By: Candid Wueest, Software Engineer at Symantec
At this year’s Google I/O developer conference, the technology giant shared its vision of a connected world where smart watches, smartphones, cars, laptops, televisions, and thermostats all interact seamlessly with one another. Of course, central to this vision was one of the conference’s main themes, the idea of Android everywhere and on every device. However, while all this is very exciting and filled with possibility, this new wave of devices and capabilities will spur on a race to develop more contextually aware and voice-enabled apps on the Android operating system (OS) – which, as a platform, has been a popular target for attackers.
Google’s next version of Android to be released, referred to as Android L, comes with many new features and capabilities. There are also a few noteworthy security updates. Google representatives emphasized that they are taking security seriously and are now offering security updates that will be pushed out every six weeks for the Android OS through the Google Play Service. This means that issues, such as the recent OpenSSL vulnerability, can be fixed for most devices in a timely manner, reducing the attack window.
With the greater degree of automation that comes with wearable devices, there also comes an increased risk that the device could be tricked into performing an undesired action from the background. This was demonstrated last year by the QR code vulnerability and, more recently, by the seemingly harmless Xbox One commercial that demoed some of the console’s voice control features and caused people’s consoles to actually turn on; luckily that was all it did. However, the coalescence of the different devices in the Internet of Things (IoT) is a definite trend. Therefore, it is no surprise that the IoT is piquing the interest of cybercriminals who are constantly looking for new ways to make money.
We recommend that users of any new devices, including smartwatches, smartphones, TVs, and cars:
- Ensure that software is up-to-date and update any passwords or other authentication features from their factory settings
- Verify privacy settings and understand what is happening to your data
- Verify before installing new applications that they are downloaded from a trusted source and that the requested permissions make sense