Summer 2010

Device Security
Report

Mobile & Smart Device

Security Survey 2010:
Concern Grows as Vulnerable Devices Proliferate,
Smartphones are the Tip of the Iceberg

By:
Kurt Stammberger, CISSP
Mocana

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104
415-617-0055 Phone | 866-213-1273 Toll Free
info@mocana.com | www.mocana.com
Copyright © 2010 Mocana Corp.
EXECUTIVE SUMMARY
Respondents to our 2010 Mobile & Smart Device
Security Survey recognize the quickly growing world of
connected smart devices — the Internet of Things — and
acknowledge that device security problems are not only
inevitable, but potentially serious. 71% of our respondents
expect a serious incident arising from attacks on, or
problems with, connected smart devices within the next
24 months. Additionally, 65% report that attacks against
their smart devices already require the regular attention
of their IT staff, or will start requiring it this year. In fact,
23% of organizations surveyed already repel device
attacks at least once monthly, while 10% must do so on a
daily basis.
Despite this level of awareness, results show that
relatively few organizations are prepared for today’s
device security problems and those that lie ahead. Less
than half of respondents described their organizations
as having “completely” or “mostly” adequate resources
dedicated to protecting themselves from attacks targeting
INTRODUCTION
Methodology & Demographics
PCs are no longer the dominant form of computing. By
far, most “computers,” and most nodes on the Internet
are now non-PC smart devices—an “Internet of Things.”
In the next few years, as this trend accelerates and
everyday gadgets and machines of every imaginable type
connect, security threats to individuals and society at
large are likely to grow substantially. But how real is this
threat to those actually creating the device ecosystem?
And to what extent are these organizations actually
preparing for it?
non-PC, connected devices. Yet over 57% responded that
their device security budgets would either be “staying the
same”, “decreasing” or “decreasing substantially.”
We can see from these results that there is a growing
awareness of the urgency of the security threats that face
our expanding world of smart devices. The incredibly
popular smartphone market has likely aided this
awareness — 77% of our respondents report that they’re
concerned about mobile phone security. Protective
measures, however, are lagging while new categories of
smart devices continue to connect to networks across the
globe. With virus attacks (just one category of the greater
ecosystem of device threats) — and the defenses against
them — already costing businesses billions each year,
now is the time to address smart device security head-on.
Mocana distributed this survey via e-mail in July, 2010
to its internal database of over 11,000 professionals
who have expressed an interest in learning more about
“smart devices”—the 20 billion mobile, datacom,
smartgrid, federal, consumer, industrial and medical
non-PC devices that connect across every sector of our
economy.
MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 1
 What kind of
business is your
company in?

What
kind of
networked
devices
does your
company
use (or
make)?
Check all
that apply.

The 269 self-selecting respondents came from
a variety of industries, with particular
concentrations in manufacturing (including
computers, electronics and telecom equipment);
professional, scientific, and technical services; and
information (including software publishing).
Our survey (unsurprisingly) confirms the
increasing pervasiveness of non-PC, connected
devices within business settings. Over two-thirds
of respondents reported the use of smartphones,
network printers, routers and datacom equipment
at their companies while over half said their
company used VoIP devices or networked
building security features (such as digital cameras
and computerized electronic locks). As might
be anticipated in a survey of a population of
individuals connected to Mocana, a substantial
percentage of respondents—much larger than
would be anticipated among IT professionals
in general - participate in the actual creation or
marketing of these connected “smart devices.”

©2010 Mocana 415.617.0055

www.mocana.com
Selected Organizations Represented in Survey

6Connex Captech Ventures Fujitsu

A.L.M. Associates Centers for Disease Control Garrettcom
ABB CDH Adventures GE Sensing & Inspection
ADVA Optical Networking NA, Inc Certivox Genesee Isd
AES Cisco Systems GEP Washington
Alamjaad Est. Cnisf GMV
Alcorn Mcbride Inc. Comcast Cable Goodrich Corp
Alsim Comtech Aha Corp Graham Consulting
Ambient Condoplex Monitoring Systems Green Hills Software
Amy Sa Conocophillips General Services Administration
Anchiva Systems Conscious Security Guidewire Software Ltd
Anna University Cornwall College Harris Corporation
Anova Cosmo Hewlett-Packard Company
Appliance Innovation, Inc. CTS Hitachi Medical Systems America, Inc.
Applied Signal Technology, Inc. Cyclone Solutions HITK
Arc Kannur Data Respons Norge As Hologic
Arcadian Networks Inc. Data Track Honeywell
Arictocrat Techologies Dell Huawei Technologies Co.Nig.Ltd
Aselsan A.S. Dexter Magnetic Technologies IBJ Llc
AT&T Digicore India Ghandi Center for Atomic Research
Avaya Diversified Labs Imagination Technologies
Avnet DSO National Labs Infineta Systems
Bat Gsd DSR Management Inc Instituto Nazionale di Fisica Nucleare Italia
Berker Gmbh EC Joint Research Centre Innovasmith
Best Buy Edventure Inso4U
Blackmore EIG Consulting Intel
Blade Network Tech. Einfochips Limited Internetassist
Bmcc EIP Elektronika Co. Interphase Corporation
Boeing Elektron Irdeto
Bosch Security Systems Embassy Jands Pty Ltd
Boston Engineering EMC Corp Karpagam College Of Engineeing
Bridgeco Software Services India Pvt. Ltd EMD Kearfott Corp Msd
Broadband Consulting ENE Legg Mason
Brush Ford Motor Company Legrand Home Systems
Buttery Network Services Fortinet Lenard Engineering, Inc.
Cache-A Corporation Fox Electronics Library Of Congress
Calsoft Labs Freescale Semiconductor Lockheed Martin
Cannon Design Fremont Pd Lund University
Canon Communications Frontier Communications Mantech International Corporation

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 3

Marvell Semiconductor, Inc. Progeny Systems ThyssenKrupp Elevadores
Medical Telecomm Prometheus TigerDirect, Inc.
Metatechnic Systems Proteus Tinker London
Metric Group Ltd Proto6 Trak Engineering
Micro Technology Services Quatech Trapeze ITS
Mindray Medical Radvision U.S. Government
Montagem E Manutençao Eletrica RB & Associates UC Berkeley
Montavista Software Renault Pars University of Georgia
More Fun Technologies, Llc Rockwell Automation University Of Helsinki
Morgan Ruckus Wireless Universidad De Belgrano
Motorola RV College Of Engineering Universidad Tecnológica De Pereira
Narda-STS Samsung University Of Limerick
National Informatics Centre Sandia National Laboratories University Of Minnesota
NetIQ Santa Clara University University Of Phoenix
Netresearch Schenck Trebel US Army
Netrino Sertek Inc. US Department of Agriculture
Netsuite Shan Dong University Utah Transit Authority
Network360 Sharp UWBT
NextGen GES Soft Servo Valeo
Niams - NIH Solustan, Inc. Vector Magnetics
Nokia Space Systems Loral Vengear, Inc.
Northrop Grumman Spacelabs Healthcare Vicom Systems
Network Technologies Inc. Spark Integration Technologies Inc Vista Microsystems
Nucleus Technologies Society of Petroleum Engineers Visteon Corp
Nudesign Technologies Inc. SRA International Von Braun Center
Omnitron Stoneridge Wernher Von Braun Labs
Op-Pohjola Group Stonesoft Wi-Tech Consulting
Oracle Corporation Strategi Coakley Winvale
Packer Engineering Strong Mind Designs Wipro Technologies
Panasonic Symantec Xenterra
Penspen International Ltd Technoware Xerox
Pentreed Communications Llc Tekcomm Xylenes Software
Philips Health Care Telcel Xytronix Research & Design, Inc
PKI Engineering Teleca Zeal Interactive Pvt. Ltd.
Playboy Enterprises, Inc. Tennant Company Zippan
PMC-Sierra Tesla Laboratories
Polycom Canada Ltd Texas A&M University
Potts Engineering & Consulting Thai Airways
Prism Clinical Imaging, Inc. The Winvale Group

©2010 Mocana 415.617.0055

www.mocana.com
71% expect
a serious
incident arising
from attacks
on, or problems
with, connected
smart devices
within the next
24 months
(page 8)

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 5

©2010 Mocana 415.617.0055
www.mocana.com
SECTION 1
Perceptions of the Threat to Smart Devices

Understanding the Need for Device Security

The survey found that in the context of this rapidly expanding connected device
ecosystem, there is a strong awareness of the range of potential security threats
these devices face. A significant percentage of businesses surveyed said that attacks
on smart devices have already impacted their business operations.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 7

 Are you concerned about the security
of mobile phones?

Considering your peers in your

industry, how would you characterize
your industry’s level of AWARENESS of
threats to connected, non-PC devices?

In your personal opinion, when do you

expect to NEXT hear about a serious
security incident in your industry,
arising from attacks on, or problems
with, connected, non-PC devices?

More than 76% of respondents said they were
“concerned” or “very concerned” about the
security of mobile phones. Only about
1 person in 20 said that they were “not very”
or “not at all” concerned about this issue.
But when we asked our survey subjects
to comment on their industry as a whole,
less than half of respondents felt that their
own industry has a “high” or “very high”
awareness of the threats to smart devices
like mobile phones. Still, the vast majority
anticipate a serious attack involving smart
devices—and soon. Over 80 percent of
respondents anticipate that a “serious
security incident” involving non-PC devices
within their line of business is imminent, and
more than half believe that incident would
probably occur sometime this year. (For
the purposes of the survey, we defined a
“serious incident” as one causing a personal
injury or death, a service outage of at least 8
hours, the loss of more than $100,000, or the
compromise of more than 1,000 records of
sensitive information).

©2010 Mocana 415.617.0055

www.mocana.com
65% say
that attacks
against their
non-PC smart
devices already
require the regular
attention of their
IT staff, or will
start requiring it
this year.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 9

©2010 Mocana 415.617.0055
www.mocana.com
Over 94 percent of respondents report that attacks on non-
PC smart devices will inevitably require the regular attention
of their company’s IT/security staff. Over 60% believe this is
required this year, while nearly one-third believe that such
attention is required immediately. In our opinion, this is one
of the most surprising results of the survey, and the finding
that may have one of the most immediate impacts on the
bottom line of any organization.

As far as the types of problems that are anticipated with

devices, our respondents seem to feel that several avenues
of attack are likely. Most are expecting that their connected
devices will be subject to attacks from viruses and
malware, trojans or ”imposter” updates and phishing, and
eavesdropping, sniffers, and data leakage.

What types of attacks do you

think your connected devices
will need to repel in the next
24 months? (Multiple answers
allowed).

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 11

 When do you think attacks
against non-PC connected
devices are going to start to
require the regular attention of
your IT or security staff?
Who do you think should be
PRIMARILY responsible for
delivering (selling or building-
in) security features for mobile
phones?
©2010 Mocana
www.mocana.com
Device Makers & OS Vendors:
On the Hook
While our survey subjects were largely in
agreement about the need for IT staffs to
start taking mobile device security threats
seriously, our subjects were divided on who
should be held responsible for making security
features available in the first place. When
asked “who do you think should be primarily
responsible for delivering security features for
mobile phones,” our responders were almost
evenly split between the device maker (for
example, Samsung), and the OS vendor (for
example, Google). The carrier and security
software specialists came in a distant third and
fourth. The technology-savvy executives and
individuals among our sample seem to exhibit
a certain expectation that their security features
should come already “baked in” to the device
when they buy it—a marked departure from the
expectations of PC and workstation buyers of a
decade ago.
415.617.0055
SECTION 2
Device Security Impacting Business Operations

Our survey found that while most anticipate that most device attacks are yet to come, many
have already experienced first-hand the consequences of device security breaches. More than
two-thirds of respondents reported that device security issues have already disrupted their IT
networks, with more than one-third reporting “some” or “serious” operational impact from
these security incidents.

Almost a quarter of respondents with When it came to the types of attacks

knowledge of their company’s patching
procedures report that patches focused on
remediating device security issues are applied
to their company’s systems at least monthly
— and in some cases weekly or even daily.
experienced (or patched against), viruses and
malware (unsurprisingly) came out on top.
But trojans and so-called “imposter
updates”—where malicious code is delivered
down to a device, masquerading as a
legitimate software update—came in a close
second.

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 13

 Has your organization ever
had to apply a security patch
for a non-PC device, or ever
encountered a security issue
with any of your connected,
non-PC devices, including
printers, smartphones,
routers or other devices
like the ones mentioned
previously?

Respondents without knowledge

of patching procedures excluded.

Have those security

issues (or the
responses required
to avoid them)
ever impacted your
business operations in
some way?

What type of attacks did your

devices experience (or, what
type of attacks were the
patches you applied designed
to avert)? Multiple responses
allowed. (Respondents
stating “unsure” have been
excluded).

©2010 Mocana 415.617.0055

www.mocana.com
SECTION 3
Devices and the “Dangerfield Paradox”
Over the past year, analysts and technology press have
forwarded the notion that attacks originally targeting
PCs will almost certainly be retargeted towards the
comparatively defenseless device infrastructure. These
same analysts have noted that traditional PC security
approaches are rarely practical for the tight systems
environments that are typical of today’s smart devices. So
the device security problem will be, in the words of one
device expert, a “tough nut to crack.” Consider too that
industry experts frequently assert that smart devices often
perform more critical roles in our power, medical and
transportation infrastructure, so that a device failure or
compromise is felt more acutely than that of a PC glitch.
While attacks on devices are increasing exponentially,
they are still just a fraction of the millions of attacks
targeting PCs every day. Therefore, device security issues
haven’t received much attention in the press—or in the
boardroom. So despite the inevitability, importance, and
difficulty of solving the problem, devices aren’t getting
much respect: a “Dangerfield Paradox”. Our respondents
make it clear that virtually all industry segments are
eagerly connecting new devices to their networks, but
aren’t yet demanding much security from their device
vendors, or applying much add-on security software after
the fact. But like everything else on the Internet, this is
likely to change—and quickly—as the connected device
population grows into the double-digit billions.
MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 15
 Considering your industry
as a whole, how would you
characterize your industry’s
vulnerability to attacks on their
connected devices?
Only 14% of respondents believe that
their industry’s vulnerability to attacks on
connected devices has decreased over
the past year. When looking at overall
preparedness for security threats to
connected devices, we found that over 40%
consider their own companies unprepared
for device threats. Less than 12% of
In your opinion, does your
respondents described their organizations organization dedicate enough
as having “completely” adequate resources resources to protect its
dedicated to protecting themselves from networks and information
from attacks and malware
attacks targeting non-PC, connected devices. targeting DEVICES that
Yet over three-quarters of our subjects said aren’t PCs (printers, routers,
that their device security budget would be smartphones, etc)?
increasing or at least staying steady this
year - significant in a recession when most IT
budgets are being cut.

Here’s where the survey got down to brass

tacks. We asked our subjects to tell us
how much they would be willing to pay to
“properly secure” their smartphones. Not
surprisingly, our respondents said that
their business organization would (or does
already) pay much more on a per phone,
per month basis than they personally would
be willing to pay for the same services as
individual consumers.
As far as you know, how
would you characterize your
organization’s security budget,
especially as it pertains to
guarding against attacks
directed at non-PC devices
like printers, smartphones and
network appliances?

How much do you

think your organization
would (or does)
pay per month to
properly secure its BUSINESS AVERAGE: PERSONAL AVERAGE:
fleet of smartphones? $2.22 per phone/month* $1.44 per phone/month*
Pertaining to your
personal smartphone,
how much would you
pay as a consumer?

*For averaging purposes, responses

of “Less than $1” were calculated
at $0.50, while responses of “$6 or
more” were calculated at $6.50.

©2010 Mocana 415.617.0055

www.mocana.com
SECTION 4
Solving the Device Security Problem
With products ranging from medical devices, office
printers, smartphones and household appliances,
to smart grid utility meters, security cameras and
industrial controls; securing the Internet of Things
is going to be a challenge. It’s not as simple as
using an off-the-shelf software program to protect
a PC. Device platforms are as varied as the devices
themselves, often consisting of proprietary
software coded over many years to run in very
specific environments for cars, dishwashers, and
televisions. Each device, each manufacturer has
slightly different needs. Processor limitations,
memory constraints, battery life and a slew of other
constraints and idiosyncrasies peculiar to device
environments conspire to make device security a
nontrivial undertaking.
There are widely recognized “best practices”
approaches to guarding the security of devices
and the data they shepherd. Our survey asked
respondents to opine first about the devices their
company USES, and later about the devices their
company MAKES or sells. When it came to devices
that a company uses in-house, on-device and
link encryption was by far the most “wished for”
security feature, garnering more than double the
number of responses as the second-most popular
security feature: Authenticated Code Updates and
Booting. Results were similar when respondents
were asked about devices that their company,
themselves, made or sold.
“Smartphones” are a subset of the larger “smart
devices ecosystem”—the collection of all non-PC
computers that communicate via Internet Protocol.
When we focus our responders on the smart phone
subset of smart devices, and ask them about what
attack types concern them the most, their answers
change in interesting ways.
Also, when we rephrase the question to focus on
the organizations “unaddressed needs” specific to
smartphone (as opposed to the device ecosystem
holistically), priorities seem to shift somewhat. We
invite you to see the charts at right, and draw your
own conclusions.
MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 17
 What type of attacks against
SMARTPHONES concern you
the most? (Multiple responses
allowed).

Of the measures you

DON’T use yet, which
ones do you think your
organization should
apply NEXT to devices.
(Multiple responses
allowed).

What do you think are your

organization’s most pressing
UNADDRESSED NEEDS when
it comes to the security of the
smartphones you use? (Multiple
responses allowed).

©2010 Mocana 415.617.0055

www.mocana.com
 (If your company builds or sells
devices) — Are you planning to
introduce security-centric cloud
services for your devices?

Apps, The Cloud & Devices

Nearly one-third of device

manufacturers surveyed report that
their organizations are planning
HOW USEFUL would it be
to introduce security-centric cloud to your company to be able
services for their devices. That’s to deliver (or subscribe to)
customized, ad-hoc security
not surprising, considering that
services to your company’s
over 80% of our respondents devices…from the cloud?
said that such a cloud-delivered
security service for their connected
devices would be “very” or at least
“somewhat” useful.

So-called “app stores” for mobile

phones are proliferating, and we
found that a surprisingly large
segment of our sample worked
for organizations that either have,
Lots of companies develop their
or are planning to deploy their own software for internal use.
own internal “app stores” for their Does your company yet offer
employees. Almost a quarter of its own internal MOBILE “app
store” or app repository?
our respondents said that their
companies either had, or soon
would have, an “app repository.”

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 19

CONCLUSION
Headlong, Into the Future

Virus attacks on PCs used to cost American organizations nothing. They were too
infrequent, and of too little consequence. Then everything changed.

Virus attacks — and the global defense against them — now cost businesses billions
every year. And viruses are just one category of the threat in an ecosystem that
steals, spends, wastes, invests and destroys hundreds of billions of dollars annually.
Our respondents acknowledge the fast emergence of the Internet of Things and see
device security problems as inevitable and potentially serious. Because they are so
closely integrated with our critical infrastructure, device security problems are even
more likely than PC problems to result in physical consequences. But relatively few
organizations are prepared. One can only conclude that when the inevitable tide of
attacks on the device infrastructure rises, it will likely end up costing us a lot more
than it should have.

©2010 Mocana 415.617.0055

www.mocana.com
Further Reading: Device Security in the News from Mocana’s DeviceLINE Blog: mocana.com/blog

FasTrak or FastHACK? Latest Cell Phone Worm Tricks Users Voice Encryption Comes to Blackberry
September 30th, 2008 February 23rd, 2009 May 15th, 2009
http://mocana.com/blog/2008/09/30/fastrak-or-fasthack/ http://mocana.com/blog/2009/02/23/latest-cell-phone- http://mocana.com/blog/2009/05/15/voice-encryption-
worm-tricks-users/ comes-to-blackberry/
Cisco Moves to Plug Router Software Flaws
October 6th, 2008 Netbook Web Surfers Beware Star Trek Security Lessons
http://mocana.com/blog/2008/10/06/cisco-moves-to-plug- March 9th, 2009 May 15th, 2009
router-software-flaws/ http://mocana.com/blog/2009/03/09/netbook-web-surfers- http://mocana.com/blog/2009/05/15/star-trek-security-
beware/ lessons/
How Much Do You Really Know About (SSH) Security?
October 6th, 2008 SCADA Under Fire… Again. InformationWeek: 3G Security Coming Along, But…
http://mocana.com/blog/2008/10/06/how-much-do-you- March 9th, 2009 June 1st, 2009
really-know-about-ssh-security/ http://mocana.com/blog/2009/03/09/scada-under-fire-again/ http://mocana.com/blog/2009/06/01/informationweek-3g-
security-coming-along-but/
Traffic Lights Hacked in Los Angeles Who’s responsible for Mobile Security?
November 24th, 2008 March 23rd, 2009 DOE: First Smart Grid Security Standards
http://mocana.com/blog/2008/11/24/traffic-lights-hacked- http://mocana.com/blog/2009/03/23/who%e2%80%99s- June 1st, 2009
in-los-angeles/ responsible-for-mobile-security/ http://mocana.com/blog/2009/06/01/doe-first-smart-grid-
security-standards/
Nokia and the Internet of Things Wireless Access Points Get Wireless Access Points Get
December 5th, 2008 Sneaky Great Netbooks! Free Malware Included.
http://mocana.com/blog/2008/12/05/nokia-and-the-internet- March 23rd, 2009 June 1st, 2009
of-things/ http://mocana.com/blog/2009/03/23/wireless-access- http://mocana.com/blog/2009/06/01/great-netbooks-free-
points-get-wireless-access-points-get-sneaky/ malware-included/
Embedded Technologies On Ice
December 5th, 2008 Consumer (and Hacker) Friendly Buggy Breathalyzer Bounces Boozers
http://mocana.com/blog/2008/12/05/embedded- March 23rd, 2009 June 1st, 2009
technologies-on-ice/ http://mocana.com/blog/2009/03/23/consumer-and-hacker- http://mocana.com/blog/2009/06/01/buggy-breathalyzer-
friendly/ bounces-boozers/
25C3: Serious Security Vulnerabilities in DECT Wireless
Telephony Pwn2Own, No Winners IP is the glue
January 12th, 2009 March 23rd, 2009 June 16th, 2009
http://mocana.com/blog/2009/01/12/25c3-serious-security- http://mocana.com/blog/2009/03/23/pwn2own-no-winners/ http://mocana.com/blog/2009/06/16/ip-is-the-glue/
vulnerabilities-in-dect-wireless-telephony/
Mobile Security’s “Big Rub” Selling to the Government and FIPS
Researcher Creates ‘Write Once, Run Anywhere’ Cisco March 23rd, 2009 July 21st, 2009
Hijacks http://mocana.com/blog/2009/03/23/mobile- http://mocana.com/blog/2009/07/21/selling-to-the-
January 12th, 2009 security%e2%80%99s-big-rub/ government-and-fips/
http://mocana.com/blog/2009/01/12/researcher-creates-
write-once-run-anywhere-cisco-hijacks/ Smart Grid, Smarter Hackers Once More, With Feeling: Don’t Use WPA for Wireless
April 6th, 2009 Security
The Five Coolest Hacks of 2008 http://mocana.com/blog/2009/04/06/smart-grid-smarter- August 28th, 2009
January 12th, 2009 hackers/ http://mocana.com/blog/2009/08/28/once-more-with-
http://mocana.com/blog/2009/01/12/the-five-coolest-hacks- feeling-dont-use-wpa-for-wireless-security/
of-2008/ Reinfected BIOS with every Reboot
April 6th, 2009 Security in Wireless Sensor Networks
New Mobile Malware Silently Transfers Account Credit http://mocana.com/blog/2009/04/06/reinfected-bios-with- September 21st, 2009
February 9th, 2009 every-reboot/ http://mocana.com/blog/2009/09/21/mocana-byline-
http://mocana.com/blog/2009/02/09/new-mobile-malware- security-in-wireless-sensor-networks/
silently-transfers-account-credit/ Malware hijacks 100,000 home routers into Botnet
April 6th, 2009 WALL STREET JOURNAL
Building Firewalls for Embedded Systems http://mocana.com/blog/2009/04/06/malware-hijacks- Off-the-shelf mobile devices becoming government-issue
February 9th, 2009 100000-home-routers-into-botnet/ standard
http://mocana.com/blog/2009/02/09/building-firewalls-for- September 21st, 2009
embedded-systems/ Spies Hack into US Electricity Grid http://mocana.com/blog/2009/09/21/wall-street-journal-
April 17th, 2009 off-the-shelf-mobile-devices-becoming-government-issue-
Zombie Crossing? http://mocana.com/blog/2009/04/17/spies-hack-into-us- standard/
February 9th, 2009 electricity-grid/
http://mocana.com/blog/2009/02/09/zombie-crossing/ Skype VoIP: Who’s listening in?
Intel/GE and Next-Generation Home Health Technologies September 21st, 2009
“War Cloning — It’s the New Hacker Sport,” April 17th, 2009 http://mocana.com/blog/2009/09/21/skype-voip-whos-
February 9th, 2009 http://mocana.com/blog/2009/04/17/intelge-and-next- listening-in/
http://mocana.com/blog/2009/02/09/war-cloning-its-the- generation-home-health-technologies/
new-hacker-sport/ Is Your Office Printer Secure?
The (not-so) Dumb Adversary September 21st, 2009
French Fighter Planes Grounded by Virus! May 4th, 2009 http://mocana.com/blog/2009/09/21/is-your-office-printer-
February 9th, 2009 http://mocana.com/blog/2009/05/04/the-not-so-dumb- secure/
http://mocana.com/blog/2009/02/09/french-fighter-planes- adversary/
grounded-by-virus/ TI Calculators: Master Keys Cracked
Conficker Infects Critical Medical Devices October 6th, 2009
Do You Know Where Your Phone is? May 4th, 2009 http://mocana.com/blog/2009/10/06/ti-calculators-master-
February 23rd, 2009 http://mocana.com/blog/2009/05/04/conficker-infects- keys-cracked/
http://mocana.com/blog/2009/02/23/do-you-know-where- critical-medical-devices/
your-phone-is/ NIST Publishes Security Standards for Smart Grid Devices
2009’s Five Most Dangerous Attacks October 6th, 2009
Hackers Take Aim at Smartphones May 4th, 2009 http://mocana.com/blog/2009/10/06/nist-publishes-
February 23rd, 2009 http://mocana.com/blog/2009/05/04/2009s-five-most- security-standards-for-smart-grid-devices/
http://mocana.com/blog/2009/02/23/hackers-take-aim-at- dangerous-attacks/
smartphones/

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 21

Company Forced to Give Up Source Under GPL iPhone Worm has 2 Million Targets New Technology to Connect The Internet of Things
October 6th, 2009 November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/10/06/company-forced-to- http://mocana.com/blog/2009/11/16/iphone-worm-has-2- http://mocana.com/blog/2010/01/10/new-technology-to-
give-up-source-under-gpl/ million-targets/ connect-the-internet-of-things/

Clobbering the Cloud
October 12th, 2009
http://mocana.com/blog/2009/10/12/clobbering-the-cloud/
Hacking robots to turn into murderous gangs… more
news at 11
October 12th, 2009
http://mocana.com/blog/2009/10/12/hacking-robots-to-
turn-into-murderous-gangs-more-news-at-11/
Integrity for Implanted Medical Devices? Expert Warns of Industrial Control Security Risks
November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/11/16/integrity-for- http://mocana.com/blog/2010/01/10/expert-warns-of-
implanted-medical-devices/ industrial-control-security-risks/
Cavium Buys MontaVista Fed Certified Flash Drives Easily Hacked
November 16th, 2009 January 10th, 2010
http://mocana.com/blog/2009/11/16/cavium-buys- http://mocana.com/blog/2010/01/10/fed-certified-flash-
montavista/ drives-easily-hacked/

Current trends in cyber attacks on mobile and embedded
systems
October 18th, 2009
http://mocana.com/blog/2009/10/18/mocana-bylinecurrent-
trends-in-cyber-attacks-on-mobile-and-embedded-systems/
So You Think You Can Hack?
October 18th, 2009
http://mocana.com/blog/2009/10/18/so-you-think-you-
can-hack/
President Obama declares October as National
Cybersecurity Awareness Month
October 18th, 2009
http://mocana.com/blog/2009/10/18/video-president-
obama-declares-october-as-national-cybersecurity-
awareness-month/
Thousands of Unsecured Devices Found
October 26th, 2009
http://mocana.com/blog/2009/10/26/thousands-of-
unsecured-devices-found/
Opening the “Closed Circuit”
October 26th, 2009
http://mocana.com/blog/2009/10/26/opening-the-closed-
circuit/
Cable Customers Open to Attacks
October 26th, 2009
http://mocana.com/blog/2009/10/26/cable-customers-
open-to-attacks/
Mobile Devices Leaking Their Own Crypto Keys
October 26th, 2009
http://mocana.com/blog/2009/10/26/mobile-devices-
leaking-their-own-crypto-keys/
Feds Putting the “Smart” Cart Before the Horse?
November 3rd, 2009
http://mocana.com/blog/2009/11/03/feds-putting-the-
smart-cart-before-the-horse/
CONFERENCE SUMMARY:
2009 Control Systems Security Conference
November 3rd, 2009
http://mocana.com/blog/2009/11/03/conference-
summary2009-control-systems-security-conference/
Hackable Factories
November 8th, 2009
http://mocana.com/blog/2009/11/08/hackable-factories/
Tech Heavyweights in Secret Crash Program to Fix
Serious SSL Flaw
November 8th, 2009
http://mocana.com/blog/2009/11/08/tech-heavyweights-in-
secret-crash-program-to-fix-serious-ssl-flaw/
4 Doors, Dual Airbags, 100 Million Lines of Code
November 8th, 2009
http://mocana.com/blog/2009/11/08/4-doors-dual-airbags-
100-million-lines-of-code/
Delivering Phone Fixes Over the Air
November 16th, 2009
http://mocana.com/blog/2009/11/16/delivering-phone-
fixes-over-the-air/
Cell DDoS Attacks Imminent
November 22nd, 2009
http://mocana.com/blog/2009/11/22/cell-ddos-attacks-
imminent/
Twitter Hacked via SSL Flaw
November 22nd, 2009
http://mocana.com/blog/2009/11/22/twitter-hacked-via-
ssl-flaw/
The Body-Area-Network: Wide Open
November 22nd, 2009
http://mocana.com/blog/2009/11/22/the-body-area-
network-wide-open/
Newer, Nastier iPhone Worm Spreads
November 23rd, 2009
http://mocana.com/blog/2009/11/23/newer-nastier-iphone-
worm-spreads/
Mobile Devices Not Enterprise-ready. Yet.
December 8th, 2009
http://mocana.com/blog/2009/12/08/mobile-devices-not-
enterprise-ready-yet/
Another Top Security Exec Warns of Mobile Industry
Vulnerability
December 8th, 2009
http://mocana.com/blog/2009/12/08/another-top-security-
exec-warns-of-mobile-industry-vulnerability/
The Automated Home — Coming Soon to a Neighborhood
Near You
December 8th, 2009
http://mocana.com/blog/2009/12/08/the-automated-home-
coming-soon-to-a-neighborhood-near-you/
Kicking the Tires on Google’s Chrome OS
December 8th, 2009
http://mocana.com/blog/2009/12/08/kicking-the-tires-on-
googles-chrome-os/
FedEx Packages Sending Packets of Their Own
December 14th, 2009
http://mocana.com/blog/2009/12/14/fedex-packages-
sending-packets-of-their-own/
Attacks on SCADA Equipment Up 37% in 2009
December 14th, 2009
http://mocana.com/blog/2009/12/14/attacks-on-scada-
equipment-up-37-in-2009/
FPGAs Vulnerable to Power Analysis Hacks?
December 14th, 2009
http://mocana.com/blog/2009/12/14/fpgas-vulnerable-to-
power-analysis-hacks/
The Best of the Internet of Things, 2009
December 14th, 2009
http://mocana.com/blog/2009/12/14/the-best-of-the-
internet-of-things-2009/
U.S. Military Surveillance Drones Hacked
December 16th, 2009
http://mocana.com/blog/2009/12/16/breaking-news-u-s-
military-surveillance-drones-hacked/
Cybersecurity of Airport Scanners Still Up in the Air
January 10th, 2010
http://mocana.com/blog/2010/01/10/cybersecurity-of-
airport-scanners-still-up-in-the-air/
Mobile Market Poised for Massive Expansion
January 10th, 2010
http://mocana.com/blog/2010/01/10/mobile-market-poised-
for-massive-expansion/
Smart Grid Security Need Grows Urgent
January 17th, 2010
http://mocana.com/blog/2010/01/17/smart-grid-security-
need-grows-urgent/
Google Hacked by Serious Pros
January 17th, 2010
http://mocana.com/blog/2010/01/17/google-hacked-by-
serious-pros/
Moscow Billboard Hacked with Adult Content
January 17th, 2010
http://mocana.com/blog/2010/01/17/moscow-billboard-
hacked-with-adult-content/
Crypto Flaws Found in Smart Meter Chips
January 24th, 2010
http://mocana.com/blog/2010/01/24/crypto-flaws-found-in-
smart-meter-chips/
First Smart Grid Standards Guide Issued
January 24th, 2010
http://mocana.com/blog/2010/01/24/first-smart-grid-
standards-guide-issued/
Popular Portable Router Easily Hacked
January 24th, 2010
http://mocana.com/blog/2010/01/24/popular-portable-
router-easily-hacked/
Expert Warns of Enterprise Security Risks Posed by
Smartphones
February 4th, 2010
http://mocana.com/blog/2010/02/04/expert-warns-of-
enterprise-security-risks-posed-by-smartphones/
Despite Warnings, KitchenAid.com Remains Infected with
Malware
February 4th, 2010
http://mocana.com/blog/2010/02/04/despite-warnings-
kitchenaid-com-remains-infected-with-malware/
Are Cyber-spies Tracking You Across The Border?
February 4th, 2010
http://mocana.com/blog/2010/02/04/are-cyber-spies-
tracking-you-across-the-border/
Ensuring Security of Military Embedded Systems
February 4th, 2010
http://mocana.com/blog/2010/02/04/ensuring-security-of-
military-embedded-systems/
Malicious App Found in Android Marketplace
February 4th, 2010
http://mocana.com/blog/2010/02/04/malicious-app-found-
in-android-marketplace/

©2010 Mocana 415.617.0055

www.mocana.com
Smart Dust: Coming Soon (Security Not Included).
February 9th, 2010
http://mocana.com/blog/2010/02/09/smart-dust-coming-
soon-security-not-included/
Critical Infrastructure Under Persistent Attack
February 9th, 2010
http://mocana.com/blog/2010/02/09/critical-infrastructure-
under-persistent-attack/
Cable Modems Make for Easy Hacking
February 9th, 2010
http://mocana.com/blog/2010/02/09/cable-modems-make-
for-easy-hacking/
Successful Attack on TPM
February 9th, 2010
http://mocana.com/blog/2010/02/09/successful-attack-
on-tpm/
Smart Grid Security Spending to Jump to $3.7B
February 15th, 2010
http://mocana.com/blog/2010/02/15/smart-grid-security-
spending-to-jump-to-3-7b/
Cisco Projects Mobile Traffic to Grow to >3.6 Exabytes
per Month.
February 15th, 2010
http://mocana.com/blog/2010/02/15/cisco-projects-mobile-
traffic-to-grow-to-3-6-exabytes-per-month/
Cordless Phone Crypto Hacked
February 15th, 2010
http://mocana.com/blog/2010/02/15/cordless-phone-
crypto-hacked/
Cars With (Many) Minds of Their Own?
February 15th, 2010
http://mocana.com/blog/2010/02/15/cars-with-many-
minds-of-their-own/
Smartphone Hacks Paid $15,000 Per
February 22nd, 2010
http://mocana.com/blog/2010/02/22/smartphone-hacks-
paid-15000-per/
25 Errors that Leave Software Vulnerable to Attack
February 22nd, 2010
http://mocana.com/blog/2010/02/22/25-errors-the-leave-
software-vulnerable-to-attack/
Symantec to Vouch for Phone Apps
February 28th, 2010
http://mocana.com/blog/2010/02/28/symantec-to-vouch-
for-phone-apps/
Experts Warn of National Cybersecurity Weakness
February 28th, 2010
http://mocana.com/blog/2010/02/28/experts-warn-of-
national-cybersecurity-weakness/
Rutgers Study Roots Smartphones
February 28th, 2010
http://mocana.com/blog/2010/02/28/rutgers-study-roots-
smartphones/
Experts Warn of Smart Grid Security Weakness
March 8th, 2010
http://mocana.com/blog/2010/03/08/experts-warn-of-
smart-grid-security-weakness/
Android Platform Quickly Growing Beyond Phones,
Security Concerns Remain
March 8th, 2010
http://mocana.com/blog/2010/03/08/android-platform-
quickly-growing-beyond-phones-security-concerns-remain/
British Press Execs in Phone Hacking Conspiracy
March 8th, 2010
http://mocana.com/blog/2010/03/08/british-press-execs-in-
phone-hacking-conspiracy/
Android Phone Now Shipping With Malware Pre-Installed Security Industry Experts Warn of Enterprise IT
March 8th, 2010 Weaknesses
http://mocana.com/blog/2010/03/08/android-phone-now- April 5th, 2010
shipping-with-malware-pre-installed/ http://mocana.com/blog/2010/04/05/security-industry-
experts-warn-of-enterprise-it-weaknesses/
Serious Flaw Found in OpenSSL
March 8th, 2010 Understanding “The Internet of Things”
http://mocana.com/blog/2010/03/08/serious-flaw-found- April 7th, 2010
in-openssl/ http://mocana.com/blog/2010/04/07/understanding-the-
internet-of-things/
Cyber-skimmers Stealing Credit Cards at the Gas Pump
March 16th, 2010 AT&T Wants Everything Online
http://mocana.com/blog/2010/03/16/cyber-skimmers- April 7th, 2010
stealing-credit-cards-at-the-gas-pump/ http://mocana.com/blog/2010/04/07/att-wants-everything-
online/
Cybercriminals Stalking and Eavesdropping with Cell
Phone Software Security Patching Now Necessary Every Week
March 16th, 2010 April 7th, 2010
http://mocana.com/blog/2010/03/16/cybercriminals- http://mocana.com/blog/2010/04/07/security-patching-
stalking-and-eavesdropping-with-cell-phone-software/ now-necessary-every-week/
FDA Investigates Dangerous Insulin Pump Malfunctions Medical Devices Hacked
March 16th, 2010 April 8th, 2010
http://mocana.com/blog/2010/03/16/fda-investigates- http://mocana.com/blog/2010/04/08/medical-devices-
dangerous-insulin-pump-malfunctions/ hacked/
The Expanding Machine-to-Machine Sector New Wireless Standard for Medical Devices
March 22nd, 2010 April 12th, 2010
http://mocana.com/blog/2010/03/22/the-expanding- http://mocana.com/blog/2010/04/12/new-wireless-
machine-to-machine-sector/ standard-for-medical-devices/
Blogger: Security Mainstream Still Ignorant of Security Medical Device Malfunctions Cost Company Millions
Problems in Industrial Controls & Embedded Devices April 12th, 2010
March 22nd, 2010 http://mocana.com/blog/2010/04/12/medical-device-
http://mocana.com/blog/2010/03/22/blogger-security- malfunctions-cost-company-millions/
mainstream-still-ignorant-of-security-problems-in-industrial-
controls-embedded-devices/ Will Update Make iPhone Enterprise-ready?
April 13th, 2010
Project costs 60x higher when security addressed late in http://mocana.com/blog/2010/04/13/will-update-make-
the development cycle – IOActive Study iphone-enterprise-ready/
March 22nd, 2010
http://mocana.com/blog/2010/03/22/project-costs-60x- Security Expert Warns of Potential Economic Attack
higher-when-security-addressed-late-in-the-development- April 14th, 2010
cycle-ioactive-study/ http://mocana.com/blog/2010/04/14/security-expert-warns-
of-potential-economic-attack/
Over 100 Cars Remote Attacked by Disgruntled Hacker
March 22nd, 2010 Industrial Control Systems Hit by Malware
http://mocana.com/blog/2010/03/22/over-100-cars-remote- April 15th, 2010
attacked-by-disgruntled-hacker/ http://mocana.com/blog/2010/04/15/industrial-control-
systems-hit-by-malware/
Will iPad be Secure Enough for the Enterprise?
March 29th, 2010 Google Readies Cloud Printing
http://mocana.com/blog/2010/03/29/will-ipad-be-secure- April 18th, 2010
enough-for-the-enterprise/ http://mocana.com/blog/2010/04/18/google-readies-cloud-
printing/
New “Sniffer” Hijacks Wireless Data, Sends Rogue
Commands Workplace Gaming Threatens Enterprise Security
March 30th, 2010 April 20th, 2010
http://mocana.com/blog/2010/03/30/new-sniffer-hijacks- http://mocana.com/blog/2010/04/20/workplace-gaming-
wireless-data-sends-rogue-commands/ threatens-enterprise-security/
VIDEO: A New Look at The Internet of Things New Smart Grid Security Document Released
March 30th, 2010 April 25th, 2010
http://mocana.com/blog/2010/03/30/video-a-new-look-at- http://mocana.com/blog/2010/04/25/new-smart-grid-
the-internet-of-things/ security-document-released/
Major Security Flaws Found in Smart Meters Shrill Verizon Slams Security Whistleblowers
March 30th, 2010 April 26th, 2010
http://mocana.com/blog/2010/03/30/major-security-flaws- http://mocana.com/blog/2010/04/26/shrill-verizon-slams-
found-in-smart-meters/ security-whistleblowers/
iPad Not Yet Available. But Already Hacked? Microsoft Researcher Recommends Password Tattoos for
March 30th, 2010 Pacemakers
http://mocana.com/blog/2010/03/30/ipad-not-yet-available- April 27th, 2010
but-already-hacked/ http://mocana.com/blog/2010/04/27/microsoft-researcher-
recommends-password-tattoos-for-pacemakers/
Connected Devices to Reach 1 Trillion
March 30th, 2010 Fraudulent Card Readers Skim Customer Data
http://mocana.com/blog/2010/03/30/connected-devices-to- April 28th, 2010
reach-1-trillion/ http://mocana.com/blog/2010/04/28/fraudulent-card-
readers-skim-customer-data/
iPod Your Hotrod
April 5th, 2010
http://mocana.com/blog/2010/04/05/ipod-your-hotrod/
MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 23
Medical Device Malfunction Case Continues
April 28th, 2010
http://mocana.com/blog/2010/04/28/medical-device-
malfunction-case-continues/
Researchers Find Ways to Track and Spy on Mobile
Phones, Legally
April 28th, 2010
http://mocana.com/blog/2010/04/28/researchers-find-
ways-to-track-and-spy-on-mobile-phones-legally/
Create Your Own Cellphone Network
May 2nd, 2010
http://mocana.com/blog/2010/05/02/create-your-own-
cellphone-network/
House Votes to Secure Energy Grid
May 3rd, 2010
http://mocana.com/blog/2010/05/03/house-votes-to-
secure-energy-grid/
New Bluetooth Coming To Your Wristwatch
May 3rd, 2010
http://mocana.com/blog/2010/05/03/new-bluetooth-
coming-to-your-wristwatch/
Getting Bigger Things from Smaller Processors
May 3rd, 2010
http://mocana.com/blog/2010/05/03/getting-bigger-things-
from-smaller-processors/
New Embedded Device Security Specs Now Online For
Comment
May 3rd, 2010
http://mocana.com/blog/2010/05/03/new-embedded-
device-security-specs-now-online-for-comment/
Jailbreak Your iPad
May 4th, 2010
http://mocana.com/blog/2010/05/04/jailbreak-your-ipad/
Connected Glucose Meter Scores Points For Kids
May 5th, 2010
http://mocana.com/blog/2010/05/05/connected-glucose-
meter-scores-points-for-kids/
VIDEO: Huge Security Risk Found In Digital Copiers
May 6th, 2010
http://mocana.com/blog/2010/05/06/video-huge-security-
risk-found-in-digital-copiers/
New Protocol Addresses RFID Vulnerability
May 9th, 2010
http://mocana.com/blog/2010/05/09/new-protocol-
addresses-rfid-vulnerability/
U.S. Army Plans for Wider Drone Use
May 10th, 2010
http://mocana.com/blog/2010/05/10/u-s-army-plans-for-
wider-drone-use/
FDA Sets Tighter Standards For Medical Devices
May 12th, 2010
http://mocana.com/blog/2010/05/12/fda-sets-tighter-
standards-for-medical-devices/
Serious Security Risks Found in Modern Cars
May 13th, 2010
http://mocana.com/blog/2010/05/13/breaking-news-
serious-security-risks-found-in-modern-cars/
Hacker Plans to Unveil ATM Rootkit
May 17th, 2010
http://mocana.com/blog/2010/05/17/hacker-plans-to-unveil-
atm-rootkit/
Depsite IT, Industrial and Utility Security Still Weak
May 17th, 2010
http://mocana.com/blog/2010/05/17/depsite-it-industrial-
and-utility-security-still-weak/
USAF Unveils “Cyberspace” Badge
May 18th, 2010
http://mocana.com/blog/2010/05/18/usaf-unveils-
cyberspace-badge/
©2010 Mocana
www.mocana.com
Secure E-Medical Records Now Available on iPhone, iPad
May 23rd, 2010
http://mocana.com/blog/2010/05/23/secure-e-medical-
records-now-available-on-iphone-ipad/
Ex-Intel Exec Funds Medical Engineering Program
May 23rd, 2010
http://mocana.com/blog/2010/05/23/ex-intel-exec-funds-
medical-engineering-program/
Designing Medical Device Antennae for Top Performance
May 25th, 2010
http://mocana.com/blog/2010/05/25/designing-medical-
device-antennae-for-top-performance/
Man “Infects” Himself with Computer Virus
May 26th, 2010
http://mocana.com/blog/2010/05/26/man-infects-himself-
with-computer-virus/
Bugs Leave Buildings’ Critical Systems Vulnerable
May 26th, 2010
http://mocana.com/blog/2010/05/26/bugs-leave-buildings-
critical-systems-vulnerable/
Spy Games In Cyberspace
May 31st, 2010
http://mocana.com/blog/2010/05/31/spy-games-in-
cyberspace/
Nearly Half of TVs Will Ship With Internet By 2013
May 31st, 2010
http://mocana.com/blog/2010/05/31/nearly-half-of-tvs-will-
ship-with-internet-by-2013/
VA Medical Devices Infected With Malware
June 2nd, 2010
http://mocana.com/blog/2010/06/02/va-medical-devices-
infected-with-malware/
New Android Apps for Wiretap-proof Communications
June 6th, 2010
http://mocana.com/blog/2010/06/06/new-android-apps-for-
wiretap-proof-communications/
UK Researches Develop “Holy Grail” of Cryptography
June 7th, 2010
http://mocana.com/blog/2010/06/07/uk-researches-
develop-holy-grail-of-cryptography/
Tech Giant Hands Out Malware at Security Conference
June 7th, 2010
http://mocana.com/blog/2010/06/07/tech-giant-hands-out-
malware-at-security-conference/
FBI Warns of Growing Mobile Malware Threat
June 8th, 2010
http://mocana.com/blog/2010/06/08/experts-warn-of-
growing-mobile-app-dangers/
iPad Security Breach Embarrasses Apple, AT&T
June 9th, 2010
http://mocana.com/blog/2010/06/09/ipad-security-breach-
creates-privacy-concerns/
Ford’s Planned “App Store for Cars” Raises Security
Concerns
June 10th, 2010
http://mocana.com/blog/2010/06/10/high-tech-cars-create-
new-security-concerns/
60 MINUTES: Devices Controlling National Infrastructure
Have Already Been Hacked
June 13th, 2010
http://mocana.com/blog/2010/06/13/former-government-
officials-warn-of-national-vulnerabilities/
Software Glitch in Respirator Device Kills Minnesota
Woman
June 14th, 2010
http://mocana.com/blog/2010/06/14/womans-death-
caused-by-possible-software-malfunction/
Malware Discovered in Olympus Digital Cameras
June 15th, 2010
http://mocana.com/blog/2010/06/15/malware-discovered-
in-olympus-digital-cameras/
Windows Mobile Malware Targets Gamers
June 16th, 2010
http://mocana.com/blog/2010/06/16/mobile-malware-
targets-windows-gamers/
Intel Fields Prototype Home Appliance Controller
June 17th, 2010
http://mocana.com/blog/2010/06/17/intel-develops-smart-
energy-monitoring-prototype/
Nice Work if You Can Get It: Security Retrofit for 800
Million Smart Meters?
June 20th, 2010
http://mocana.com/blog/2010/06/20/smart-meter-rollouts-
continue-despite-major-security-concerns/
Juniper Exec: 4G Devices Bringing Malware with Speed
June 21st, 2010
http://mocana.com/blog/2010/06/21/4g-smartphones-
deliver-higher-speeds-new-security-concerns/
Android Platform Sees First Military Application
June 22nd, 2010
http://mocana.com/blog/2010/06/22/android-platform-sees-
first-military-application/
Anti-Virus Software To Become Required for Internet
Access?
June 24th, 2010
http://mocana.com/blog/2010/06/24/anti-virus-software-to-
become-required-for-internet-access/
Smart Heart Devices in Development
June 27th, 2010
http://mocana.com/blog/2010/06/27/smart-heart-devices-
in-development/
Buyer Beware: Android Security Study Cautions Users
June 28th, 2010
http://mocana.com/blog/2010/06/28/buyer-beware-android-
security-study-cautions-users/
Billions Slated for Smart Grid Security
June 29th, 2010
http://mocana.com/blog/2010/06/29/billions-slated-for-
smart-grid-security/
The Evolution of Mobile Threats
June 30th, 2010
http://mocana.com/blog/2010/06/30/the-evolution-of-
mobile-threats/
New Smart Grid Security Draft Released
July 1st, 2010
http://mocana.com/blog/2010/07/01/new-smart-grid-
security-draft-released/
iTunes Store Hacked by Rogue Developer
July 5th, 2010
http://mocana.com/blog/2010/07/05/itunes-store-hacked-
by-rogue-developer/
Understanding EAX’ Smart Grid Security
July 6th, 2010
http://mocana.com/blog/2010/07/06/understanding-eax-
smart-grid-security/
50 Arrests Made in Smartphone Spyware Probe
July 7th, 2010
http://mocana.com/blog/2010/07/07/50-arrests-made-in-
smartphone-spyware-probe/
Government Introduces “Perfect Citizen”
July 8th, 2010
http://mocana.com/blog/2010/07/08/federal-surveillance-
program-to-monitor-critical-infrastructure/
415.617.0055
Imagining Cyber-Warfare
July 11th, 2010
http://mocana.com/blog/2010/07/11/imagining-cyber-warfare/

Everything You Ever Wanted To Know About Mobile App Development

July 12th, 2010
http://mocana.com/blog/2010/07/12/everything-you-ever-wanted-to-know-about-mobile-app-development/

FBI Reveals Telephony Denial of Service Scam

July 14th, 2010
http://mocana.com/blog/2010/07/14/fbi-reveals-telephony-denial-of-service-scam/

Mobile Subscriptions Surge to 5 Billion

July 15th, 2010
http://mocana.com/blog/2010/07/15/mobile-subscriptions-surge-to-5-billion/

Replacing Batteries With Radio Waves

July 18th, 2010
http://mocana.com/blog/2010/07/18/replacing-batteries-with-radio-waves/

This Mobile Phone Will Self-Destruct

July 19th, 2010
http://mocana.com/blog/2010/07/19/this-mobile-phone-will-self-destruct/

Google and Blackberry Get Upgraded Security

July 20th, 2010
http://mocana.com/blog/2010/07/20/google-and-blackberry-get-upgraded-security/

A Smart Grid Reference Library

July 21st, 2010
http://mocana.com/blog/2010/07/21/a-smart-grid-reference-library/

Apple Leads the Pack in Security Bugs

July 26th, 2010
http://mocana.com/blog/2010/07/26/apple-leads-the-pack-in-security-bugs/

Millions of Home Routers Vulnerable to Hackers

July 27th, 2010
http://mocana.com/blog/2010/07/27/millions-of-home-routers-vulnerable-to-hackers/

Sophisticated Malware Exploits Zero-Day Vulnerability, Targets Industrial Systems

July 28th, 2010
http://mocana.com/blog/2010/07/28/sophisticated-malware-exploits-zero-day-vulnerability-targets-industrial-systems/

Citi Group Finds Flaw in Mobile App

July 29th, 2010
http://mocana.com/blog/2010/07/29/citi-group-finds-flaw-in-mobile-app/

BlackBerry Ban Coming to United Arab Emirates, Saudi Arabia

August 1st, 2010
http://mocana.com/blog/2010/08/01/blackberry-ban-coming-to-united-arab-emirates-saudi-arabia/

Apple Security Breach Allows for Total Unauthorized iPhone Access

August 2nd, 2010
http://mocana.com/blog/2010/08/02/apple-security-breach-allows-for-total-unauthorized-iphone-access/

Robbed At The Pump — Literally!

August 3rd, 2010
http://mocana.com/blog/2010/08/03/robbed-at-the-pump-literally/

BP Spill Related to Control System Cyber Incidents

August 4th, 2010
http://mocana.com/blog/2010/08/04/bp-spill-related-to-control-system-cyber-incidents/

From The Internet of Computers to The Internet of Things

August 5th, 2010
http://mocana.com/blog/2010/08/05/from-the-internet-of-computers-to-the-internet-of-things/

MOCANA DEVICE SECURITY REPORT: SUMMER, 2010 | 25

ABOUT MOCANA

Mocana secures the “Internet of Things”— the 20 billion smartphones,

datacom, smartgrid, federal, consumer, industrial and medical devices
that connect across every sector of our economy. These devices already
outnumber PC’s on the Internet by five to one, representing a $900
billion market that’s growing twice as fast as the PC market. Every
day, millions of people use products sold by over 100 companies that
leverage Mocana’s Device Integrity software, including Dell, Cisco,
Honeywell, General Electric, General Dynamics, Avaya, Nortel Networks,
Harris and Radvision, among others. Mocana won Frost & Sullivan’s
Technology Innovation of the Year award for 2008 for Device Security,
and was named to the Red Herring Global 100 as one of the “top 100
privately-held technology companies in the world” in January 2009.

ABOUT THE AUTHOR

Kurt R. Stammberger, CISSP

Kurt Stammberger is a certified information systems security

professional (CISSP) and Mocana’s VP of Marketing. He has spent most
of his career around security and cryptography technologies, with over
20 years of experience in the industry. He joined cryptography startup
RSA Security as employee #7, where he led their marketing organization
for eight years, helped launch spin-off company VeriSign, and created
the brand for the technology that now protects virtually every electronic
commerce transaction on the planet. Together with Jim Bidzos, Mr.
Stammberger founded the annual RSA Conference, the world’s largest
gathering of computer security professionals, which draws over
25,000 people to events in the United States, Europe and Japan. He
also founded Coda Creative, an award-winning technology marketing
firm that focused on security startups, and served as VP of Content &
Services for consumer healthcare startup Vimo.com. Mr. Stammberger
holds a BS in Mechanical Engineering from Stanford University, and an
MS in Management from the Stanford Graduate School of Business,
where he was an Alfred P. Sloan Fellow. He can be reached at
kurt@mocana.com or by calling Mocana at 415 617 0055.

©2010 Mocana 415.617.0055

www.mocana.com