Industry Trends
My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work.
I just returned from VB 2016 (the Virus Bulletin International Conference) held this year in Denver. My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work.
Basically, the authors found an inner assembly routine in Pebble's operating system that allows someone to elevate their privileges. If you are familiar with ROP, this is a privilege elevation gadget. Normally, this routine is called by Pebble OS only when privilege needs to be elevated, and then another routine is called to return to normal privileges. However, actually, nothing prevents a skilled hacker from calling just the privilege elevation gadget... and that's what the authors demonstrated.
Their conclusion is that any device with an ARM Cortex M processor is actually vulnerable to their hack. This is partly true, and partly exaggerated, because there are some other conditions. Let's detail.
The vulnerability is exploitable if
In practice, I have thought the problem over on 3 other connected objects I have personally investigated. Although 2 of them featured a Cortex M processor, as you can see in the table below, in practice it is highly uncertain the vulnerability would affect them. However, it would certainly be interesting to conduct more research on that.