Focus 2011: McAfee highlights threats from mobile and embedded systems

LAS VEGAS: McAfee highlighted the growing threat of cyber attacks that exploit mobile and embedded systems at its Focus 2011 conference this week.

In his keynote, senior vice president of advanced technologies and field engineering Mike Fey told attendees that by 2012 the growth of mobile and embedded devices will help to fuel demand for more sophisticated security platforms.

Fey explained that as mobile devices and embedded systems become ubiquitous, they will dramatically increase the attack surface for those seeking to exploit security vulnerabilities.

"If I am going to be a hacker, I want to make sure whatever I do is reusable, pervasive and can get me in anywhere," he said.

"With that in mind, I am going for the embedded device."

Additionally, Fey believes that by 2016 mobile devices will become popular platforms for attackers and malware writers. As handset capacities and wireless broadband speeds increase, Fey sees handsets being both targets for attacks as well as tools for launching attacks on other systems.

Fey said the blacklist model will become increasingly redundant in the future. He argued that rather than rely on black or white lists to screen possible attack sites, security vendors should develop a "gradient" system that is able to understand context when deciding whether to block a site.

"The trust model we use is broken, black and white lists don't work," he said.

"They will not scale, they will not get us where we need to go."

The answer, Fey suggested, is to move to the kind of model that underpins McAfee's Global Threat Intelligence (GTI) network. GTI relies on data contributed by customers to spot and prevent new threats and attack methods.

"We need to take our understanding and add yours," he said. "We need that hybrid model."