips General Services Administration
Anchiva Systems Conscious Security Guidewire Software Ltd
Anna University Cornwall College Harris Corporation
Anova Cosmo Hewlett-Packard Company
Appliance Innovation, Inc. CTS Hitachi Medical Systems America, Inc.
Applied Signal Technology, Inc. Cyclone Solutions HITK
Arc Kannur Data Respons Norge As Hologic
Arcadian Networks Inc. Data Track Honeywell
Arictocrat Techologies Dell Huawei Technologies Co.Nig.Ltd
Aselsan A.S. Dexter Magnetic Technologies IBJ Llc
AT&T Digicore India Ghandi Center for Atomic Research
Avaya Diversified Labs Imagination Technologies
Avnet DSO National Labs Infineta Systems
Bat Gsd DSR Management Inc Instituto Nazionale di Fisica Nucleare Italia
Berker Gmbh EC Joint Research Centre Innovasmith
Best Buy Edventure Inso4U
Blackmore EIG Consulting Intel
Blade Network Tech. Einfochips Limited Internetassist
Bmcc EIP Elektronika Co. Interphase Corporation
Boeing Elektron Irdeto
Bosch Security Systems Embassy Jands Pty Ltd
Boston Engineering EMC Corp Karpagam College Of Engineeing
Bridgeco Software Services India Pvt. Ltd EMD Kearfott Corp Msd
Broadband Consulting ENE Legg Mason
Brush Ford Motor Company Legrand Home Systems
Buttery Network Services Fortinet Lenard Engineering, Inc.
Cache-A Corporation Fox Electronics Library Of Congress
Calsoft Labs Freescale Semiconductor Lockheed Martin
Cannon Design Fremont Pd Lund University
Canon Communications Frontier Communications Mantech International Corporation

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 3


Marvell Semiconductor, Inc. Progeny Systems ThyssenKrupp Elevadores
Medical Telecomm Prometheus TigerDirect, Inc.
Metatechnic Systems Proteus Tinker London
Metric Group Ltd Proto6 Trak Engineering
Micro Technology Services Quatech Trapeze ITS
Mindray Medical Radvision U.S. Government
Montagem E Manutençao Eletrica RB & Associates UC Berkeley
Montavista Software Renault Pars University of Georgia
More Fun Technologies, Llc Rockwell Automation University Of Helsinki
Morgan Ruckus Wireless Universidad De Belgrano
Motorola RV College Of Engineering Universidad Tecnológica De Pereira
Narda-STS Samsung University Of Limerick
National Informatics Centre Sandia National Laboratories University Of Minnesota
NetIQ Santa Clara University University Of Phoenix
Netresearch Schenck Trebel US Army
Netrino Sertek Inc. US Department of Agriculture
Netsuite Shan Dong University Utah Transit Authority
Network360 Sharp UWBT
NextGen GES Soft Servo Valeo
Niams - NIH Solustan, Inc. Vector Magnetics
Nokia Space Systems Loral Vengear, Inc.
Northrop Grumman Spacelabs Healthcare Vicom Systems
Network Technologies Inc. Spark Integration Technologies Inc Vista Microsystems
Nucleus Technologies Society of Petroleum Engineers Visteon Corp
Nudesign Technologies Inc. SRA International Von Braun Center
Omnitron Stoneridge Wernher Von Braun Labs
Op-Pohjola Group Stonesoft Wi-Tech Consulting
Oracle Corporation Strategi Coakley Winvale
Packer Engineering Strong Mind Designs Wipro Technologies
Panasonic Symantec Xenterra
Penspen International Ltd Technoware Xerox
Pentreed Communications Llc Tekcomm Xylenes Software
Philips Health Care Telcel Xytronix Research & Design, Inc
PKI Engineering Teleca Zeal Interactive Pvt. Ltd.
Playboy Enterprises, Inc. Tennant Company Zippan
PMC-Sierra Tesla Laboratories
Polycom Canada Ltd Texas A&M University
Potts Engineering & Consulting Thai Airways
Prism Clinical Imaging, Inc. The Winvale Group

©2010 Mocana 415.617.0055


www.mocana.com
71% expect
a serious
incident arising
from attacks
on, or problems
with, connected
smart devices
within the next
24 months
(page 8)

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 5


©2010 Mocana 415.617.0055
www.mocana.com
SECTION 1
Perceptions of the Threat to Smart Devices

Understanding the Need for Device Security


The survey found that in the context of this rapidly expanding connected device
ecosystem, there is a strong awareness of the range of potential security threats
these devices face. A significant percentage of businesses surveyed said that attacks
on smart devices have already impacted their business operations.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 7


Are you concerned about the security
of mobile phones?

Considering your peers in your


industry, how would you characterize
your industry’s level of AWARENESS of
threats to connected, non-PC devices?

In your personal opinion, when do you


expect to NEXT hear about a serious
security incident in your industry,
arising from attacks on, or problems
with, connected, non-PC devices?

More than 76% of respondents said they were security incident” involving non-PC devices
“concerned” or “very concerned” about the within their line of business is imminent, and
security of mobile phones. Only about more than half believe that incident would
1 person in 20 said that they were “not very” probably occur sometime this year. (For
or “not at all” concerned about this issue. the purposes of the survey, we defined a
“serious incident” as one causing a personal
But when we asked our survey subjects injury or death, a service outage of at least 8
to comment on their industry as a whole, hours, the loss of more than $100,000, or the
less than half of respondents felt that their compromise of more than 1,000 records of
own industry has a “high” or “very high” sensitive information).
awareness of the threats to smart devices
like mobile phones. Still, the vast majority
anticipate a serious attack involving smart
devices—and soon. Over 80 percent of
respondents anticipate that a “serious

©2010 Mocana 415.617.0055


www.mocana.com
65% say
that attacks
against their
non-PC smart
devices already
require the regular
attention of their
IT staff, or will
start requiring it
this year.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 9


©2010 Mocana 415.617.0055
www.mocana.com
Over 94 percent of respondents report that attacks on non-
PC smart devices will inevitably require the regular attention
of their company’s IT/security staff. Over 60% believe this is
required this year, while nearly one-third believe that such
attention is required immediately. In our opinion, this is one
of the most surprising results of the survey, and the finding
that may have one of the most immediate impacts on the
bottom line of any organization.

As far as the types of problems that are anticipated with


devices, our respondents seem to feel that several avenues
of attack are likely. Most are expecting that their connected
devices will be subject to attacks from viruses and
malware, trojans or ”imposter” updates and phishing, and
eavesdropping, sniffers, and data leakage.

What types of attacks do you


think your connected devices
will need to repel in the next
24 months? (Multiple answers
allowed).

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 11


When do you think attacks
against non-PC connected
devices are going to start to
require the regular attention of
your IT or security staff?

Device Makers & OS Vendors:


On the Hook

Who do you think should be While our survey subjects were largely in
PRIMARILY responsible for
delivering (selling or building-
agreement about the need for IT staffs to
in) security features for mobile start taking mobile device security threats
phones? seriously, our subjects were divided on who
should be held responsible for making security
features available in the first place. When
asked “who do you think should be primarily
responsible for delivering security features for
mobile phones,” our responders were almost
evenly split between the device maker (for
example, Samsung), and the OS vendor (for
example, Google). The carrier and security
software specialists came in a distant third and
fourth. The technology-savvy executives and
individuals among our sample seem to exhibit
a certain expectation that their security features
should come already “baked in” to the device
when they buy it—a marked departure from the
expectations of PC and workstation buyers of a
decade ago.

©2010 Mocana 415.617.0055


www.mocana.com
SECTION 2
Device Security Impacting Business Operations

Our survey found that while most anticipate that most device attacks are yet to come, many
have already experienced first-hand the consequences of device security breaches. More than
two-thirds of respondents reported that device security issues have already disrupted their IT
networks, with more than one-third reporting “some” or “serious” operational impact from
these security incidents.

Almost a quarter of respondents with When it came to the types of attacks


knowledge of their company’s patching experienced (or patched against), viruses and
procedures report that patches focused on malware (unsurprisingly) came out on top.
remediating device security issues are applied But trojans and so-called “imposter
to their company’s systems at least monthly updates”—where malicious code is delivered
— and in some cases weekly or even daily. down to a device, masquerading as a
legitimate software update—came in a close
second.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 13


Has your organization ever
had to apply a security patch
for a non-PC device, or ever
encountered a security issue
with any of your connected,
non-PC devices, including
printers, smartphones,
routers or other devices
like the ones mentioned
previously?

Respondents without knowledge


of patching procedures excluded.

Have those security


issues (or the
responses required
to avoid them)
ever impacted your
business operations in
some way?

What type of attacks did your


devices experience (or, what
type of attacks were the
patches you applied designed
to avert)? Multiple responses
allowed. (Respondents
stating “unsure” have been
excluded).

©2010 Mocana 415.617.0055


www.mocana.com
SECTION 3
Devices and the “Dangerfield Paradox”

Over the past year, analysts and technology press have While attacks on devices are increasing exponentially,
forwarded the notion that attacks originally targeting they are still just a fraction of the millions of attacks
PCs will almost certainly be retargeted towards the targeting PCs every day. Therefore, device security issues
comparatively defenseless device infrastructure. These haven’t received much attention in the press—or in the
same analysts have noted that traditional PC security boardroom. So despite the inevitability, importance, and
approaches are rarely practical for the tight systems difficulty of solving the problem, devices aren’t getting
environments that are typical of today’s smart devices. So much respect: a “Dangerfield Paradox”. Our respondents
the device security problem will be, in the words of one make it clear that virtually all industry segments are
device expert, a “tough nut to crack.” Consider too that eagerly connecting new devices to their networks, but
industry experts frequently assert that smart devices often aren’t yet demanding much security from their device
perform more critical roles in our power, medical and vendors, or applying much add-on security software after
transportation infrastructure, so that a device failure or the fact. But like everything else on the Internet, this is
compromise is felt more acutely than that of a PC glitch. likely to change—and quickly—as the connected device
population grows into the double-digit billions.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 15


Considering your industry
as a whole, how would you
characterize your industry’s
vulnerability to attacks on their
connected devices?
Only 14% of respondents believe that
their industry’s vulnerability to attacks on
connected devices has decreased over
the past year. When looking at overall
preparedness for security threats to
connected devices, we found that over 40%
consider their own companies unprepared
for device threats. Less than 12% of
In your opinion, does your
respondents described their organizations organization dedicate enough
as having “completely” adequate resources resources to protect its
dedicated to protecting themselves from networks and information
from attacks and malware
attacks targeting non-PC, connected devices. targeting DEVICES that
Yet over three-quarters of our subjects said aren’t PCs (printers, routers,
that their device security budget would be smartphones, etc)?
increasing or at least staying steady this
year - significant in a recession when most IT
budgets are being cut.

Here’s where the survey got down to brass


tacks. We asked our subjects to tell us
how much they would be willing to pay to
“properly secure” their smartphones. Not As far as you know, how
would you characterize your
surprisingly, our respondents said that organization’s security budget,
their business organization would (or does especially as it pertains to
already) pay much more on a per phone, guarding against attacks
directed at non-PC devices
per month basis than they personally would like printers, smartphones and
be willing to pay for the same services as network appliances?
individual consumers.

How much do you


think your organization
would (or does)
pay per month to
properly secure its BUSINESS AVERAGE: PERSONAL AVERAGE:
fleet of smartphones? $2.22 per phone/month* $1.44 per phone/month*
Pertaining to your
personal smartphone,
how much would you
pay as a consumer?

*For averaging purposes, responses


of “Less than $1” were calculated
at $0.50, while responses of “$6 or
more” were calculated at $6.50.

©2010 Mocana 415.617.0055


www.mocana.com
SECTION 4
Solving the Device Security Problem

With products ranging from medical devices, office link encryption was by far the most “wished for”
printers, smartphones and household appliances, security feature, garnering more than double the
to smart grid utility meters, security cameras and number of responses as the second-most popular
industrial controls; securing the Internet of Things security feature: Authenticated Code Updates and
is going to be a challenge. It’s not as simple as Booting. Results were similar when respondents
using an off-the-shelf software program to protect were asked about devices that their company,
a PC. Device platforms are as varied as the devices themselves, made or sold.
themselves, often consisting of proprietary
software coded over many years to run in very “Smartphones” are a subset of the larger “smart
specific environments for cars, dishwashers, and devices ecosystem”—the collection of all non-PC
televisions. Each device, each manufacturer has computers that communicate via Internet Protocol.
slightly different needs. Processor limitations, When we focus our responders on the smart phone
memory constraints, battery life and a slew of other subset of smart devices, and ask them about what
constraints and idiosyncrasies peculiar to device attack types concern them the most, their answers
environments conspire to make device security a change in interesting ways.
nontrivial undertaking.
Also, when we rephrase the question to focus on
There are widely recognized “best practices” the organizations “unaddressed needs” specific to
approaches to guarding the security of devices smartphone (as opposed to the device ecosystem
and the data they shepherd. Our survey asked holistically), priorities seem to shift somewhat. We
respondents to opine first about the devices their invite you to see the charts at right, and draw your
company USES, and later about the devices their own conclusions.
company MAKES or sells. When it came to devices
that a company uses in-house, on-device and

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 17


What type of attacks against
SMARTPHONES concern you
the most? (Multiple responses
allowed).

Of the measures you


DON’T use yet, which
ones do you think your
organization should
apply NEXT to devices.
(Multiple responses
allowed).

What do you think are your


organization’s most pressing
UNADDRESSED NEEDS when
it comes to the security of the
smartphones you use? (Multiple
responses allowed).

©2010 Mocana 415.617.0055


www.mocana.com
(If your company builds or sells
devices) — Are you planning to
introduce security-centric cloud
services for your devices?

Apps, The Cloud & Devices

Nearly one-third of device


manufacturers surveyed report that
their organizations are planning
HOW USEFUL would it be
to introduce security-centric cloud to your company to be able
services for their devices. That’s to deliver (or subscribe to)
customized, ad-hoc security
not surprising, considering that
services to your company’s
over 80% of our respondents devices…from the cloud?
said that such a cloud-delivered
security service for their connected
devices would be “very” or at least
“somewhat” useful.

So-called “app stores” for mobile


phones are proliferating, and we
found that a surprisingly large
segment of our sample worked
for organizations that either have,
Lots of companies develop their
or are planning to deploy their own software for internal use.
own internal “app stores” for their Does your company yet offer
employees. Almost a quarter of its own internal MOBILE “app
store” or app repository?
our respondents said that their
companies either had, or soon
would have, an “app repository.”

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 19


CONCLUSION
Headlong, Into the Future

Virus attacks on PCs used to cost American organizations nothing. They were too
infrequent, and of too little consequence. Then everything changed.

Virus attacks — and the global defense against them — now cost businesses billions
every year. And viruses are just one category of the threat in an ecosystem that
steals, spends, wastes, invests and destroys hundreds of billions of dollars annually.
Our respondents acknowledge the fast emergence of the Internet of Things and see
device security problems as inevitable and potentially serious. Because they are so
closely integrated with our critical infrastructure, device security problems are even
more likely than PC problems to result in physical consequences. But relatively few
organizations are prepared. One can only conclude that when the inevitable tide of
attacks on the device infrastructure rises, it will likely end up costing us a lot more
than it should have.

©2010 Mocana 415.617.0055


www.mocana.com
Further Reading: Device Security in the News from Mocana’s DeviceLINE Blog: mocana.com/blog

FasTrak or FastHACK? Latest Cell Phone Worm Tricks Users Voice Encryption Comes to Blackberry
September 30th, 2008 February 23rd, 2009 May 15th, 2009
http://mocana.com/blog/2008/09/30/fastrak-or-fasthack/ http://mocana.com/blog/2009/02/23/latest-cell-phone- http://mocana.com/blog/2009/05/15/voice-encryption-
worm-tricks-users/ comes-to-blackberry/
Cisco Moves to Plug Router Software Flaws
October 6th, 2008 Netbook Web Surfers Beware Star Trek Security Lessons
http://mocana.com/blog/2008/10/06/cisco-moves-to-plug- March 9th, 2009 May 15th, 2009
router-software-flaws/ http://mocana.com/blog/2009/03/09/netbook-web-surfers- http://mocana.com/blog/2009/05/15/star-trek-security-
beware/ lessons/
How Much Do You Really Know About (SSH) Security?
October 6th, 2008 SCADA Under Fire… Again. InformationWeek: 3G Security Coming Along, But…
http://mocana.com/blog/2008/10/06/how-much-do-you- March 9th, 2009 June 1st, 2009
really-know-about-ssh-security/ http://mocana.com/blog/2009/03/09/scada-under-fire-again/ http://mocana.com/blog/2009/06/01/informationweek-3g-
security-coming-along-but/
Traffic Lights Hacked in Los Angeles Who’s responsible for Mobile Security?
November 24th, 2008 March 23rd, 2009 DOE: First Smart Grid Security Standards
http://mocana.com/blog/2008/11/24/traffic-lights-hacked- http://mocana.com/blog/2009/03/23/who%e2%80%99s- June 1st, 2009
in-los-angeles/ responsible-for-mobile-security/ http://mocana.com/blog/2009/06/01/doe-first-smart-grid-
security-standards/
Nokia and the Internet of Things Wireless Access Points Get Wireless Access Points Get
December 5th, 2008 Sneaky Great Netbooks! Free Malware Included.
http://mocana.com/blog/2008/12/05/nokia-and-the-internet- March 23rd, 2009 June 1st, 2009
of-things/ http://mocana.com/blog/2009/03/23/wireless-access- http://mocana.com/blog/2009/06/01/great-netbooks-free-
points-get-wireless-access-points-get-sneaky/ malware-included/
Embedded Technologies On Ice
December 5th, 2008 Consumer (and Hacker) Friendly Buggy Breathalyzer Bounces Boozers
http://mocana.com/blog/2008/12/05/embedded- March 23rd, 2009 June 1st, 2009
technologies-on-ice/ http://mocana.com/blog/2009/03/23/consumer-and-hacker- http://mocana.com/blog/2009/06/01/buggy-breathalyzer-
friendly/ bounces-boozers/
25C3: Serious Security Vulnerabilities in DECT Wireless
Telephony Pwn2Own, No Winners IP is the glue
January 12th, 2009 March 23rd, 2009 June 16th, 2009
http://mocana.com/blog/2009/01/12/25c3-serious-security- http://mocana.com/blog/2009/03/23/pwn2own-no-winners/ http://mocana.com/blog/2009/06/16/ip-is-the-glue/
vulnerabilities-in-dect-wireless-telephony/
Mobile Security’s “Big Rub” Selling to the Government and FIPS
Researcher Creates ‘Write Once, Run Anywhere’ Cisco March 23rd, 2009 July 21st, 2009
Hijacks http://mocana.com/blog/2009/03/23/mobile- http://mocana.com/blog/2009/07/21/selling-to-the-
January 12th, 2009 security%e2%80%99s-big-rub/ government-and-fips/
http://mocana.com/blog/2009/01/12/researcher-creates-
write-once-run-anywhere-cisco-hijacks/ Smart Grid, Smarter Hackers Once More, With Feeling: Don’t Use WPA for Wireless
April 6th, 2009 Security
The Five Coolest Hacks of 2008 http://mocana.com/blog/2009/04/06/smart-grid-smarter- August 28th, 2009
January 12th, 2009 hackers/ http://mocana.com/blog/2009/08/28/once-more-with-
http://mocana.com/blog/2009/01/12/the-five-coolest-hacks- feeling-dont-use-wpa-for-wireless-security/
of-2008/ Reinfected BIOS with every Reboot
April 6th, 2009 Security in Wireless Sensor Networks
New Mobile Malware Silently Transfers Account Credit http://mocana.com/blog/2009/04/06/reinfected-bios-with- September 21st, 2009
February 9th, 2009 every-reboot/ http://mocana.com/blog/2009/09/21/mocana-byline-
http://mocana.com/blog/2009/02/09/new-mobile-malware- security-in-wireless-sensor-networks/
silently-transfers-account-credit/ Malware hijacks 100,000 home routers into Botnet
April 6th, 2009 WALL STREET JOURNAL
Building Firewalls for Embedded Systems http://mocana.com/blog/2009/04/06/malware-hijacks- Off-the-shelf mobile devices becoming government-issue
February 9th, 2009 100000-home-routers-into-botnet/ standard
http://mocana.com/blog/2009/02/09/building-firewalls-for- September 21st, 2009
embedded-systems/ Spies Hack into US Electricity Grid http://mocana.com/blog/2009/09/21/wall-street-journal-
April 17th, 2009 off-the-shelf-mobile-devices-becoming-government-issue-
Zombie Crossing? http://mocana.com/blog/2009/04/17/spies-hack-into-us- standard/
February 9th, 2009 electricity-grid/
http://mocana.com/blog/2009/02/09/zombie-crossing/ Skype VoIP: Who’s listening in?
Intel/GE and Next-Generation Home Health Technologies September 21st, 2009
“War Cloning — It’s the New Hacker Sport,” April 17th, 2009 http://mocana.com/blog/2009/09/21/skype-voip-whos-
February 9th, 2009 http://mocana.com/blog/2009/04/17/intelge-and-next- listening-in/
http://mocana.com/blog/2009/02/09/war-cloning-its-the- generation-home-health-technologies/
new-hacker-sport/ Is Your Office Printer Secure?
The (not-so) Dumb Adversary September 21st, 2009
French Fighter Planes Grounded by Virus! May 4th, 2009 http://mocana.com/blog/2009/09/21/is-your-office-printer-
February 9th, 2009 http://mocana.com/blog/2009/05/04/the-not-so-dumb- secure/
http://mocana.com/blog/2009/02/09/french-fighter-planes- adversary/
grounded-by-virus/ TI Calculators: Master Keys Cracked
Conficker Infects Critical Medical Devices October 6th, 2009
Do You Know Where Your Phone is? May 4th, 2009 http://mocana.com/blog/2009/10/06/ti-calculators-master-
February 23rd, 2009 http://mocana.com/blog/2009/05/04/conficker-infects- keys-cracked/
http://mocana.com/blog/2009/02/23/do-you-know-where- critical-medical-devices/
your-phone-is/ NIST Publishes Security Standards for Smart Grid Devices
2009’s Five Most Dangerous Attacks October 6th, 2009
Hackers Take Aim at Smartphones May 4th, 2009 http://mocana.com/blog/2009/10/06/nist-publishes-
February 23rd, 2009 http://mocana.com/blog/2009/05/04/2009s-five-most- security-standards-for-smart-grid-devices/
http://mocana.com/blog/2009/02/23/hackers-take-aim-at- dangerous-attacks/
smartphones/

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 21


Company Forced to Give Up Source Under GPL iPhone Worm has 2 Million Targets New Technology to Connect The Internet of Things
October 6th, 2009 November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/10/06/company-forced-to- http://mocana.com/blog/2009/11/16/iphone-worm-has-2- http://mocana.com/blog/2010/01/10/new-technology-to-
give-up-source-under-gpl/ million-targets/ connect-the-internet-of-things/

Clobbering the Cloud Integrity for Implanted Medical Devices? Expert Warns of Industrial Control Security Risks
October 12th, 2009 November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/10/12/clobbering-the-cloud/ http://mocana.com/blog/2009/11/16/integrity-for- http://mocana.com/blog/2010/01/10/expert-warns-of-
implanted-medical-devices/ industrial-control-security-risks/
Hacking robots to turn into murderous gangs… more
news at 11 Cavium Buys MontaVista Fed Certified Flash Drives Easily Hacked
October 12th, 2009 November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/10/12/hacking-robots-to- http://mocana.com/blog/2009/11/16/cavium-buys- http://mocana.com/blog/2010/01/10/fed-certified-flash-
turn-into-murderous-gangs-more-news-at-11/ montavista/ drives-easily-hacked/

Current trends in cyber attacks on mobile and embedded Cell DDoS Attacks Imminent Cybersecurity of Airport Scanners Still Up in the Air
systems November 22nd, 2009 January 10th, 2010
October 18th, 2009 http://mocana.com/blog/2009/11/22/cell-ddos-attacks- http://mocana.com/blog/2010/01/10/cybersecurity-of-
http://mocana.com/blog/2009/10/18/mocana-bylinecurrent- imminent/ airport-scanners-still-up-in-the-air/
trends-in-cyber-attacks-on-mobile-and-embedded-systems/
Twitter Hacked via SSL Flaw Mobile Market Poised for Massive Expansion
So You Think You Can Hack? November 22nd, 2009 January 10th, 2010
October 18th, 2009 http://mocana.com/blog/2009/11/22/twitter-hacked-via- http://mocana.com/blog/2010/01/10/mobile-market-poised-
http://mocana.com/blog/2009/10/18/so-you-think-you- ssl-flaw/ for-massive-expansion/
can-hack/
The Body-Area-Network: Wide Open Smart Grid Security Need Grows Urgent
President Obama declares October as National November 22nd, 2009 January 17th, 2010
Cybersecurity Awareness Month http://mocana.com/blog/2009/11/22/the-body-area- http://mocana.com/blog/2010/01/17/smart-grid-security-
October 18th, 2009 network-wide-open/ need-grows-urgent/
http://mocana.com/blog/2009/10/18/video-president-
obama-declares-october-as-national-cybersecurity- Newer, Nastier iPhone Worm Spreads Google Hacked by Serious Pros
awareness-month/ November 23rd, 2009 January 17th, 2010
http://mocana.com/blog/2009/11/23/newer-nastier-iphone- http://mocana.com/blog/2010/01/17/google-hacked-by-
Thousands of Unsecured Devices Found worm-spreads/ serious-pros/
October 26th, 2009
http://mocana.com/blog/2009/10/26/thousands-of- Mobile Devices Not Enterprise-ready. Yet. Moscow Billboard Hacked with Adult Content
unsecured-devices-found/ December 8th, 2009 January 17th, 2010
http://mocana.com/blog/2009/12/08/mobile-devices-not- http://mocana.com/blog/2010/01/17/moscow-billboard-
Opening the “Closed Circuit” enterprise-ready-yet/ hacked-with-adult-content/
October 26th, 2009
http://mocana.com/blog/2009/10/26/opening-the-closed- Another Top Security Exec Warns of Mobile Industry Crypto Flaws Found in Smart Meter Chips
circuit/ Vulnerability January 24th, 2010
December 8th, 2009 http://mocana.com/blog/2010/01/24/crypto-flaws-found-in-
Cable Customers Open to Attacks http://mocana.com/blog/2009/12/08/another-top-security- smart-meter-chips/
October 26th, 2009 exec-warns-of-mobile-industry-vulnerability/
http://mocana.com/blog/2009/10/26/cable-customers- First Smart Grid Standards Guide Issued
open-to-attacks/ The Automated Home — Coming Soon to a Neighborhood January 24th, 2010
Near You http://mocana.com/blog/2010/01/24/first-smart-grid-
Mobile Devices Leaking Their Own Crypto Keys December 8th, 2009 standards-guide-issued/
October 26th, 2009 http://mocana.com/blog/2009/12/08/the-automated-home-
http://mocana.com/blog/2009/10/26/mobile-devices- coming-soon-to-a-neighborhood-near-you/ Popular Portable Router Easily Hacked
leaking-their-own-crypto-keys/ January 24th, 2010
Kicking the Tires on Google’s Chrome OS http://mocana.com/blog/2010/01/24/popular-portable-
Feds Putting the “Smart” Cart Before the Horse? December 8th, 2009 router-easily-hacked/
November 3rd, 2009 http://mocana.com/blog/2009/12/08/kicking-the-tires-on-
http://mocana.com/blog/2009/11/03/feds-putting-the- googles-chrome-os/ Expert Warns of Enterprise Security Risks Posed by
smart-cart-before-the-horse/ Smartphones
FedEx Packages Sending Packets of Their Own February 4th, 2010
CONFERENCE SUMMARY: December 14th, 2009 http://mocana.com/blog/2010/02/04/expert-warns-of-
2009 Control Systems Security Conference http://mocana.com/blog/2009/12/14/fedex-packages- enterprise-security-risks-posed-by-smartphones/
November 3rd, 2009 sending-packets-of-their-own/
http://mocana.com/blog/2009/11/03/conference- Despite Warnings, KitchenAid.com Remains Infected with
summary2009-control-systems-security-conference/ Attacks on SCADA Equipment Up 37% in 2009 Malware
December 14th, 2009 February 4th, 2010
Hackable Factories http://mocana.com/blog/2009/12/14/attacks-on-scada- http://mocana.com/blog/2010/02/04/despite-warnings-
November 8th, 2009 equipment-up-37-in-2009/ kitchenaid-com-remains-infected-with-malware/
http://mocana.com/blog/2009/11/08/hackable-factories/
FPGAs Vulnerable to Power Analysis Hacks? Are Cyber-spies Tracking You Across The Border?
Tech Heavyweights in Secret Crash Program to Fix December 14th, 2009 February 4th, 2010
Serious SSL Flaw http://mocana.com/blog/2009/12/14/fpgas-vulnerable-to- http://mocana.com/blog/2010/02/04/are-cyber-spies-
November 8th, 2009 power-analysis-hacks/ tracking-you-across-the-border/
http://mocana.com/blog/2009/11/08/tech-heavyweights-in-
secret-crash-program-to-fix-serious-ssl-flaw/ The Best of the Internet of Things, 2009 Ensuring Security of Military Embedded Systems
December 14th, 2009 February 4th, 2010
4 Doors, Dual Airbags, 100 Million Lines of Code http://mocana.com/blog/2009/12/14/the-best-of-the- http://mocana.com/blog/2010/02/04/ensuring-security-of-
November 8th, 2009 internet-of-things-2009/ military-embedded-systems/
http://mocana.com/blog/2009/11/08/4-doors-dual-airbags-
100-million-lines-of-code/ U.S. Military Surveillance Drones Hacked Malicious App Found in Android Marketplace
December 16th, 2009 February 4th, 2010
Delivering Phone Fixes Over the Air http://mocana.com/blog/2009/12/16/breaking-news-u-s- http://mocana.com/blog/2010/02/04/malicious-app-found-
November 16th, 2009 military-surveillance-drones-hacked/ in-android-marketplace/
http://mocana.com/blog/2009/11/16/delivering-phone-
fixes-over-the-air/

©2010 Mocana 415.617.0055


www.mocana.com
Smart Dust: Coming Soon (Security Not Included). Android Phone Now Shipping With Malware Pre-Installed Security Industry Experts Warn of Enterprise IT
February 9th, 2010 March 8th, 2010 Weaknesses
http://mocana.com/blog/2010/02/09/smart-dust-coming- http://mocana.com/blog/2010/03/08/android-phone-now- April 5th, 2010
soon-security-not-included/ shipping-with-malware-pre-installed/ http://mocana.com/blog/2010/04/05/security-industry-
experts-warn-of-enterprise-it-weaknesses/
Critical Infrastructure Under Persistent Attack Serious Flaw Found in OpenSSL
February 9th, 2010 March 8th, 2010 Understanding “The Internet of Things”
http://mocana.com/blog/2010/02/09/critical-infrastructure- http://mocana.com/blog/2010/03/08/serious-flaw-found- April 7th, 2010
under-persistent-attack/ in-openssl/ http://mocana.com/blog/2010/04/07/understanding-the-
internet-of-things/
Cable Modems Make for Easy Hacking Cyber-skimmers Stealing Credit Cards at the Gas Pump
February 9th, 2010 March 16th, 2010 AT&T Wants Everything Online
http://mocana.com/blog/2010/02/09/cable-modems-make- http://mocana.com/blog/2010/03/16/cyber-skimmers- April 7th, 2010
for-easy-hacking/ stealing-credit-cards-at-the-gas-pump/ http://mocana.com/blog/2010/04/07/att-wants-everything-
online/
Successful Attack on TPM Cybercriminals Stalking and Eavesdropping with Cell
February 9th, 2010 Phone Software Security Patching Now Necessary Every Week
http://mocana.com/blog/2010/02/09/successful-attack- March 16th, 2010 April 7th, 2010
on-tpm/ http://mocana.com/blog/2010/03/16/cybercriminals- http://mocana.com/blog/2010/04/07/security-patching-
stalking-and-eavesdropping-with-cell-phone-software/ now-necessary-every-week/
Smart Grid Security Spending to Jump to $3.7B
February 15th, 2010 FDA Investigates Dangerous Insulin Pump Malfunctions Medical Devices Hacked
http://mocana.com/blog/2010/02/15/smart-grid-security- March 16th, 2010 April 8th, 2010
spending-to-jump-to-3-7b/ http://mocana.com/blog/2010/03/16/fda-investigates- http://mocana.com/blog/2010/04/08/medical-devices-
dangerous-insulin-pump-malfunctions/ hacked/
Cisco Projects Mobile Traffic to Grow to >3.6 Exabytes
per Month. The Expanding Machine-to-Machine Sector New Wireless Standard for Medical Devices
February 15th, 2010 March 22nd, 2010 April 12th, 2010
http://mocana.com/blog/2010/02/15/cisco-projects-mobile- http://mocana.com/blog/2010/03/22/the-expanding- http://mocana.com/blog/2010/04/12/new-wireless-
traffic-to-grow-to-3-6-exabytes-per-month/ machine-to-machine-sector/ standard-for-medical-devices/

Cordless Phone Crypto Hacked Blogger: Security Mainstream Still Ignorant of Security Medical Device Malfunctions Cost Company Millions
February 15th, 2010 Problems in Industrial Controls & Embedded Devices April 12th, 2010
http://mocana.com/blog/2010/02/15/cordless-phone- March 22nd, 2010 http://mocana.com/blog/2010/04/12/medical-device-
crypto-hacked/ http://mocana.com/blog/2010/03/22/blogger-security- malfunctions-cost-company-millions/
mainstream-still-ignorant-of-security-problems-in-industrial-
Cars With (Many) Minds of Their Own? controls-embedded-devices/ Will Update Make iPhone Enterprise-ready?
February 15th, 2010 April 13th, 2010
http://mocana.com/blog/2010/02/15/cars-with-many- Project costs 60x higher when security addressed late in http://mocana.com/blog/2010/04/13/will-update-make-
minds-of-their-own/ the development cycle – IOActive Study iphone-enterprise-ready/
March 22nd, 2010
Smartphone Hacks Paid $15,000 Per http://mocana.com/blog/2010/03/22/project-costs-60x- Security Expert Warns of Potential Economic Attack
February 22nd, 2010 higher-when-security-addressed-late-in-the-development- April 14th, 2010
http://mocana.com/blog/2010/02/22/smartphone-hacks- cycle-ioactive-study/ http://mocana.com/blog/2010/04/14/security-expert-warns-
paid-15000-per/ of-potential-economic-attack/
Over 100 Cars Remote Attacked by Disgruntled Hacker
25 Errors that Leave Software Vulnerable to Attack March 22nd, 2010 Industrial Control Systems Hit by Malware
February 22nd, 2010 http://mocana.com/blog/2010/03/22/over-100-cars-remote- April 15th, 2010
http://mocana.com/blog/2010/02/22/25-errors-the-leave- attacked-by-disgruntled-hacker/ http://mocana.com/blog/2010/04/15/industrial-control-
software-vulnerable-to-attack/ systems-hit-by-malware/
Will iPad be Secure Enough for the Enterprise?
Symantec to Vouch for Phone Apps March 29th, 2010 Google Readies Cloud Printing
February 28th, 2010 http://mocana.com/blog/2010/03/29/will-ipad-be-secure- April 18th, 2010
http://mocana.com/blog/2010/02/28/symantec-to-vouch- enough-for-the-enterprise/ http://mocana.com/blog/2010/04/18/google-readies-cloud-
for-phone-apps/ printing/
New “Sniffer” Hijacks Wireless Data, Sends Rogue
Experts Warn of National Cybersecurity Weakness Commands Workplace Gaming Threatens Enterprise Security
February 28th, 2010 March 30th, 2010 April 20th, 2010
http://mocana.com/blog/2010/02/28/experts-warn-of- http://mocana.com/blog/2010/03/30/new-sniffer-hijacks- http://mocana.com/blog/2010/04/20/workplace-gaming-
national-cybersecurity-weakness/ wireless-data-sends-rogue-commands/ threatens-enterprise-security/

Rutgers Study Roots Smartphones VIDEO: A New Look at The Internet of Things New Smart Grid Security Document Released
February 28th, 2010 March 30th, 2010 April 25th, 2010
http://mocana.com/blog/2010/02/28/rutgers-study-roots- http://mocana.com/blog/2010/03/30/video-a-new-look-at- http://mocana.com/blog/2010/04/25/new-smart-grid-
smartphones/ the-internet-of-things/ security-document-released/

Experts Warn of Smart Grid Security Weakness Major Security Flaws Found in Smart Meters Shrill Verizon Slams Security Whistleblowers
March 8th, 2010 March 30th, 2010 April 26th, 2010
http://mocana.com/blog/2010/03/08/experts-warn-of- http://mocana.com/blog/2010/03/30/major-security-flaws- http://mocana.com/blog/2010/04/26/shrill-verizon-slams-
smart-grid-security-weakness/ found-in-smart-meters/ security-whistleblowers/

Android Platform Quickly Growing Beyond Phones, iPad Not Yet Available. But Already Hacked? Microsoft Researcher Recommends Password Tattoos for
Security Concerns Remain March 30th, 2010 Pacemakers
March 8th, 2010 http://mocana.com/blog/2010/03/30/ipad-not-yet-available- April 27th, 2010
http://mocana.com/blog/2010/03/08/android-platform- but-already-hacked/ http://mocana.com/blog/2010/04/27/microsoft-researcher-
quickly-growing-beyond-phones-security-concerns-remain/ recommends-password-tattoos-for-pacemakers/
Connected Devices to Reach 1 Trillion
British Press Execs in Phone Hacking Conspiracy March 30th, 2010 Fraudulent Card Readers Skim Customer Data
March 8th, 2010 http://mocana.com/blog/2010/03/30/connected-devices-to- April 28th, 2010
http://mocana.com/blog/2010/03/08/british-press-execs-in- reach-1-trillion/ http://mocana.com/blog/2010/04/28/fraudulent-card-
phone-hacking-conspiracy/ readers-skim-customer-data/
iPod Your Hotrod
April 5th, 2010
http://mocana.com/blog/2010/04/05/ipod-your-hotrod/

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 23


Medical Device Malfunction Case Continues Secure E-Medical Records Now Available on iPhone, iPad Malware Discovered in Olympus Digital Cameras
April 28th, 2010 May 23rd, 2010 June 15th, 2010
http://mocana.com/blog/2010/04/28/medical-device- http://mocana.com/blog/2010/05/23/secure-e-medical- http://mocana.com/blog/2010/06/15/malware-discovered-
malfunction-case-continues/ records-now-available-on-iphone-ipad/ in-olympus-digital-cameras/

Researchers Find Ways to Track and Spy on Mobile Ex-Intel Exec Funds Medical Engineering Program Windows Mobile Malware Targets Gamers
Phones, Legally May 23rd, 2010 June 16th, 2010
April 28th, 2010 http://mocana.com/blog/2010/05/23/ex-intel-exec-funds- http://mocana.com/blog/2010/06/16/mobile-malware-
http://mocana.com/blog/2010/04/28/researchers-find- medical-engineering-program/ targets-windows-gamers/
ways-to-track-and-spy-on-mobile-phones-legally/
Designing Medical Device Antennae for Top Performance Intel Fields Prototype Home Appliance Controller
Create Your Own Cellphone Network May 25th, 2010 June 17th, 2010
May 2nd, 2010 http://mocana.com/blog/2010/05/25/designing-medical- http://mocana.com/blog/2010/06/17/intel-develops-smart-
http://mocana.com/blog/2010/05/02/create-your-own- device-antennae-for-top-performance/ energy-monitoring-prototype/
cellphone-network/
Man “Infects” Himself with Computer Virus Nice Work if You Can Get It: Security Retrofit for 800
House Votes to Secure Energy Grid May 26th, 2010 Million Smart Meters?
May 3rd, 2010 http://mocana.com/blog/2010/05/26/man-infects-himself- June 20th, 2010
http://mocana.com/blog/2010/05/03/house-votes-to- with-computer-virus/ http://mocana.com/blog/2010/06/20/smart-meter-rollouts-
secure-energy-grid/ continue-despite-major-security-concerns/
Bugs Leave Buildings’ Critical Systems Vulnerable
New Bluetooth Coming To Your Wristwatch May 26th, 2010 Juniper Exec: 4G Devices Bringing Malware with Speed
May 3rd, 2010 http://mocana.com/blog/2010/05/26/bugs-leave-buildings- June 21st, 2010
http://mocana.com/blog/2010/05/03/new-bluetooth- critical-systems-vulnerable/ http://mocana.com/blog/2010/06/21/4g-smartphones-
coming-to-your-wristwatch/ deliver-higher-speeds-new-security-concerns/
Spy Games In Cyberspace
Getting Bigger Things from Smaller Processors May 31st, 2010 Android Platform Sees First Military Application
May 3rd, 2010 http://mocana.com/blog/2010/05/31/spy-games-in- June 22nd, 2010
http://mocana.com/blog/2010/05/03/getting-bigger-things- cyberspace/ http://mocana.com/blog/2010/06/22/android-platform-sees-
from-smaller-processors/ first-military-application/
Nearly Half of TVs Will Ship With Internet By 2013
New Embedded Device Security Specs Now Online For May 31st, 2010 Anti-Virus Software To Become Required for Internet
Comment http://mocana.com/blog/2010/05/31/nearly-half-of-tvs-will- Access?
May 3rd, 2010 ship-with-internet-by-2013/ June 24th, 2010
http://mocana.com/blog/2010/05/03/new-embedded- http://mocana.com/blog/2010/06/24/anti-virus-software-to-
device-security-specs-now-online-for-comment/ VA Medical Devices Infected With Malware become-required-for-internet-access/
June 2nd, 2010
Jailbreak Your iPad http://mocana.com/blog/2010/06/02/va-medical-devices- Smart Heart Devices in Development
May 4th, 2010 infected-with-malware/ June 27th, 2010
http://mocana.com/blog/2010/05/04/jailbreak-your-ipad/ http://mocana.com/blog/2010/06/27/smart-heart-devices-
New Android Apps for Wiretap-proof Communications in-development/
Connected Glucose Meter Scores Points For Kids June 6th, 2010
May 5th, 2010 http://mocana.com/blog/2010/06/06/new-android-apps-for- Buyer Beware: Android Security Study Cautions Users
http://mocana.com/blog/2010/05/05/connected-glucose- wiretap-proof-communications/ June 28th, 2010
meter-scores-points-for-kids/ http://mocana.com/blog/2010/06/28/buyer-beware-android-
UK Researches Develop “Holy Grail” of Cryptography security-study-cautions-users/
VIDEO: Huge Security Risk Found In Digital Copiers June 7th, 2010
May 6th, 2010 http://mocana.com/blog/2010/06/07/uk-researches- Billions Slated for Smart Grid Security
http://mocana.com/blog/2010/05/06/video-huge-security- develop-holy-grail-of-cryptography/ June 29th, 2010
risk-found-in-digital-copiers/ http://mocana.com/blog/2010/06/29/billions-slated-for-
Tech Giant Hands Out Malware at Security Conference smart-grid-security/
New Protocol Addresses RFID Vulnerability June 7th, 2010
May 9th, 2010 http://mocana.com/blog/2010/06/07/tech-giant-hands-out- The Evolution of Mobile Threats
http://mocana.com/blog/2010/05/09/new-protocol- malware-at-security-conference/ June 30th, 2010
addresses-rfid-vulnerability/ http://mocana.com/blog/2010/06/30/the-evolution-of-
FBI Warns of Growing Mobile Malware Threat mobile-threats/
U.S. Army Plans for Wider Drone Use June 8th, 2010
May 10th, 2010 http://mocana.com/blog/2010/06/08/experts-warn-of- New Smart Grid Security Draft Released
http://mocana.com/blog/2010/05/10/u-s-army-plans-for- growing-mobile-app-dangers/ July 1st, 2010
wider-drone-use/ http://mocana.com/blog/2010/07/01/new-smart-grid-
iPad Security Breach Embarrasses Apple, AT&T security-draft-released/
FDA Sets Tighter Standards For Medical Devices June 9th, 2010
May 12th, 2010 http://mocana.com/blog/2010/06/09/ipad-security-breach- iTunes Store Hacked by Rogue Developer
http://mocana.com/blog/2010/05/12/fda-sets-tighter- creates-privacy-concerns/ July 5th, 2010
standards-for-medical-devices/ http://mocana.com/blog/2010/07/05/itunes-store-hacked-
Ford’s Planned “App Store for Cars” Raises Security by-rogue-developer/
Serious Security Risks Found in Modern Cars Concerns
May 13th, 2010 June 10th, 2010 Understanding EAX’ Smart Grid Security
http://mocana.com/blog/2010/05/13/breaking-news- http://mocana.com/blog/2010/06/10/high-tech-cars-create- July 6th, 2010
serious-security-risks-found-in-modern-cars/ new-security-concerns/ http://mocana.com/blog/2010/07/06/understanding-eax-
smart-grid-security/
Hacker Plans to Unveil ATM Rootkit 60 MINUTES: Devices Controlling National Infrastructure
May 17th, 2010 Have Already Been Hacked 50 Arrests Made in Smartphone Spyware Probe
http://mocana.com/blog/2010/05/17/hacker-plans-to-unveil- June 13th, 2010 July 7th, 2010
atm-rootkit/ http://mocana.com/blog/2010/06/13/former-government- http://mocana.com/blog/2010/07/07/50-arrests-made-in-
officials-warn-of-national-vulnerabilities/ smartphone-spyware-probe/
Depsite IT, Industrial and Utility Security Still Weak
May 17th, 2010 Software Glitch in Respirator Device Kills Minnesota Government Introduces “Perfect Citizen”
http://mocana.com/blog/2010/05/17/depsite-it-industrial- Woman July 8th, 2010
and-utility-security-still-weak/ June 14th, 2010 http://mocana.com/blog/2010/07/08/federal-surveillance-
http://mocana.com/blog/2010/06/14/womans-death- program-to-monitor-critical-infrastructure/
USAF Unveils “Cyberspace” Badge caused-by-possible-software-malfunction/
May 18th, 2010
http://mocana.com/blog/2010/05/18/usaf-unveils-
cyberspace-badge/

©2010 Mocana 415.617.0055


www.mocana.com
Imagining Cyber-Warfare
July 11th, 2010
http://mocana.com/blog/2010/07/11/imagining-cyber-warfare/

Everything You Ever Wanted To Know About Mobile App Development


July 12th, 2010
http://mocana.com/blog/2010/07/12/everything-you-ever-wanted-to-know-about-mobile-app-development/

FBI Reveals Telephony Denial of Service Scam


July 14th, 2010
http://mocana.com/blog/2010/07/14/fbi-reveals-telephony-denial-of-service-scam/

Mobile Subscriptions Surge to 5 Billion


July 15th, 2010
http://mocana.com/blog/2010/07/15/mobile-subscriptions-surge-to-5-billion/

Replacing Batteries With Radio Waves


July 18th, 2010
http://mocana.com/blog/2010/07/18/replacing-batteries-with-radio-waves/

This Mobile Phone Will Self-Destruct


July 19th, 2010
http://mocana.com/blog/2010/07/19/this-mobile-phone-will-self-destruct/

Google and Blackberry Get Upgraded Security


July 20th, 2010
http://mocana.com/blog/2010/07/20/google-and-blackberry-get-upgraded-security/

A Smart Grid Reference Library


July 21st, 2010
http://mocana.com/blog/2010/07/21/a-smart-grid-reference-library/

Apple Leads the Pack in Security Bugs


July 26th, 2010
http://mocana.com/blog/2010/07/26/apple-leads-the-pack-in-security-bugs/

Millions of Home Routers Vulnerable to Hackers


July 27th, 2010
http://mocana.com/blog/2010/07/27/millions-of-home-routers-vulnerable-to-hackers/

Sophisticated Malware Exploits Zero-Day Vulnerability, Targets Industrial Systems


July 28th, 2010
http://mocana.com/blog/2010/07/28/sophisticated-malware-exploits-zero-day-vulnerability-targets-industrial-systems/

Citi Group Finds Flaw in Mobile App


July 29th, 2010
http://mocana.com/blog/2010/07/29/citi-group-finds-flaw-in-mobile-app/

BlackBerry Ban Coming to United Arab Emirates, Saudi Arabia


August 1st, 2010
http://mocana.com/blog/2010/08/01/blackberry-ban-coming-to-united-arab-emirates-saudi-arabia/

Apple Security Breach Allows for Total Unauthorized iPhone Access


August 2nd, 2010
http://mocana.com/blog/2010/08/02/apple-security-breach-allows-for-total-unauthorized-iphone-access/

Robbed At The Pump — Literally!


August 3rd, 2010
http://mocana.com/blog/2010/08/03/robbed-at-the-pump-literally/

BP Spill Related to Control System Cyber Incidents


August 4th, 2010
http://mocana.com/blog/2010/08/04/bp-spill-related-to-control-system-cyber-incidents/

From The Internet of Computers to The Internet of Things


August 5th, 2010
http://mocana.com/blog/2010/08/05/from-the-internet-of-computers-to-the-internet-of-things/

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 25


ABOUT MOCANA

Mocana secures the “Internet of Things”— the 20 billion smartphones,


datacom, smartgrid, federal, consumer, industrial and medical devices
that connect across every sector of our economy. These devices already
outnumber PC’s on the Internet by five to one, representing a $900
billion market that’s growing twice as fast as the PC market. Every
day, millions of people use products sold by over 100 companies that
leverage Mocana’s Device Integrity software, including Dell, Cisco,
Honeywell, General Electric, General Dynamics, Avaya, Nortel Networks,
Harris and Radvision, among others. Mocana won Frost & Sullivan’s
Technology Innovation of the Year award for 2008 for Device Security,
and was named to the Red Herring Global 100 as one of the “top 100
privately-held technology companies in the world” in January 2009.

ABOUT THE AUTHOR


Kurt R. Stammberger, CISSP

Kurt Stammberger is a certified information systems security


professional (CISSP) and Mocana’s VP of Marketing. He has spent most
of his career around security and cryptography technologies, with over
20 years of experience in the industry. He joined cryptography startup
RSA Security as employee #7, where he led their marketing organization
for eight years, helped launch spin-off company VeriSign, and created
the brand for the technology that now protects virtually every electronic
commerce transaction on the planet. Together with Jim Bidzos, Mr.
Stammberger founded the annual RSA Conference, the world’s largest
gathering of computer security professionals, which draws over
25,000 people to events in the United States, Europe and Japan. He
also founded Coda Creative, an award-winning technology marketing
firm that focused on security startups, and served as VP of Content &
Services for consumer healthcare startup Vimo.com. Mr. Stammberger
holds a BS in Mechanical Engineering from Stanford University, and an
MS in Management from the Stanford Graduate School of Business,
where he was an Alfred P. Sloan Fellow. He can be reached at
kurt@mocana.com or by calling Mocana at 415 617 0055.

©2010 Mocana 415.617.0055


www.mocana.com