A device attack is an exploit that takes advantage of a vulnerable device to gain access to a network.
The term "device attack" was coined to differentiate such exploits from those targeting personal computers. The attack vector could be any other kind of Internet-connected device. Potential targets include not just smartphones, which are the most commonly cited example, but also network hardware, smart grid components, medical equipment and embedded systems -- among a great many other possibilities.
In the past, most malware targeted personal computers because that was the most common type of device connecting to the Internet. Naturally, most anti-malware efforts were designed to protect the PC. Although non-PC devices have become almost ubiquitous in the past several years, security efforts have lagged behind and attackers are taking advantage of that fact.
Securing non-PC devices is problematic for a number of reasons. For one thing, many security measures, such as virus scanning, that are suitable for a PC, place too great a demand on the limited resources of smaller devices for memory, processor cycles and electrical power. Administration of patches and updates can be difficult because of sporadic connectivity to the corporate network. Furthermore, portable devices can be easily lost or stolen; unless they can be remotely disabled or wiped in that event, they pose a serious risk to the corporate network.