Saved transcript

Teenage Hackers Have Cyber Weapons as Powerful as Nation States | VICE: Cyberwar | Blueprint

Channel: Blueprint

Video title: Teenage Hackers Have Cyber Weapons as Powerful as Nation States | VICE: Cyberwar | Blueprint
Channel: Blueprint
Lines: 645
Tool page: Open live transcript tool

0:00

A tsunami of insecure devices floods

0:02

[music] the internet.

0:03

>> Venture capital is just injecting

0:06

massive amounts of money into the IoT

0:08

craze.

0:09

>> Teenage hackers take down the web's

0:10

biggest sites. They have access to the

0:12

same tools as nation states.

0:15

>> With millions of new smart devices

0:16

[music] coming online daily,

0:18

>> we're very nervous about the impact this

0:19

has on the internet as a whole.

0:22

>> The threat to all of us is now real.

0:24

>> It can't be unfixable and immortal.

0:48

From wireless printers to smart baby

0:50

monitors to Bluetooth enabled coffee

0:52

makers, 5 million [music] new devices

0:54

are hooked up to the net every single

0:56

day. controlled by your smartphone or

0:58

computer. These products make up the

1:00

internet of things or IoT and with them

1:03

comes the promise of unbridled

1:04

convenience. What people don't realize

1:07

is 80% of them have weak to no security.

1:10

In essence, super hackable. So, I don't

1:13

really trust the internet [music] of

1:14

things because of the risks it poses to

1:16

me personally, but also something like a

1:17

stove could be hacked by hacker and burn

1:20

down your house or it could be used to

1:21

get into your [music] network cuz has

1:22

bad security or it could be part of some

1:24

sort of zombie botnet that takes out one

1:27

of [music] your favorite websites. So,

1:29

the question is, are we setting

1:31

ourselves up for the internet

1:32

apocalypse? I can describe how messed up

1:34

the internet of things is, but the IoT

1:36

threat was really made tangible during

1:38

the second season premiere of the USA

1:40

[music] network drama Mr. robot. A woman

1:43

comes home to find all her smart devices

1:45

taken over by hackers. Lots of people

1:48

think this is sensational, [music] but

1:49

it's not. With the explosion of IoT, the

1:52

threat of your own tech being turned

1:53

[music] against you is no longer science

1:54

fiction. Is the added convenience really

1:57

worth the risks? To find out, I'm in the

1:59

Bay Area to meet Ben Actis, a legit

2:02

engineer who gets paid to hack IoT

2:03

devices for companies.

2:05

>> So, we could do we could do a couple

2:06

ways. We have a screwdriver here. We

2:08

could pop this or if you want to just go

2:10

completely Hannibal Lectar, we could.

2:14

>> This is getting a weird

2:16

>> Yeah, this is getting pretty weird

2:17

pretty quick.

2:17

>> Poor bastard is getting the cut job.

2:19

>> Yeah.

2:20

>> Tada.

2:21

>> Well done.

2:23

>> So, the idea of this little IoT cloud

2:25

pet is children will talk to it, sing to

2:29

it. The problem with cloud pets was all

2:31

these recordings that was sent up to

2:33

their web API completely public anyone

2:36

could grab which is bad.

2:38

>> That's a creepy thing.

2:39

>> It's super creepy. Creepy thing,

2:40

>> right? Yeah. It It's sketchy.

2:42

>> Doesn't it kind of remind you of some

2:43

weird like Soviet Cold War era.

2:46

>> Oh, the spy on the little

2:47

>> It's like a very much a spy thing.

2:49

You're like, you know what's inside your

2:50

teddy bear?

2:50

>> Yeah, that. But that's what we're moving

2:52

to, right? Well, all these devices that

2:54

I mean, look at this teddy bear is a

2:55

regular teddy bear before cloud pets,

2:57

right? So someone was like, "Oh, I have

2:59

a brilliant idea. We'll make put a mic

3:00

in it. We'll make a mobile app." And

3:02

they just shoved it in the bear's

3:04

bottom.

3:04

>> And would you say there's a big

3:06

difference between, you know, what they

3:09

put inside a teddy bear and what they

3:10

put inside a stove top or

3:12

>> No, there's not a big difference. And

3:13

that's the terrifying thing. If someone

3:15

can reverse engineer how your stove

3:17

works, right? Yeah.

3:18

>> And wants to disable fail safes, right?

3:21

Or provide false data, that's a big

3:24

issue. Actis and I went to a furniture

3:27

store to see some of the IoT devices

3:28

currently on the market.

3:31

>> So, obviously we're in a furniture

3:32

store. Mhm.

3:33

>> I mean, how many different types of

3:34

devices you're seeing have smart

3:36

capabilities?

3:37

>> Tons. Uh, okay. There's dishwashers in

3:39

here. There's IoT, stove tops, ovens.

3:42

>> I mean, what's to stop a bunch of kids?

3:45

It's almost like the 2017 version of

3:48

egging a house.

3:49

>> Yeah.

3:49

>> From like just screwing with somebody's

3:51

stove from across the street. That's

3:53

completely valid. And also the I think

3:55

the scariest thing is there's no way of

3:57

checking integrity or someone has messed

3:59

with it. So even if you can clean a a

4:02

phone or a PC, right? How am I going to

4:06

scan if my oven's firmware's integrity

4:08

is okay? So far, the most visible damage

4:11

caused by the internet of things has

4:12

come from botn nets. Put simply, an IoT

4:15

botnet is a cabal of hacked devices, all

4:18

infected with the same malware and

4:19

controlled in unison by a single hacker.

4:23

With a botnet, an asalent can program

4:25

those hacked devices [music] to launch a

4:26

distributed denial of service or DDoS

4:29

attack that floods their victim with so

4:31

much junk internet traffic, it forces

4:33

them offline. A massive international

4:36

cyber attack that took down some of the

4:38

biggest websites on the internet. The

4:40

sites were out for several hours this

4:42

morning in the eastern part of the

4:44

United States. By the afternoon, it had

4:46

spread to Europe. [music]

4:47

And among the websites were Twitter,

4:49

Amazon, Netflix, and Reddit.

4:52

This attack from September of 2016 was

4:54

unleashed by hundreds of thousands of

4:56

Internet of Things devices hijacked to

4:58

form the biggest botnet ever assembled.

5:00

The botnet named Mariah demonstrated the

5:03

risks of IoT. But it wasn't the first

5:05

time Mariah had surfaced. A month

5:08

earlier, the same IoT botnet had been

5:09

used in a DOS attack on tech reporter

5:11

Brian Krebs as retribution for his

5:14

exposing the identity of a pair of

5:15

Israeli cyber criminals.

5:18

So, the botnet [music] that attacked

5:19

you, what was in the zombie computer

5:22

army that was directed your way?

5:25

>> Uh, I think it was about 250,000 devices

5:28

uh in the bot that that hit my site. The

5:31

vast majority of those were digital

5:33

video recorders, DVRs, and security

5:35

cameras.

5:36

>> So, just stuff taken over on the

5:38

internet.

5:38

>> Exactly. The threat from poorly designed

5:41

Internet of Things is probably the

5:44

biggest cyber security threat we have

5:46

facing us. Most of these devices are

5:49

running Linux versions that were 10, 15

5:51

[music] years old.

5:51

>> In an article from January of 2017,

5:54

Krebs lays out how Marai, the largest

5:56

botnet of all time, was not the weapon

5:58

of some powerful nation state, but was

6:00

likely being controlled by a couple of

6:01

teenage hackers in New Jersey.

6:04

People ask me, you know, what what what

6:06

do you think of the chances that

6:07

somebody's going to take out the lights,

6:08

you know, take out the power grid or

6:10

something in a cyber war? And I always

6:12

say, first time we see that happen, it's

6:14

not going to be a nation state. It's

6:16

going to be some bored idiot savant kid

6:20

in his parents' basement who gets access

6:23

to some place he's not supposed to have

6:25

access to and says, "Wonder what happens

6:27

if I push this button?"

6:28

>> Boom.

6:29

>> They have access to the same tools as

6:32

nation states today. and they have fewer

6:34

reasons not to use them. The individuals

6:36

involved in this type of activity were

6:38

raised by the internet,

6:40

which explains a lot. These guys are

6:42

starting to do criminal activity when

6:44

they're 12, 13, and 14 years old. These

6:47

kids get drawn into these online

6:49

communities. They get involved in

6:51

identity theft. They get involved in

6:52

credit card theft. And left to their own

6:55

devices, I believe [music] these forums

6:59

generally turn people into sociopaths.

7:01

The Maride botnet literally took out

7:03

Twitter for a time, but these teenagers

7:05

didn't build it just to take out

7:06

Netflix. So why did they create such a

7:09

powerful cyber weapon? For that answer,

7:11

I have to [music] enter the dank

7:13

subculture of the online video game

7:15

Minecraft.

7:21

I'm in the Bay Area looking into the

7:23

threat [music] posed by the millions of

7:24

vulnerable IoT devices coming online

7:26

daily. The dangers of the internet of

7:29

things first made international

7:30

headlines when the Marai botnet took

7:32

down a bunch of the web's biggest sites.

7:34

Launched by a couple of underage

7:36

hackers, the attack proved teenagers in

7:38

New Jersey can wield cyber [music]

7:39

weapons as powerful as nation states.

7:42

Funny enough though, that weapon wasn't

7:43

made to take out websites. It was

7:45

initially made to force gamers offline.

7:48

>> So, let me get this straight. The thing

7:51

that took out parts of the internet,

7:54

>> Yeah. This massive DOS attack

7:57

>> was essentially incubated to attack

7:59

Minecraft servers.

8:00

>> Yeah, that's basically its main purpose.

8:03

>> This is Robert Quell. [music] At the

8:04

mature age of 12, he and his friends

8:06

built a Minecraft server, allowing them

8:08

to play the popular video game together

8:09

online.

8:11

What started as a hobby became a

8:13

business, and soon strangers [music]

8:15

were paying to play Minecraft on

8:16

Robert's network. Then they started

8:18

getting dodosed by an early version of

8:20

the Marai botnet. So you had these bad

8:23

Minecraft servers which would attack

8:24

other ones and gain a competitive edge

8:25

in the market. Right.

8:27

>> So the ones basically that would be

8:28

making lots of money. They'd shut down

8:30

other ones that they were competing

8:32

against so that all those players would

8:33

then go over to the other server.

8:34

>> That's basically how it works. Exactly.

8:35

>> The hackers directed the Marai botnet to

8:37

knock Robert's server offline.

8:40

Frustrated clients [music] who couldn't

8:41

access the game would leave Robert's

8:42

server and sign on with the Marai

8:44

makers. But Robert wasn't cool with

8:46

that. So we started a new company that

8:48

provided Minecraft servers protection

8:50

against these attacks.

8:52

>> So you came [music] up with a DOS

8:54

mitigation platform yourself,

8:56

>> right? So basically,

8:57

>> how old were you into this?

8:58

>> I was like 14 years old.

9:01

>> Yeah.

9:02

>> You were 14 years old when you started

9:03

doing this.

9:03

>> Yeah, definitely. We we had we needed to

9:05

do it. Like

9:06

>> I was editing houses when I was 14

9:08

making DOS mitigation.

9:10

>> Yeah.

9:11

>> And are you still doing this business?

9:13

>> Yeah, we still we still uh sell it as a

9:14

service today. like um

9:16

>> and you're raking in thousands.

9:18

>> Yeah, it it's very lucrative. [laughter]

9:20

>> And how old are you now?

9:21

>> I'm 19.

9:22

>> So the people going after you the same

9:24

age as you. So it's kind of this

9:25

adversarial

9:27

>> dark versus light kind of weird.

9:29

>> Yeah, Minecraft's making a lot of really

9:31

skilled programmers.

9:34

>> So the internet of things is making us

9:36

vulnerable to teenage hackers using botn

9:38

nets. But are IoT botnets something

9:40

governments would ever use? Like a lot

9:42

of things in life, I turn to Google for

9:43

the answer.

9:45

And to learn how big a threat DOS really

9:47

is, I'm meeting Damen Menure, Google's

9:50

expert [music] on DOS defense.

9:54

Now, coming from you and the perspective

9:56

of Google, what are the major concerns

9:58

surrounding DOSS attacks and botn nets

10:02

and IoT?

10:03

>> From Google's perspective, we're large

10:04

enough that we think we can probably

10:06

absorb everything, but we're very

10:08

nervous about the impact this has on the

10:11

internet as a whole. Um, you know, we

10:13

want people to be able to trust that the

10:15

internet is always there, that it's

10:16

accessible. We want small sites to be

10:19

able to exist. Um, thus attacks are

10:22

largely used as a method of extortion.

10:25

It's it's a financial difficulty for a

10:27

small site to survive. And so, we're a

10:30

little bit concerned about the risk of

10:32

DOSS attacks disrupting the free flow of

10:34

information on the internet.

10:36

>> I mean, I've heard that DOSS attacks, a

10:38

really great one, could quote unquote

10:40

take out the internet. It's somewhat

10:42

unlikely that a DOSS attack will

10:44

intentionally take out the internet.

10:46

That said, there can be accidents that

10:48

take out portions of the internet.

10:50

>> Have you ever seen any evidence of

10:52

nation states using DOSS attacks?

10:54

>> There was a case in uh this is probably

10:58

2012 where there was an attack called

11:01

robot that used compromised servers and

11:04

it was largely used to attack US banks.

11:06

So, financial institutions in the US. uh

11:09

this was later attributed by the US

11:11

government to the country of Iran and

11:14

probably other countries will realize

11:16

that this is an an opportunity for them

11:18

and do the same.

11:19

>> What's the big fear for you going

11:21

forward?

11:22

>> IoT is sort of changing the game because

11:24

now you have even more devices but

11:27

they're not managed at all and this is

11:30

affecting security on the internet. You

11:31

know recently there was a case of an

11:33

internet connected dishwasher. I was

11:35

trying to figure out why would you need

11:36

your dishwasher to be connected to the

11:38

internet? like what what benefit do you

11:39

get from that and this had some

11:42

vulnerability? Well, the user isn't

11:44

going to realize that that even has an

11:46

internet connection or you know this

11:48

need to be patched and so it's never

11:50

going to be updated.

11:52

I agree with Damian. Do we really need

11:54

Wi-Fi enabled dishwashers? Even so, the

11:57

internet of things is exploding and it's

11:58

not going [music] away. And if the only

12:00

thing we really need to worry about is

12:02

botnetss and DOS attacks, it's

12:04

manageable. But it's not. In fact, I

12:07

found other IoT threats that are far

12:09

more insidious and way more personal.

12:15

This is San Francisco, where I'm looking

12:17

for answers on the threats posed by the

12:19

Internet of Things. So far, the

12:21

high-profile victims of IoT are major

12:23

websites like Netflix and Twitter, taken

12:26

offline by an IoT botnet in a DOS

12:28

attack. But the truth is, you don't need

12:30

to be a multi-billion dollar Silicon

12:32

Valley Goliath to fear the rise of IoT.

12:34

The issue with the whole IoT world and

12:37

what's freaky and scary is that there's

12:40

the great unknown out there.

12:42

>> Morgan Marque is a cyber security

12:44

legend, plain and simple. He's also an

12:46

expert in how acronym agencies around

12:48

the world use cyber weapons.

12:50

>> Do you think IoT has made all of us more

12:54

susceptible to nation state offensive

12:58

actions?

13:00

>> More vulnerable to anybody, right? I

13:02

mean, you're maybe more vulnerable to

13:03

angry kids running Minecraft servers. Is

13:06

the internet of things making us less

13:07

secure? I mean, the answer is almost

13:09

definitely. But I guess a further

13:11

question is, do we care? You're probably

13:14

not thinking about security when you're

13:16

like, I want that bomb smart TV. You

13:17

just want to watch the game with your

13:18

friends while you eat hot wings. We all

13:20

need to start thinking about security

13:22

because if you're going to have a smart

13:23

lock on your front door, the reality is

13:25

it's more than possible to hack and then

13:27

physically enter your house [music] or

13:29

to use those same IoT locks as a virtual

13:31

gateway into your network, then move to

13:33

your mobile phone or computer or tablet

13:35

[music] and gain access to your entire

13:37

life. One of the things that personally

13:38

worries me, right, is that it has become

13:40

cheap enough to produce tiny computers

13:43

to control all manner of devices from

13:47

Barbie dolls to televisions to watches

13:50

to fitness monitors to light bulbs. Um,

13:53

teddy bears.

13:54

>> Teddy bears, right? I want as few

13:58

remotely controllable listening devices

14:00

around me in my house as possible. So if

14:03

everything from like a teddy bear to my

14:06

fridge is being produced in a way that

14:08

is insecure, I mean whose responsibility

14:11

is it?

14:12

>> Who is at fault here? Or who should

14:14

carry the liability? And that's a loaded

14:16

word, right? Because liability suggests

14:19

law and money um

14:21

>> payouts

14:22

>> and payouts, right? And and you know the

14:25

technology industry isn't that into the

14:27

idea of software liability because you

14:28

know we'll stifle innovation. It it it

14:30

looks as though we might possibly be

14:32

moving towards an era where we need

14:34

someone to be culpable, you know, if if

14:36

the insecurity of devices causes

14:38

widespread problems. But it's really

14:40

important that we fix the obvious

14:42

problems in these technologies before

14:44

they're widely deployed because by the

14:47

time I need that heart monitor, I'm

14:49

like, I I would like it to be incredibly

14:52

difficult to mess with.

14:54

>> Morgan's not the only one who would like

14:55

to see better security for the internet

14:57

of things. It's already a huge issue for

14:59

US corporations, losing hundreds of

15:01

millions every year to IoT breaches.

15:04

Justin Fear used to work with US

15:05

intelligence [music]

15:06

extensively. Nowadays, he's a director

15:08

for Dark Trace, a security firm on the

15:11

front lines of IoT security. So, first

15:13

thing I ask a customer how many devices

15:15

they expect to see on their network. Um,

15:17

and on 100% of the time, they

15:20

underestimated by almost 15 to 20%. And

15:23

of those underestimated devices, it's

15:26

typically IoT devices. all of the TVs in

15:28

the conference rooms, the uh

15:30

thermostats, the vending machines, etc.

15:32

So, for instance, we have a client here

15:34

uh had a fingerprint scanner, and what

15:37

happened was that scanner all of a

15:39

sudden became internet exposed. We then

15:41

started to see unusual activity between

15:43

the scanner and the database server that

15:45

keeps all the fingerprints.

15:46

>> What kind of target was this?

15:48

>> I I can't say what industry they were

15:50

in. Uh but it was a highly secure

15:52

facility. And when it comes to IoT, you

15:54

have anything that can be exploited and

15:57

owned.

15:58

>> I mean, if there's a a camera in

16:00

something, can you own the camera and

16:01

then

16:02

>> Absolutely. Yeah. We actually in one of

16:03

our clients found um one of their video

16:06

conferencing systems. They turned the

16:08

microphone on and recorded uh the calls

16:10

for about 2 weeks. Um and this was

16:14

actually in the board of directors

16:15

conference room. So, probably the most

16:17

sensitive discussions within the

16:18

company. I mean, how many more devices

16:20

are just popped up on networks, period?

16:23

>> Hundreds of thousands of millions. I

16:24

mean, if you look at the current climate

16:26

right now, venture capital is just

16:28

injecting massive amounts of money into

16:30

the IoT craze. I'd say every connected

16:33

device on your network is a potential

16:36

doorway into your company and your

16:38

network. I think if you wanted to

16:40

foreshadow and look into the future,

16:42

we'll look at ransomware. It's been

16:44

wildly successful. I kind of think that

16:46

the two are going to converge. I think

16:47

we're going to move from the virtual

16:49

world to the physical world and that's

16:50

kind of scary and eventually somebody's

16:52

going to find a way to lock you out of

16:53

your house until you pay a ransom.

16:55

>> I think part of the problem in terms of

16:57

making people understand just how

16:59

insecure all these devices are is that

17:01

they think that these wild examples

17:03

aren't possible,

17:05

>> right?

17:05

>> Um,

17:06

>> but they totally are.

17:07

>> I would say anything you've seen on TV

17:09

is actually possible. Having your

17:11

company's secrets stolen or board

17:12

meetings spied on is the antithesis of

17:14

convenience promised by the internet of

17:16

things. Are there any fixes to these

17:19

problems? You might think I'm headed to

17:20

more tech wizzes in California for the

17:22

[music] solutions, but instead I found

17:25

some of the answers in the pastures of

17:26

Rhode Island.

17:31

Like it or not, the internet of things

17:33

is making us all more connected. [music]

17:35

And that also means that with the added

17:37

convenience of IoT comes serious risks.

17:40

What do you think should be done with

17:41

all these devices lying around that

17:43

[music] the fix is device manufacturers

17:45

need to ensure that their devices have

17:48

at least basic security and also a way

17:50

to automatically patch themselves

17:52

[music] so that if a security flaw is

17:54

detected in the future that they can fix

17:55

that flaw.

17:56

>> We have a tremendous amount of of

17:58

hardware makers that are just pushing

18:00

out hardware and letting somebody else

18:02

design the software. They tend to have

18:06

very very poorly written software

18:08

[music] powering the devices.

18:10

>> Brian Krebs and Damen Venture see the

18:12

solution lying with the manufacturers.

18:15

But Justin Fear of Dark Trace believes

18:16

the answer is with machine learning and

18:18

artificial intelligence [music] using

18:20

algorithms to monitor the flow of data

18:22

on your network.

18:23

>> So unfortunately what we've been doing

18:24

for the last 5 years is just not going

18:26

to work anymore. Uh which is really why

18:28

I think companies need to start adopting

18:30

new technology. So the only answer to

18:32

all this is really machine learning, AI.

18:35

>> Yeah. I I mean I I hate saying it

18:36

because you know it's it's a buzz word

18:38

that's being thrown around quite a bit

18:39

but there is a lot of power there and

18:41

that's why technology like machine

18:43

learning is just absolutely required in

18:46

order to detect these [music] sort of

18:48

things.

18:49

>> Justin fear isn't the only one who

18:50

thinks our future is in the hands of the

18:52

machines. Dan Gear is possibly the

18:54

world's most respected voice in cyber

18:56

security. Period. The Central

18:58

Intelligence Agency tapped [music] him

18:59

to be the head of information security

19:01

for their tech firm, and he IDed the

19:03

threat posed by the Internet of Things

19:05

over a decade ago. I met with him at his

19:07

horse farm in Rhode Island, a setting as

19:09

disconnected from the world of smart

19:11

devices as you can pretty much imagine.

19:13

>> Having algorithms to protect you from

19:15

algorithms is the future, I suspect. I'd

19:18

rather have an analog circuit breaker

19:19

than a

19:22

digital one. In the year 2000, there was

19:25

a big to-do about whether when the clock

19:27

struck

19:28

>> Y2K,

19:29

>> Y2K. When the clock struck midnight,

19:31

would the elevator stop running or the

19:33

planes fall out of the sky or whatever.

19:35

I remember quite vividly the head of the

19:37

water department in New York said, "We

19:38

don't have a problem. We still have

19:40

valves and we know where they are." Can

19:42

imagine if it was a bad thing, somebody

19:43

would be out climbing into a hole with a

19:47

big ass wrench and cranking a a valve

19:49

opener shut. Um, the ability to do that

19:54

is, I think, a

19:57

a prudent requirement for

20:01

going over to a dependence on the

20:04

internet of things. We certainly will

20:06

see it, I think, that uh on a day-to-day

20:09

basis, it will make life much better.

20:12

Um, if it ever comes completely apart,

20:14

it'll make life much worse. Do you think

20:17

it's the internet of too many damn

20:18

things at this point?

20:20

>> Not yet. It's going to be. If you want

20:22

me to pick something that I view as

20:24

somewhat scariest, the vehicle-tovehicle

20:26

communication for the autodriving cars

20:29

that would allow them to stack up

20:30

thicker on the highway. And as such, you

20:32

get a free, if you want to call it that,

20:34

free expansion of roadway capacity.

20:38

Think about it. It's just irresistible.

20:39

Yet at the same time, that all works

20:41

until the day it doesn't.

20:43

>> Nothing comes for free. So, what is all

20:45

this convenience costing us? I asked Dan

20:48

what we're giving up as our world

20:49

becomes more interconnected and complex.

20:52

>> You remember the thing about complexity

20:54

is that because risk is is proportional

20:57

to dependence,

20:59

you're only at risk of things you depend

21:00

on. Thing about complexity is it hides

21:04

dependencies. If you put a device on a

21:07

network, I think you have to make a

21:09

choice. And I only think there are two

21:11

alternatives. One is it has to have a

21:13

remote management interface so that can

21:16

be modified, [music] turned off,

21:18

upgraded, something that's one option.

21:21

Can be reached, you know where it is.

21:24

You can fix it. Or if it can't be

21:27

reached or it can't be fixed, it can't

21:29

live forever. It has to have a finite

21:31

lifetime.

21:33

>> So what you're saying is the IoT devices

21:35

that are being built today, you think

21:37

that they should be built in order to

21:39

die at some point?

21:42

It can't be unfixable [music]

21:45

and immortal.

21:47

The two of those together are [music]

21:49

anathema.

21:51

In our quest for convenience, we've

21:52

created an insecure future with teenage

21:55

hackers just as dangerous as powerful

21:57

nation states. Dan gear is right. We

21:59

need to rethink how these IoT devices

22:01

are being built. But without pressure,

22:04

manufacturers will never be motivated to

22:06

care about security. The pressure can

22:08

come from consumers or it can come from

22:10

government. Either way, one thing's for

22:12

sure. Until something changes, [music]

22:14

the risks to all of us are only going to

22:16

get worse.

22:29

[music]