Cybersecurity every day | Jaya Baloo | TEDxRotterdam

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] how many of you have Wi-Fi enabled on your phone take a look take a look and put your hand up please yep how many of you have Bluetooth enabled on your phone ok we've been scanning the entire morning and we found 42 vulnerable phones in this room and we found one phone it's Ricardo's iPhone and I'm not going to show you the crazy sheet porn because I don't freak you out but let me show you something else Ricardo was looking at whenever the next slide is there so Ricardo was checking out the program I know this is gonna take balls but where's Ricardo who's Ricardo Oh Ricardo hi so Ricardo have you updated your phone in the last three days to overcome the wpa2 attack you have not okay Ricardo can you just take a look at your screen can we take a look at a screen there we go oh it went to screen server here's the deal how often do you guys update your phone when there are updates available I wanted to see one show of hands who updates their phone every time there's an update available okay there's a lot of who doesn't do it yeah okay I count roughly 42 hands so here's the deal the point is society needs to wake up and smell the coffee cybersecurity is part of our daily lives we need to practice cybersecurity each and every day if we want to be safe we live in a connected world in fact it's just gonna get more connected you've got speaker on speaker talking to you today about how connected we all are and you know what we're gonna do we're not just gonna connect you to each other we're gonna connect all the things to each other so our future looks like this our future looks like we take all the dumb things we have now yeah and then we make them smart by connecting them to each other okay I want to ask you like a real-life question how many times have you encountered it happening that you've got two dumb people you seat them together at a party and suddenly they win the Nobel Prize how likely is it to happen in our virtual world that we take two dumb devices we let them talk to each other and suddenly they're smart for me everything that smart has an inherent vulnerability and when you look at the Oxford definition of IOT it actually will tell you that the only way that it will crumble is because of a failure in security I want to talk about one case in point does anybody have one of these vacuuming robots at home oh yeah you do who has this particular one from LG yeah you do right you got to get that updated a couple of days ago actually three days ago what was announced is that this robot will turn your smart home into a spy home because what the hacker can do is turn on the camera that's used to activate this robot you know that makes the map when it's kind of back in your home and it'll use it to spy on you you're gonna get that updated yeah right yep so you know it's one thing when I'm when I'm telling you about your smartphone it's another thing when I'm talking to you about your connected vacuum cleaner but folks we need to really wake up because I need to tell you it is beyond irritating when all of these you know so-called smart devices collude work together and then staged a distributed denial of service attack this happened last year it actually brought down one of the most critical infrastructure pieces we all know can you guess what it was that's right Netflix Netflix brought tumbling down to its knees so you know growth of global population resulted in failure of Netflix and what it really means is that we need to start paying attention because this is gonna bring down other pieces of infrastructure this is a real map this is not fake you can google this now it's called the digital attack map it's brought to you by all the people that are like working to defend against D doses across the world and this is live traffic from just a few days ago this is this year ok this is the global distributed denial of traffic traffic and as it's getting you know more and more and more the cost of executing such an attack is getting less in fact how many of you have working companies how many of you have competitors keep those hands up all right in order to knock out your competitors it'll cost you roughly about a hundred and fifty US dollars kill your competitor for a week sounds pretty good right and it's not a joke and you know when we open the newspapers today it's every day it's a new data breach so we saw that the entire government of Sweden was compromised this last summer the entire record of everyone who had a driver's license or an aviation license all of their data was breached they actually even mailed the database out and no a separate marketing action we saw Equifax I'm not even going to talk to you about that because I expect you to know that one the clue is that these data breaches aren't there like when you have a credit card number breach because when a credit card gets breached what do you do the credit card company you have them block the card you maybe get a new card and then you're fixed right right what happens when your base in your passport number your driver's license number when all of the infant every place you've ever lived you know when it comes to Equifax every kind of credit students you've ever had all of this information is compromised it's not about monitoring or changing one credit card this kind of data breach will follow you around for the rest of your life we need to wake up when we talked about the hack that I told you I did which I didn't Ricardo is working with me on this one I didn't hack you cuz it would be illegal for the caesar of kpn to hack a group in the Dula but if I were to hack you I could because it's actually based on a real attack and it's actually based on a real update that iPhone really issued that you really did not go and gather and I'm sure that you also didn't go and get the same update that's available for Android telephones so everything I did is for reals I just needed to not really hack you today but it's all possible there's another attack that's a operating over Bluetooth called Blu born it's both of these attacks are terrifying because they're operating at the most basic level of the protocol that's enabling the communication when this goes wrong everything gets affected and everything that's connected becomes more vulnerable and you can say you know what it's my phone it's fine but what happens when it's your pacemaker also not a joke this summer st. Jude Medical had issued an announcement that they had five hundred thousand pacemakers that were already in humans that were vulnerable and needed a software upgrade but it was a voluntary recall which means like I accidentally put it something incredibly vulnerable like a scalpel in your body but it's up to you if you want me to get that removed so when we have medical manufacturers not taking cybersecurity seriously we have by the way this is also true less than two weeks ago you saw Anna spate you saw plastic surgery clinics being hacked and what they do is they take all the data and they threatened to publish the information on the clients including members of the royal family if they don't get paid to a Bitcoin address so this is a very vulnerable spot of our civilization if we want to talk true vulnerability though what happens when we talk about vulnerable military equipment with a nuclear payload this is not a fake image this is an image of an f-16 flying above Rotterdam this is not a fake image what happens when we hack it when it turns into an unmanned aircraft and you can control it remotely but it has a missile payload then we're talking anew about a new way to think about cyber security then it's not just about me getting Ricardo's iphone the reason that I'm worried is because for the last maybe 15 years we've paid more attention to wargames our prioritization has been screwed up because we've been worried about how to get to our enemies by making them vulnerable instead of worrying about something called information assurance which is how do we protect ourselves how do we protect our critical infrastructure and because of this screwed up prioritization thing this is why we're in the problems we're in now and you know when you take a look at just how bad it is it's really bad this is a picture from the Snowden documents where it tells you that governments and the specifically intelligence agencies have cooperated with hardware vendor software manufacturers service providers to basically have ubiquitous surveillance capability across the chipset across the hardware across the telecommunications providers and these companies they have no choice if they don't work with the intelligence agencies they will lose their license to operate take a look at the legislation that's happening in our very country the referendums that are happening now how involved are you in this public debate and how much do you take it home with you do you actually give a damn a cybersecurity a part of your everyday life when it comes to how society is being ermand for us it is at kpn we realized that our innocence was lost when we saw the example of Belgium in Belgium that was hacked through a corporation of the NSA working together with the GCHQ they used an incredibly expensive piece of malware called Regin which used a very expensive thing called zero-days it actually used for zero days and a zero days is a vulnerability that even the vendor the manufacturer of the device or thing knows about for zero day so they don't know and these vulnerabilities out there in the wild attacking and this zero days are made by anyone who will pay for them so you have a group of digital mercenaries that will make you a zero-day if you pay them enough and what we see is that these kind of mercenaries this is the hacking team this is the equation group they will work for whoever but this one in particular worked for the NSA and they built the NSA a zero-day you may have heard of this zero day because it was called wanna cry and this zero day affected companies that cost them hundreds of millions of dollars and actually completely debilitated their infrastructure the example here is a PM terminals you know wrote the dome to have a yeah Marisa okay the difficulty thing here is is that we don't know who actually did it who actually released it who actually brought it out we have another group calling themselves the shadow brokers but there's no big screen that says ooh hacking detected like you see in the movies so it's a lot of legwork from forensic ators to try to figure out was that this guy was it you know this what he would call him again and Rocketman you know was it the Chinese or was it the Israelis it's probably all of them working together because when you look at the real story which supposedly happened follow me for a moment apparently this guy over here working at the NSA took his work home using a laptop that he shouldn't have out of work with no real good security software the russians hacked a group called Kaspersky that was providing him the antivirus but the Israelis were actually hacking the Russians who hacked the Americans you're still with me and they're somewhere in here probably the French are involved too although I'm not sure of that so you know it's a very complex world and this world is getting more complex by the fact that we should realize at some point in time that surveillance and these kinds of counter surveillance techniques are not just employed on big countries but on the backs of all of us so when you take a look at it there are actual like satellites that are launched this is the National Reconnaissance Office they actually they also do fashion wear so they issue a patch every time they launched a new reconnaissance satellite and with catchy phrases like nothing is beyond our reach and they spy on global telecommunications yours not just the you know bad guys or the Israelis or the Chinese or whatever your communication is currently at risk and they actually store it all - they have a gigantic data center in Utah where they keep all this communication and the goal the XPrize if you will of this community is to launch a quantum computer that cannot just get to that global communications traffic that's in the open but also that encrypted traffic that's meant to be closed and when they have that quantum computer they will use it to unlock everyone's secrets not that the communication that's happening now but everything that was ever stored as well so all of the things that you've ever sent Plus that you're ever going to send is at risk with a quantum computer so what does China do well they built a mm long kilometer network and they launched their own satellite to have a fully encrypted link so that even when there is a quantum computer that their data will be safe what's the Dutch quantum computing strategy what's yours when it comes to your company what I want to tell you is very simple we can actually solve this problem we can take control of our cybersecurity future even though we can't maybe determine what happened in our past so the potential here is huge because you can do updates you can choose which hardware and software you use you can like really determine how you upgrade you know how you do two-factor authentication you can do all of those things but fundamentally you can do one thing which will change the entire game you can push the envelope back you can give it back to the hardware and software vendors that should not just take up the responsibility but get the liability for delivering us safe and secure products it should be their responsibility there's a there's a loan to make sure that every hardware software a platform or service that you all use is enabled at default by design and all through its lifecycle until we're done with it the deal is I want us to enjoy our connected future I want you to be able to talk to each other and to you know turn on your home robot so that the cat pair can be vacuumed when you're not at home I want you to be able to do that but I want you to also do that without fear without worrying about is that thing spying on you or looking at your children playing or you know is it doing things that it was never meant to do so I need you to enjoy technology and safety and security and give it the place that it deserves which is part of your everyday life thank you [Applause] [Music] you

Info

Channel: TEDx Talks

Views: 65,447

Rating: undefined out of 5

Keywords: TEDxTalks, English, Global Issues, Cyber, Data, Fear, Hack, Security, Technology

Id: O_k9W14F76s

Channel Id: undefined

Length: 16min 10sec (970 seconds)

Published: Mon Nov 20 2017