Geer has proposed a number of possible, long-term solutions, from mandating the implementation of remote management and update features in embedded systems at the "national policy" level to the use of programmed "self-destruct" mechanisms that would disable devices "by some predictable age."
IOActive's Cerrudo says cultural changes are needed within the firms that make the products. Developers and engineers need to adopt a security mind-set, while vendors that haven't traditionally had to deal with attacks on their products need to take their cue from software firms like Microsoft and Adobe: instituting a system for fielding and responding to reports of security holes in their products, then issuing fixes to customers.
The stakes are high. Cerrudo and Geer both note that the days of hacks, malware, and other problems being limited to our desktops at home and work are ending — fast.
"All these new technologies are impacting our daily lives," Cerrudo says. "When these devices are hacked or compromised, it will impact the way we live."
Sign up for CIO Asia eNewsletters.