This past weekend F-Secure was kind enough to invite me out to Helsinki to demo their brand-new F-Secure Sense router as well as do some talks on IoT hacking and demo their cross-platform security suite.
I will be reviewing both the software and sense in separate posts within the next week.
As we all know, there have been some major issues with cyber security recently, the WannaCry incident has been the worst malware issue in years and could have been far worse if @MalwareTechBlog hadn’t prevented its spread. During our talk with Mikko Hypponen, he said it would have been far worse, but the initial outbreak was when most of America was asleep, and therefore business PCs were offline. Thankfully @MalwareTechBlog managed to register a domain that caused WannaCry to think it was in a virtual environment and stop spreading (so it could pretend to virus researchers that it was safe).
While WannaCry was a bit of a freak incident, it goes to show the growing issues related to cyber security.
In fact, since flying out, there have been 2 news reports identifying major security issues with home routers. Arstechnica reported that the CIA has been infecting WiFi routers for years using an exploit called CherryBlossom. This then turns your router into a listening post for the CIA. The problem here is if the CIA can hack it, then so can cybercriminals. WannaCry is based on a leaked NSA exploit after all.
This morning, Virgin Media has urged users to change their passwords as an investigation has found that hackers could access the provider's Super Hub 2 router, allowing access to users' smart appliances. The BBC has also published 2 articles on IoT security issues, one about an individual potentially being able to steal a car using its app, and another on a businessman having his life ruined by a printer hack.
Ironically, the 2 of the above issues relate to the security of routers, and this is one of the main selling points of the F-Secure Sense itself. The security team at F-Secure have invested a lot of time into trying to hack their own router and plug up the holes. They are confident that their router is one of, if not the most secure router on the market.
Another aspect of the trip focussed on IoT devices and their security. IoT is becoming a booming market, with many households in the UK implementing smart heating systems, smart lighting and CCTV. However, with all these being connectable to the Internet, they are also hackable. During the press trip, one of the F-Secure researchers demoed hacking into a smart plug, giving him complete control. He also hacked into a CCTV camera which also gave him complete control. While it might not seem like these getting hacked is a big deal, it proves the potential for issues in the future.
Just last year 25,000 CCTV/baby monitors were hacked and had software installed on them that could carry out DDoS attacks. Which was then used to cause disruption to Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
We already have smart ovens, fridges, washing machines, and locks on the market. All of which, if got hacked, could cause more than just a bit of annoyance. Mikko Hypponen believes that IoT is the next big revolution and in the next decade or so if a device requires electricity then it will connect to the Internet. Which in turn means everything we use will be hackable.
This is another aspect that the F-Secure Sense tries to resolve. The security software built into the Sense monitors IoT traffic and attempts to detect unusual patterns. Once it sees problematic data it will warn you of potential issues and you can decide if you want to block internet access to it.
Overall it was a great trip and I was made aware of just how bad my home security was even though I thought I was quite security conscious.
With the UK government wanting to install backdoors in everything and potentially ban VPNs it is likely that we will see even more security issues over the next year or so.