So, trying to optimize the results of using technology (keeping AR, Smartlink, and all 'ware functions) without opening holes for hackers must be theoretically possible. I'll start with cyberware.
Cyberware takes data from its link to the nervous system, so it can't have all networking disabled. However, if it was programmed to take data ONLY from that link (possibly with the exception of data requests for diagnostic purposes), then the data could be taken from that link and sent through a program in ROM, which interprets it and outputs the results as movement. The goal, then, would be to close down as much interaction as is possible at each stage of the 'ware's operation.
A hacker could not do much at the physical layer. Corrupting the data link between the person's brain and the machine, while it may sound promising in theory, would doubtlessly be shut down by security protocols. The input can't be hacked, because it's impossible to hack a human nervous system, and the output is closed to outside influence. A hacker could possibly install a backdoor in between the hardware output and the actual cyberware which would allow for remote operation, but that would be an exception, as nothing of the sort would be installed by default (except perhaps on corpsec personnel, if dictated by the GM). Data collection, diagnostics, and everything else not related to the direct operation of the 'ware would be disconnected for security purposes. This is made easier on the security by the fact that cyberware doesn't try to do more than it should-- Most of the security holes in modern computing are caused by plugins and applications that expand the functionality of the computer, thereby allowing for hackers to use the new functions for their own good.
However, say that the link's software is updated over the Matrix, for the savings on the corporate side and the convenience on the user end. Wireless security would definitely take great strides from today, but given the fact that it doesn't exist in Shadowrun for many years, the tech might not be that far ahead of where it is today. Today, hackers tend to fake out wireless security by pretending to be something else, poisoning different protocols and hiding the hack in otherwise normal transmissions. In the Sixth World, and our cyberware example, imagine that a corpsec goon with all sorts of 'ware is downloading updates, but a hacker has poisoned the Sixth World equivalent of DNS or ARP and connected the guard to their own server instead of the secure corporate server. The hacker can replace the software with something that suits his purposes. Today, this would only be possible sometimes. Updates are installed at a predetermined time or when the user starts them manually, the former being more common for most programs. That system gives the hacker little opportunity to take control of the device outside of the set update time, but once the update is installed, the hacker can theoretically control the 'ware completely, limited only by what piece was hacked and what it was connected to. Another option, and possibly the one used in the Sixth World, is that the corp sends out a signal to tell the 'ware to receive an update, and then asks for admin authorization and installs it. This gives more opportunity to a hacker, because with a few faked addresses and security certificates, the hacked update can be installed at any time, and the target would still believe that the update was legitimate. This might not be useful in the middle of combat (as it's not quite the opportune time for a pop-up in the middle of an AR display) but to a target on the way, a guard on patrol, or other similar situations, faking the software would be a fast and brutally effective solution.
In combat, though, the user would not be so cooperative. Here, it would be more useful to break into the enemy's PAN and frag up what you can, concentrating less on decimating the enemy and more on making it so that they're not effective combatants. Even AR spam can get a guard killed in combat if it takes up enough of their vision. Other attacks, like switching on a gun's safety or blaring punk rock through a pair of cyberears, can sow confusion and panic and make the enemy deader then Dunkelzahn. These effects can be achieved in the same way (by spoofing certificates and pretending to be legit sources) or by more direct routes, like bruteforcing (the subtle art of using a program to try every password possible) or Denial of Service (giving the target so much data to process that it's overwhelmed and fails).
A commlink would probably be the easiest thing to target for most types of attack, as it has more functions (read: more holes to exploit), and is constantly connected to the outside, even in hidden mode, as hidden mode does not shut off the wireless capability as evidenced by the fact that they remain remotely hackable. A firewall would help (most of its job is analyzing packets and keeping out malicious ones), as would anti-malware software and everything else that's used today. Most of these can be exploited today (Software firewalls can be taken out with the beautifully-named WAFFle attack, not that I'm saying that for any reason but to inform you all that WAFFle is a technical term in the world of computer security) and it can be safely assumed that it's the same in Shadowrun, since hackers do it every day. When talking about hacking, however, it is not only important whether something is hacked, but how, and to what extent. A skilled hacker can use one small exploit and proceed to use it to crack different things, peeling away the layers of security until he has complete control. However, that might not be the best course of action when time is on the line, so a hacker might find that using the limited exploit to achieve the result without cracking all of it. As far as I know, there is no simulation for this in Shadowrun, but a reasonable houserule to mimic it could be made. Halving the time while limiting the functionality somehow, the specifics aren't my strong suit.
Hacking more specialized hardware could be gone about in multiple ways. One of the more straightforward, perhaps counter-intuitively, would be hacking it through the commlink. Since the commlink is what generally dictates what the different components do (in the case that each component is slaved to the commlink, which is more convenient, but not more secure as some people in this thread seem to believe), hacking it gives the hacker absolute control over everything controlled by the commlink. This would also happen to include everything that is run through the commlink's operating system-- Everything that the AR display has control over (Probably the majority of PANs would be controlled by the commlink, since that would be the most convenient and simple to keep running), everything that the commlink does indirectly through other means (software updates for the other components is an example that comes to mind), and of course the commlink itself. Say a hacker finds a guy with his PAN run through his commlink. In modern-day terms, the commlink acts as the server, with each piece of tech acting as a separate host. The hacker beaks into the commlink, and opens a program that uses the commlink's access info to install fake updates on each host. This is possible because of simple convenience. Nobody wants to have a different username and password on everything they own, especially with things like cyberware, and even the few who use biometrics wouldn't want to have to swipe a fingerprint on everything they own just to get it running in the morning. As a result, cracking one device on the PAN basically cracks them all, and once the hacker gets into the commlink, everything else is as simple as clicking a button and waiting for confirmation.
