I continue my worry (paranoid?) about mobile and embedded security, hacking, and lack of quality testing efforts. Check these links out:
inflight wifi hacks
https://www.yahoo.com/tech/researcher-says-airplanes-can-be-hacked-via-in-flight-93967652124.html
thieves hack key fobs
https://autos.yahoo.com/blogs/motoramic/it-s-official–car-thieves-can-hack-your-keyless-entry–insurers-warn-142252463.html
So am I paranoid or are they really out to get us (development projects)? What is the cost to us and does the cost justify any added security testing? Will standards, e.g. ISO29119 and government reg’s drive testing or will the market?
My guess is some places and project will take mobile/embedded security testing seriously and some won’t and the users will be left to vote with their feet. As individual testers I think we provide information to our development teams so the context of the project can help decide what is needed. In James Whittaker’s books and my book on software test attacks (available on Amazon), there is the starting point for security testing, but as much as I know, there is far more that I don’t know on security testing.
breakingembeddedsoftware 