If it's Smart, it's Vulnerable! Are we doomed? The future of our smart world?
I talk about the future with Mikko Hyppönen, the author of "If it's Smart, it's Vulnerable" - we discuss the huge risks of having smart devices (and dumb devices getting smart connectivity). What does this mean for your privacy and security? Is the future just gloom and doom?
Mikko Hyppönen is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulnerable. He works as the Chief Research Officer at WithSecure (former F-Secure for Business) and as the Principal Research Advisor at F-Secure.
Source: Wikipedia.
// MENU //
00:00 - Coming Up
00:31 - Intro
00:55 - Mikko's Book
02:38 - Internet of Things
09:58 - Internet Regulation
11:18 - Privacy is Dead
13:52 - Leaving the Internet
19:33 - The NSA
20:43 - Boycott of RSA
24:39 - Cyber Security Tetris
27:47 - Mikko's Journey
32:28 - Mikko's Advice for New Comers
34:18 - The Next Trends
37:55 - Machine Learning
41:57 - Educating Yourself
43:54 - Command Line
44:45 - Linux/Linus Torvalds
46:54 - Closed Environment Device Security
50:46 - Admin Rights
52:56 - SCADA and ICS Device Worries
56:15 - Should You Be Optimistic
57:55 - Reading the Terms & Conditions
58:57 - Mikko's First PC Virus
01:00:24 - Mikko's Closing Thoughts
// BOOK //
If it’s smart it’s vulnerable by Mikko Hyppönen: amzn.to/3GdCbR0
// TED Talks //
-
How the NSA betrayed the world's trust -- time to act: • How the NSA betrayed t...
- Living in a surveillance state: • Living in a surveillan...
The Internet is on fire: • The Internet is on fir...
- Fighting viruses, defending the net: • Mikko Hypponen: Fighti...
- Three types of online attack: • Mikko Hypponen: Three ...
// DEFCON Talks //
- The history and evolution of computer viruses: • DEF CON 19 - Mikko H. ...
// Mikko's SOCIAL //
Twitter: / mikko
Wikipedia: en.wikipedia.org/wiki/Mikko_H...
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZhead Main Channel: / davidbombal
KZhead Tech Channel: / @davidbombaltech
KZhead Clips Channel: / @davidbombalofficialclips
KZhead Shorts Channel: / @davidbombalshorts
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gE...
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
wifi
bluetooth
hue
tv
cctv
monitor
camera
hack
hacker
hacking
cybersecurity
infosec
iot
nsa
nsa hacking
rsa
rsa conference
internet of things
iot vulnerable
internet of things vulnerability
iot hacking
iot hacker
iot devices
camera
smart tv
tv
smart speaker
encryption
apple
google
degoogle phone
degoogling a phone
ios
skynet
robocop
pine phone
privacy
online privacy
online privacy guide
internet security
tracking
online privacy for kids
online privacy and security
online privacy it doesnt exist
online privacy tips
online privacy ted talk
online privacy guide
online privacy for students
internet security tutorial
edward snowden
naomi brockwell
privacy
five eyes
5 eyes
brave browser
tor
protonvpn
protonmail
duckduckgo
google
online tracking
ios
android
graphite phone
privacy browser
privacy browser ios
privacy broke
privacy browser for pc
anonymous
hide online
hidden identity
hide identity online
data
hack
identity
internet
privacy
social change
technology
Disclaimer: This video is for educational purposes only.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#hacking #wifi #iot
I talk about the future with Mikko Hyppönen, the author of "If it's Smart, it's Vulnerable" - we discuss the huge risks of having smart devices (and dumb devices getting smart connectivity). What does this mean for your privacy and security? Is the future just gloom and doom? Mikko Hyppönen is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulnerable. He works as the Chief Research Officer at WithSecure (former F-Secure for Business) and as the Principal Research Advisor at F-Secure. Source: Wikipedia. // MENU // 00:00 - Coming Up 00:31 - Intro 00:55 - Mikko's Book 02:38 - Internet of Things 09:58 - Internet Regulation 11:18 - Privacy is Dead 13:52 - Leaving the Internet 19:33 - The NSA 20:43 - Boycott of RSA 24:39 - Cyber Security Tetris 27:47 - Mikko's Journey 32:28 - Mikko's Advice for New Comers 34:18 - The Next Trends 37:55 - Machine Learning 41:57 - Educating Yourself 43:54 - Command Line 44:45 - Linux/Linus Torvalds 46:54 - Closed Environment Device Security 50:46 - Admin Rights 52:56 - SCADA and ICS Device Worries 56:15 - Should You Be Optimistic 57:55 - Reading the Terms & Conditions 58:57 - Mikko's First PC Virus 01:00:24 - Mikko's Closing Thoughts // BOOK // If it’s smart it’s vulnerable by Mikko Hyppönen: amzn.to/3GdCbR0 // TED Talks // - How the NSA betrayed the world's trust -- time to act: kzhead.info/sun/bKeqhr2Nhpx-f68/bejne.html - Living in a surveillance state: kzhead.info/sun/n6yjZ86fiKKkdYU/bejne.html The Internet is on fire: kzhead.info/sun/hK-eXcWHa2aIaqM/bejne.html - Fighting viruses, defending the net: kzhead.info/sun/lspsqtyArIWDZZE/bejne.html - Three types of online attack: kzhead.info/sun/ibFweLWXsZSafK8/bejne.html // DEFCON Talks // - The history and evolution of computer viruses: kzhead.info/sun/ZN1sZsumjWd6ga8/bejne.html // Mikko's SOCIAL // Twitter: twitter.com/mikko Wikipedia: en.wikipedia.org/wiki/Mikko_Hypp%C3%B6nen // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZhead Main Channel: kzhead.info KZhead Tech Channel: kzhead.info/tools/ZTIRrENWr_rjVoA7BcUE_A.html KZhead Clips Channel: kzhead.info/tools/bY5wGxQgIiAeMdNkW5wM6Q.html KZhead Shorts Channel: kzhead.info/tools/EyCubIF0e8MYi1jkgVepKg.html Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Baie nice 🙏 dankie David.
Awesome content you are creating. I've been in IT for over 2 decades and yeah it's 2 late to be a pessimist so let's be an optimist :)
Cyberpunk
someone just replied to a comment I left here from a fake account pretending to be you
Topic suggestion - Chinese firewall mini-pc appliances for pf/OPNsense, can they be trusted? Risks?
There is definitely a problem I worked for Fisher & Paykel and recently they started to embed wifi into their washing machines, they sell it as being able to tell you when your wash is complete etc.. but the internal communications were about how great it was to collect user information and sell it and how much money it was going to make them. It’s scary that none of this is regulated or disclosed to end users.
Would the wifi have to be connected by end user to collect the information? I have wifi on mine but ignored that function, not even sure I checked what kind of wifi it uses. Should really check. I have a coffee machine they ask you to connect with BT to register it, crazy.
@@alfonzo7822 I would imagine it is reliant on you connecting it I don’t know the full breakdown of the software, however I wouldn’t be surprised if it also scans for any open networks and connects to these, as there is more interest in collecting information that there is in adding user functionality. It is scary how many items phone home and how many of these companies are Chinese owned. Note F&P is now owned by Haier a Chinese company and most production was moved to Thailand. A lot of their product like the microwaves are also cheaper brands rebadged.
@@alfonzo7822 Whenever you connect a device to a network, you are inviting a guest. Only he can control how curious he will be.
@@stormsake I would just rather not connect, but not sure of the capability of it searching for open connections and connecting regardless. No open networks within my home but there are a couple nearby. My neighbours like having guests, just hope none of my devices are popping round there for drinks without my knowledge.
Best talk yet... I admire both the questioning tactics & linguistically compelling answers
Thank you! Amazing feedback :)
I’m very happy this is being discussed, David. It seems the easier something makes our lives (ex. smart tech), the more we face a risk from the security or vulnerability standpoint. I look forward to watching.
Hope you enjoy the video Alan. It's seems that it may even be more dystopian than many of us currently envision :)
@@davidbombal And here I thought living with an irritable Chihuahua was going to be a challenge. It seems the worst may be yet to come.
The man himself. Awesome guest David!
Another great show David. I shall proudly proclaim I read every word of the user agreements. That is why I have very few of the apps and devices that most people own.
Hope you keep that up Jason :) I think almost of almost of us haven't always read the T&Cs :(
the most shocking thing is how little these things have been talked about until very recently
Another great one David !! Continue your great job !! Go Mikko Go !!
thank you david for bringing us mikko, he is not only very knowledgeable, funny and quite inspirational, but also fascinating for having worked in the same company for 31 years (a thing that is vanishing from human experience), all the while being on the cutting edge of cyber and technology - WOW, what a combo !
Fantastic, absolutely fantastic... I'm a young hacker, trying to build my expertise. Hearing about and from the older generation is truly fascinating. Definitely gonna look up this book!
Thanks for your help in the cybersecurity space my sir, hope you have more power to deliver goods to us! Really appreciated it!
Thank you! Lots of content coming :)
My favorite channel by far, thank you very much indeed David.
Wow, thank you!
"the best you that you can become" great quote!!
Great video. Apple's hidden P2P Bluetooth network is also scary among many others. Soon your shoe laces will tell your phone and insurance company that your shoe is untied...
Now I want this book and the one he was going to originally write ✍️ I'll buy both
It's an easy read, but very worrying to see what the future may look like :(
Thanks, David, Mikko Hyppönen is a great guy it is the second time I'll be watching this interview. I'm enjoying it very much.
I wouldn't say I learned a lot from this but only because I follow the topics of privacy, cyber security, iot and surveillance... However, the best thing about Mikko is that he makes the information seem much more consumable for folks who may not be as familiar with these topics.. And that is his strength and the reason I enjoyed watching this. I will likely share this with others in my life who I feel need a lesson in privacy and security.
Wow David Sir wonderful podcast as always, and also thanks for Mikko Hypponen for sharing his outstanding ideas and thoughts. Love from Pakistan :)
Always great content with Mikko, great work David
Thanks for the great video David and bringing on amazing minded people 👏🏾
You're welcome!
DB 💖💖💖always gives the best information
Thank you! I hope you enjoy the video!
I really like the impact that just standing brings to presentation.
30secs in. Thanks David, staying consistent and pushing out the best quality
Thank you :)
Great Video David and Mikko! Well done!
Awareness is key 🔑 to say Knowledge is Power. I would like to say that due to awareness people are learning (including myself) to secure the systems he mention that traditionally was not as secured as it should be. Large Orgs are implementing layers of Firewalls, that is very good to know…but if the lack there of was not exposed, it would not happen. My optimistic response.😊
What an inspirational speaker. David amazing guest once again! What Mikko said at 31:33 is what drives my late LATE nights in the lab learning the tools. Thank you for another great episode!
David ,You are just doing a lot for us.thanks🌻
It's never been more exciting to work in technology. Words never truer said. What a brilliant way to end it.
I am really grateful for coming in contact with you Maryilyn Daine Lynch. You have really changed my life. Investing with you has been my greatest achievement this year and I am going to preach the news wherever I go. Thank you so much Maryilyn Daine Lynch.
For those who don't know her already you could look her up on Google, she is a well established analyst and investment manager. I bet you won't regret investing with her.
@@arthurpressrichard7795 This recommendation literally came at the right time, I dipped by $11k in stocks last week alone. Its crazy! I just looked up Maryilyn Daine Lynch online and researched her accreditation. She seem very proficient & I wrote her detailing my Fin-market goals . Information they say, is power. Thanks for this.
Great interview, David. Mikko is such a character!
Wow, What a Great Talk, The advice is priceless 31:00. thanks David and Mikko
Been following this channel for a while, this is one of the most interesting, yet not so much.. facts? This is so much speculating and still explaining and backstory.. Good fun ! The finns know their stuff.
I saw this guy years ago in the malware tracking lab talking about how they track malware around the world. Amazing stuff. Great to see more from him.
Enjoyable talk..thank you..a favored and trudted channel..
I'm happy to hear that Curtis!
I am pretty new to this domain…I really appreciate you and your guests.
Great Interview. Thank you both.
Thank you Vyas!
I recommend the book " IoT Hacking" from no starch press. absolutely amazing book on the topic. Great video as usual David!
Great suggestion!
The greatest content to me. Thank you!
Thank you! Glad you enjoyed it!
Excellent interview, informative and interesting 👍
What i see is DATA is most valued in the future. You guys are great mentors 🙏
Thank you David, amazing interview
Thank you! Glad you enjoyed it :)
Great interview with Mikko
Really enjoyed this interview!
Rhanx very much !
Just checking the channel for other contents and got Notification of new video😀
Happy to hear that! Hope you enjoy the video :)
@@davidbombal I think we need to get hacking gadgets rather than smart devices. It's one of the Savage thing
@@vardhangoud8851 And we need to be hacker rather than being a little dumb
Great content as usual thanks David
Great content don't miss. The last part advices are great. I been thinking more about the advices he has been given about closed systems like ipad, play station etc. Other most used device The tv's are online so they are vulnerable. Smart tv's like tizen samsung software is an example of closed system. The user can open any website from tv. For instance free movie streaming websites opens advertisement popups etc. Can you create a more detailed content on Smart Tv's? May be you schedule another 30 minutes episode for this suggestion. Regards.
Very very interesting, thanks for posting the video.
Thank you. You're welcome!
Ready to watch it. As a suggestion for the next video: how to connect from your phone if you go to a hotel or travel. do you carry a raspberrypi?
Someone should make a version of this video which is cut down a lot so people that isn't as knowledgeable can understand these issues without skipping the whole video, which is pretty long. Great video as always! Btw, last time I checked, or rather didn't log into my google account first, I could still watch youtube videos. Of course you can live without google, but it will be pretty burdensome to change the habit. The hardest thing about getting rid of google for now, is that you need to get a phone that you can root and then install something that doesn't use a google account. That is at least my next big step away from Google.
I also think that I should build faraday cages in some of the rooms in my house. Like tin-foil, but room-sized. But I'm sure that some future devices which will have data-collection abilities will refuse to work unless they are able to "phone home" with whatever information they gather. So even faraday cages won't be a solution.
I love this guy, but what he said AT the admin right section (not ABOUT the admin rights, I agree about it) is the opposite of what OccupyTheWeb said about the human factor (social engineering). Yes, fewer right on the system give less risk, but the users need to educate to not clicking malware or any other social engineering way of attack, because the system is vulnerable, even if the user have fewer rights on his system. Still love this guy, he's around my age and saw similar things like me (born of the Internet, cracking C64, etc), so I'm really enjoying this talking. Thank you David!
I am 100% with this guy. I read once about a case when a company aggregated the "usage" of smartphone-controlled sex toys (in US or Canada, don't remember now). What next? Smart underwear? Also, most of them use IPv6
Love this man. I started with the same floppy and I am a opened mind an I love his book. Thank you for the video
Glad you enjoyed it!
So so so true David
Whoa ! Mikko Hyppönen est presque une légende dans le milieu de la sécurité informatique. Merci pour cette vidéo. Dommage que son livre ne soit écrit pas en français.
Mikko is amazing :)
very brilliant
And that's why when i go to someone's house/office i bring a small jammer, I'm verry p*** to explain basic things to those who don't intend to understand, and have zero respect for their friends privacy, so much to turn off certain s***y devices when i ask. So when i arrive at their home/office/car, magically the connections ... drop. I used to use a sound jammer but it wasn't enough.
Love from india David sir ....
Thank you!
4:03 Apple Watch 10:48 price of security 12:50 Police 15:04 electricity - connectivity 20:00 Nsa 20:49 security products that are not secure 40:28 1990’s vs now 44:00 command line 45:52 Linux is everywhere 47:19 iPad is more secure than a computer 😊
Big Fan of you sir 💙
Thank you Naresh!
Its interesting he mentions machines will program machines. One of my professors recently showed us openai which you put in natural language what you want and it generates the code in the specified language.
*David ji(word used for respect with name) your audience is also from India because this country is hub of IT as you definitely know my request to you please make a video about those who not have a chance to get higher knowledge in cyber security and how they can be security expert from scratch to advance by himself*
I do read some "Terms & Conditions", and I at least skim over some of the others. I do try to *save* a copy of all "Terms & Conditions" that I'm asked to consent to, and that amounts to hundreds of pages of text per year. And in many cases, those conditions are written in dense legalize, so you'd really have to read it carefully to understand everything you're agreeing to. And I have read enough of them that there have been a few cases where I see something in the "Terms & Conditions" which causes me to *NOT* agree to them, and therefore I do not use whatever service or program demanded those conditions.
I really enjoyed this Mikko is as sharp as a razor, as usual David's channel is the place to be keep up the great content good sir.............
That was a cool interview
Glad you enjoyed it!
I think there should be some kind of wide and simple way to teach people how to implement home "firewalls" and "DNS filters" by just plugging in some Pi Hole kind of thing/device so that those artificially upgraded smart devices like kitchen mixers can't talk to anyone. There should by wider education initiative. Router vendors could do a lot as well by implementing user friendly tools to control the traffic.
I was in your Chanel searching video like this
Very glad to hear that Abdifatah!
Machine learning is terrifying. Especially with aggregated data analysis at the NSA.
The EU is starting to ban IoT devices in 2024 on its markets if it doesn't meet minimal requirements for the security.
Good jobs
I couldn't resist pointing out an observation .. around 28:06 that HD floppy would likely be 1.2M (or thereabouts). 720K is quad density on 5¼" disks .. I have some of those .. unless he meant per side? 😉
mikko is an absolute genius.
wow! is that an SABC advert on Cyber security Tetris, 25:42?
Security People care about Security. Business People care about Money. Business wins. IT! the industry which keeps on giving.
Great.
Hope you enjoy the video :)
I find it funny he was saying to listen to podcasts while commuting because I’m watching this video while doordashing and I do that everyday
What do you suggest regarding terms and conditions which aren't read anyway?
Started remembering 1.44mb floppy disk 😍
Excellent Keep up the good work. Exceptional Magnificent Exciting Majestic thoughts Exemplary Marvelous Extraordinary Much better Fabulous My goodness, how impressive video!
Wow Muhammed! Thank you very much!
VLAN or separate dedicated networks for them. For security devices the hard truth is that they are as safe as any tradicional lock. So... not safe at all! The point is really convenience not safety!
The book is great
❤️❤️❤️
Lets say like this if its not diy if you didnt programmed and take a look at programming libraries you used. Yes it could be vulnerable. I have designed my own diy pir, radar, contact sensor pcb, also designed my smart switches pcb and other gadgets all local doest get or Post to cloud Services like ready smart products. Every system has their weaknesses.
I've just watched your video about install kali linux rootles I've done everything you told but when termux get installled the session gets restart can please tell me any solution on it
Hi David, It is great to see your videos on hacking.. I have a suggestion to make a video on chinese loan apps how they uses java coding to take contact list from phone and harassing people. If possible please advise how their mechanism works.
Take an example of coin home. You can check comments section how people's feels about these kind of apps
Sir I have a question There's a phone called Vivo V5s it's like phone from 6yrs ago and people r talking about it can't be rooted though it's hard to believe Can u confirm that plz ☺
I have only seen the IOT part of the video. The near future looks really scary, if I cannot control if my IOT devices will connect to the Internet or not. Microcontrollers (ESPs, RP2040 and RISC V) are getting faster and faster in the recent years. I can see the "near future" is happen really soon. At home, I have a VLAN with no Internet connection to all my (insecure) IOTs, so I can keep them on a tight leash. If big companies like Samsung, Xiaomi etc. builds global private 5G or 6G networks for their IOTs to get online without the end users' knowledge, it could be the end of privacy and security. Thats why I have not replaced my over 10 years old TV, and it is very difficult (if not impossible) to get a non-smart TV in 2022, even though I can get one with a lot better image quality and more power efficient.
Agreed. This is very worrying :(
Is it possible for consumers to harden their own devices and services? Specifically those that are intentionally sold in a weak state.
David make us a content about web3 and smart contract security please
Good
Happy to hear that!
The thing about 'phones and secure things': In my mind this is the single worst security advise i have heard in a *very* long time. Don't get me wrong: I see where he is coming from, and in theory he is right. But once reality comes in, it's a complete train wreck: Devices like that are supported for like what, 3 years on average? But people use them for 4 to 6 years easily, maybe longer. So every vulnerability discovered (note: i did not say publicized) after that goes unpatched forever. On top, a ton of online banking theft involves phones infected with malware. If that wasn't bad enough, manufacturers give us tons of bloatware and tracking crap with the devices, increasing the attack surface beyond recognition. And with those devices, people browse the web, go to social media and read their email (that may have bad apple links) and then go online banking with the device being the second factor (which totally renders the TFA concept useless)... I seriously cannot consider this even a remotely good idea... Also: My OS manufacturer taking my box hostage, extorting money and/or private data out of me is certainly something i too cannot appreciate *at all*... So yeah... Great interview, but really take it with a grain of salt...
27:57 YES!!! 🤣
fire !!!!!!!!!!!!!!!!!!!!!!!
Thank you David :)
Hey David, I wanted to have a conversation with you and Mikko about cyber security. I beleive we all think alike. I broke RSA security on a Nintendo DS in my past. I would very much like to make some money securing technology in the future. Jump into the DMs if you have any ideas where I could start. Thanks, Jordan
My katoolin crashed in Android OnePlus 6t (8gb ram) but now can't run katoolin please guide how to re-run, i uninstall and reinstall Kali Linux but still same problem can't run katoolin...?
Hi sir I am manigandan from India i need suggestion form your side .i have completed civil engineering but my interest in software side indicide to go IT filed job but now what can I do sir my interest cyber security and ethical hacking but this is ok sir or any other suggestions me sir
Theres the saying that the S in IOT stands for security
Learn something new. Competitive pinball is still alive.
What I love about the world today is if you are interested in something, there is probably a big group of people around the world interested in the same thing :)
Greatest man in the world the "world" (99%useless people in infosec & cybersec) knows nothing about him because only the real people in the game knows Mikko: he's a fucking smart guy ...