Updated: Jul 12, 2021
Any responsible CTO would want their company’s devices to be free of flaws- but the only way to avoid having to deal with device security flaws in 2021 would be to simply not have any devices at all. No matter how much you try, there’s no way to completely prepare in advance for what device security flaws become targets in 2021.
This is to say that you need to put a wide range of defenses in place to protect your devices; this way, no matter what becomes a threat to your organisation, you will have countermeasures ready. Reading this article will be a great start in knowing what threats are currently major issues.
Pre-Installed Malware on Android devices
Many device security flaws surface on older devices, but it’s alarming to think that a major threat could emerge right at the moment you receive a device- and that such a threat would be impossible to remove.
According to MalwareByte’s 2020 State of Malware Report, privacy-violating malware has come pre-installed out-of-the-box on an increasing number of smart devices.
According to MalwareByte’s 2020 State of Malware Report, privacy-violating malware has come pre-installed out-of-the-box on an increasing number of smart devices. Malicious actors convince smart device manufacturers to include their apps by default on their devices, when those apps are in fact malware. Worse, these apps may be essential to the device functioning properly, meaning the device security flaws they bring cannot be removed or neutralised without the help of the manufacturer.
This is most likely to occur on budget devices, whose manufacturers use third-party applications rather than developing applications in-house. This trend has gone so far as to impact devices subsidised by the US government for low-income citizens. Manufacturers can address these device security flaws after-the-fact, but for millions of Android device users, the damage will already have been done.
How to Prepare
The most obvious safeguard against pre-installed malware is researching device purchases extensively in advance. In particular, if a device’s core applications (such as settings and software update software) belong to a third party, you should carefully scrutinise the security of those applications.
“Watering hole” exploits and government malware on Apple devices
For many years, proponents of Apple’s iOS devices have lauded the operating system’s airtight security. This reputation came under fire in 2019, after a series of high-profile security breaches exposed iOS device security flaws. Together, they ensure that both malicious agents and digital safety experts will focus on iOS devices for much of 2021.
In mid-2019, a group of websites found a way to install malware on iPhones that accessed those sites (known as “watering holes”).
First, in mid-2019, a group of websites found a way to install malware on iPhones that accessed those sites (known as “watering holes”). Experts speculated that a government-affiliated organisation launched this attack- but unlike other efforts of this kind, this one used device security flaws to compromise thousands of people, rather than a few specific targets.
Months later, a form of malware known as “Krampus” manifested as ads on seemingly legitimate websites; “Krampus” would hijack iPhone users’ browsers, potentially reading their data as they did so. Krampus is unique for exclusively targeting iPhones and iPhones alone, demonstrating that exploiting iOS device security flaws can be a lucrative market.
How to Prepare
Make sure to integrate your organisation’s iPhones into whatever management solution you use- including that solution’s security and lockdown features. If your company’s iPhones are compromised, neutralising and quarantining them is essential.
Media Playing and Audiovisual Surveillance with Smart TVs
Smart TVs- TVs which feature apps and other functionality in line with those seen on smartphones- have become quite popular. For example, among millenials with broadband internet, around half own a smart TV. Smart TVs and companion devices, including TV sticks like Chromecast, have also secured a place in many businesses as a form of digital signage.
If a smart TV is equipped with a camera and microphone, malicious actors may be able to access them, and use them to spy on device owners.
Given the prevalence of these devices, it’s disconcerting that they are open to a range of device security flaws. For one, hackers can use exploits to play media of their choice from vulnerable devices. The ways this can be applied range from the potentially embarrassing- such as playing specific YouTube videos without the consent of the device owner– to the sinister- such as having smart TVs issue commands to Amazon Echo smart assistants, thereby disabling house security and making unauthorised purchases.
Even worse, if a smart TV is equipped with a camera and microphone, malicious actors may be able to access them, and use them to spy on device owners. This is exacerbated by the fact that manufacturers may only release security updates infrequently, leaving device security flaws at the mercy of whoever has devised new tactics in the meantime.
How to Prepare
As mentioned above, device security flaws in smart TVs and related devices at least partially stem from outdated firmware. Before purchasing these kinds of devices for your organisation, take the time to check the frequency with which a given manufacturer updates their devices, and invest only in those that do consistently keep their products updated.
Virtual reality headsets provide a unique way of experiencing digital content, immersing users in the world that appears around them. It should come as no surprise that some virtual reality device security flaws exist- but the disturbing implications of this kind of security exploit may surprise you.
VICE reports that researchers have identified vulnerabilities in virtual reality chat rooms that let malicious actors commandeer the devices of anyone who enters those chat rooms. Once a malicious actor succeeds in controlling the device of someone who visits that chat room, that actor can manipulate the auditory and visual streams that the user experiences, quite literally changing their reality. Plus, because the vulnerability is based on accessing a chatroom, hackers can spread invitations to compromised chat rooms via hacked devices, resulting in an exponentially increasing number of device security flaws.
VICE reports that researchers have identified vulnerabilities in virtual reality chat rooms that let malicious actors commandeer the devices of anyone who enters those chat rooms.
VR and its sister technology, augmented reality, will only become more immersive in the near future; in late 2019, researchers unveiled “epidermic VR,” an elaborate network of actuators to convey touch sensations in VR. Therefore, it’s essential to address device security flaws now, rather than later, when the potential distress caused by hijacking a VR experience will grow only greater.
How to Prepare
Employing a unified endpoint management solution to manage your devices can help, as UEM providers like 42Gears have integrated support for VR devices into their software, securing them along with every other device in your network.
Windows 7 Holdovers pose major security risks
At the beginning of 2020, Microsoft stopped supporting Windows 7 with the intent of pushing users to upgrade to Windows 10, thereby alleviating Windows 7 device security flaws. This was followed by Microsoft ending support for Office 2010 software in October of 2020. Given that around 200 million devices likely ran Windows 7 at the beginning of 2020, many enterprises have surely been impacted.
Without a way to safeguard against malicious actors, and with a large number of users happy to use outdated software, Windows 7 computers will only gain more device security flaws, and attract the attention of more hackers than ever before, as time goes on.
Although Microsoft does offer enterprises continued support through an extended support program, its pricing increases substantially year-on-year so as to encourage migration to current Windows 10 software. Without a way to safeguard against malicious actors, and with a large number of users happy to use outdated software, Windows 7 computers will only gain more device security flaws, and attract the attention of more hackers than ever before, as time goes on.
How to Prepare
As Microsoft suggests, upgrading to Windows 10 is the best way to fix device security flaws related to Windows 7. If you ask each employee to update their own devices, it is very hard to guarantee that everyone has complied. 42Gears’ SureMDM software includes tools to integrate Windows 7 devices into your network, and from there, to easily update them from the central SureMDM console.
Perhaps the most important fact for CTOs to consider is the sheer range of devices on which major device security flaws exist. For this reason, it’s essential to have a platform that can handle all of these kinds of devices at the same time. Unified endpoint management software, like SureMDM by 42Gears, makes this possible. By pushing updates to any kind of device remotely, you can ensure that devices have the latest security updates.