March 28, 2025 • 32 mins
Helpful episodes to listen to firstQuestions we answer in this episode
What is a computer virus?
How does a computer virus spread?
How does patient (device) zero get infected?
What protection do we NOT have against these attacks?
Episode summaryWhat happens if a device in your home gets infected with a computer virus?
Just like a human virus, it wants to spread.
But how does that first device get infected?
There are plenty of ways, but one that is often underestimated is through Internet of Things (IoT) devices.
Smart TVs, Alexa, and other "smart" appliances are prime targets for hackers.
Ironically, some of the must vulnerable devices are the ones meant to protect you - like a home security system.
And what's worse, your router probably won't stop the malware from spreading once it's inside your network.
That's why need layered protection.
In this series, we'll walk through at four them (maybe more).
Call to actionMake a list of all devices in your home that connect to the internet.
Specifically look for devices besides phones and computers that might get overlooked.
Keep this list handy as you continue listening to the rest of this series of episodes.
LinksRing pays $5.8 million for privacy failures
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
What is a computer virus?
When you initially asked this question, I said, yikes, I know computer viruses are bad
and they can really mess things up, but that's my knowledge and extent about computer viruses.
So I'm kind of excited to get your definition of a computer virus.
(00:23):
How does a computer virus spread?
I'm not sure.
My guess was maybe as we open different apps and different programs,
or maybe it could be with downloads.
Those were my thoughts, you know, and I'll keep in mind to our listeners.
Remember, I'm not the tech savvy one.
I'm right there with you.
I'm going to learn this episode with you.
(00:45):
And this next phrase, holy cow, our master guardians thrown out phrases
lately in these last few episodes that we've had to learn a little bit about.
So if you're like me and you have no idea what this next phrase is about,
great, you're right there with me.
If you know it, you're a step ahead.
(01:07):
If not, we're going to get to it.
How does patient zero get infected?
I don't know what patient zero is, so you can make fun of me in the comments later.
We're going to get to that though.
What protection do we not, not have against these attacks?
(01:29):
My guess is the ability to stop them because they're happening.
So anyways, we've got some good questions lined up and ready to roll today.
Let's go.
Welcome back and thanks for tuning in.
I'm Nick and this is Super Simple Security Principles.
Listen each week and learn how to think, not what to think.
(01:51):
This is episode 56.
Home network attacks from within.
We talked about this in last week's episode, kind of segueing into this.
So I'm excited.
How to stop the attacks from within, man.
That's pretty legit.
(02:12):
Glad you think so.
Yeah, it's going to be fun.
Well, I mean, this episode seems super important to me, you know, because
for me personally, I feel like the first things you need to do is protect that inner circle,
protect the core.
(02:34):
And so, you know, this is what we're trying to do is address these attacks from within, right?
Yeah.
Awesome, awesome.
Well, let's dive in, man.
What do you got for us?
I really do want to know the definition of a computer virus and how you would explain that
(02:56):
because we obviously know that they could get sick, they could have their issues.
That's right.
Well, and yeah, so it's a little bit different.
So and what we're going to do today, Nick, is we're going to work through, unlike usual,
we're going to work through our questions one by one in order.
(03:20):
Before we do, though, before we hop into that first question, I do want to give just a quick
introduction, because we are going to introduce a metaphor that's going to help us understand.
It's kind of what I think of as a thin metaphor, because it's about viruses, right?
(03:40):
And we're most of us, I think, are used to hearing the word virus,
both in relation to humans and computers.
Yeah.
Right. So this is my one sentence description of what these local network attacks are.
They are like a virus spreading.
(04:00):
Okay.
So that's your even two, like, you know, a virus spreading three word over you, whatever, right?
Right.
And then we'll, you know, we'll break it down, but that's the high level.
So what is a computer virus?
So to dive into the metaphor a little bit, in the human world, we talk about viruses,
(04:22):
viral infections, bacterial infections, infectious diseases.
They have different characteristics, what they do, how they spread, how they're treated, etc.
Yeah.
We look at all of them together, we might call that diseases or sicknesses.
In the world of computers, we have something comparable, malware, right?
(04:45):
We've talked about that before.
Yeah.
Software that does bad stuff.
Right.
I love that definition.
Software that does bad stuff.
That's malware right there.
Boom.
Yeah.
And one thing is, just like with diseases in the human world,
it comes in a huge variety.
(05:05):
You know, what it does, how it spreads, and how to protect against it.
And we have a lot of words for it as well.
We've got, and I know, you know, you'll know at least some of these, ransomware.
Yeah.
Virus seems to be the biggest one that most people have heard of.
There's also worm, trojan, and yeah, right?
(05:29):
Like, you know, trojan horse kind of thing, and lots more.
But for our purposes, we're just going to really kind of simplify all of it
to just one word, just virus.
Okay.
And the characteristic that we want to focus on is that a virus, a computer virus,
(05:50):
is a kind of malware that wants to spread itself to as many devices as possible
and do as much damage, like it wants to spread.
Okay.
It wants to spread.
Yeah.
Now, that's not exactly terribly uncommon, you know, not every malware does,
but a lot of malware does, just because for obvious reasons.
(06:10):
Yeah.
But, so lots of malware has multiple, you know, categorizations.
It might be a worm, a virus, and a trojan, or whatever.
But anyway, worm is also the other really common word to describe this kind of malware
that likes to replicate itself and spread.
Yeah.
(06:31):
But anyway, virus is the word I think that most people heard,
and that's part of what that is.
So we're going to stick with virus today.
So that's our definition of what is a computer virus for our purposes of this episode,
is it's just malware that wants to spread.
Okay.
Malware that wants to spread.
I can handle that.
Okay.
(06:52):
Now, second question.
How does a computer virus spread?
I can't remember what your...
Oh yeah, no, I do remember your speculation.
And those are mostly right, except they are more of an answer to question three.
So we'll bring back your answers in for question three.
(07:12):
Okay, okay, yeah.
So the way they spread actually goes back to kind of the foundation
that we talked about at the start of this series.
And we've been talking about throughout,
is these phone calls that devices make to each other to communicate.
Yeah, yeah, yeah, yeah.
Yep.
Right?
Yep.
(07:32):
And very specifically, we talked in episode 52,
where we were talking about the attacks that originate from the internet
that are trying to target devices on your home network,
but they have to get through the router.
So mostly they're targeting your router, right?
Yep.
And in both cases, the remote internet attacks
(07:55):
and your local home network internal attacks,
the idea is essentially the same,
where the attacker is making a lot of calls,
as we're talking about them,
to a device to see if that device will answer any of those calls.
Okay.
So that's step one.
And if anybody's home, right?
(08:15):
Step one.
Yep.
And then if any of the calls are answered,
then it kind of looks for gaps in the defenses.
Because if it won't even communicate at all,
it can't do anything.
It's just cut off right then.
But as soon as there's a line of communication open,
then it can start,
okay, well, let's see if we can figure out a way
to worm our way past their defenses,
(08:37):
because they're actually listening.
Yeah.
And ideally, it wants to be able to install some of its malware
on that device that it's communicating with,
so it can stay there forever,
do bad stuff,
continue to spread,
that sort of thing.
(08:57):
Okay, that makes sense.
Okay.
So that's...
Okay, so then question three.
And this is,
how does patient zero get infected?
Or you could call it device zero.
So we'll step back though
and talk about what patient zero is.
Because this is actually not a computer term.
(09:19):
This is a human virus and condition.
And patient zero means the origin of the sickness,
the first person who got sick.
So like in your family, if somebody gets sick,
and then it spreads to everybody,
who gave it to me?
Who was patient zero?
I now know this, yes.
Patient zero.
(09:40):
Okay.
We don't usually talk about that,
because it's usually in the context of bigger mass events
or whatever, I assume.
I'm not remotely an expert in this topic.
But anyway, that's what patient zero is.
And so I kind of adopted that term for here.
Right.
And so what you talked about is
(10:03):
some of the ways that patient zero could get infected.
If we download something bad, right?
Yeah.
And we've talked about some of these in previous episodes.
Yep.
And there's a bunch.
And we've talked before,
we're going to talk actually,
I've identified at least four specific ones
(10:23):
that we're going to talk about a little bit more in this series.
As we talk about some of the protections related to them
and whatever.
But just to kind of focus in for today,
we're just going to talk about one.
And I chose it, not because it's necessarily like the worst way
(10:48):
or the most likely,
because that really depends on like the specifics of your home network.
But this way that patient zero or device zero gets infected
is it's one we haven't talked a lot about.
And it's growing in significance.
And there was a cool news story about it too.
So awesome.
(11:09):
I like current news stories.
Well, it's not as current as I'd like it to be.
But it's a couple years old,
but it's one that everybody will recognize
or at least a lot will recognize the brand of.
And so that's the one I chose anyway for this.
So the patient zero category is an internet of things devices.
(11:36):
Which is, we talked about this in a recent episode,
things like smart TVs, cameras, alarm systems, appliances,
all these other devices that talk to the, you know,
connect to the internet, right?
You know, but not your,
we're not talking about your phones and your laptops, right?
(11:57):
Right.
For example, my lights that I've got on right now are connected to the internet.
Yeah, yeah, exactly.
Yep.
That'd be an example of one of the devices we're talking about.
Yep.
So the news story is, it's from May 2023.
(12:19):
But have you heard of the Ring home security system?
Yeah, absolutely.
Absolutely.
Who hasn't?
I would say, right.
Well, that's what I was thinking, you know,
but sometimes sanity check, right?
Because there's doorbells all over the ring doorbells you see, right?
Right.
In fact, you know, normally when I think of Ring,
(12:41):
I think of it just as a doorbell.
But in fact, it's, I mean, if you go to the Ring website,
their sales...
It's way bigger than that.
Yeah, exactly.
Like it's a whole home security system.
Yep, yep.
So this is the irony of the situation.
So in May 2023,
(13:02):
they were ordered to pay out $5 million to affected customers.
$5 million to affected customers, huh?
Yeah.
So, and I'm going to read from the official announcement
from the government's FTC website of why, what they did wrong.
It says,
Rings poor privacy and lack security.
(13:24):
Let employees spy on customers through their cameras,
including those in their bedrooms or bathrooms
and made customers videos,
including videos of kids vulnerable to online attackers.
Hackers exploited those vulnerabilities and harassed,
insulted and propositioned children and teens
through their Ring cameras.
Some hackers even live streamed customer videos.
(13:47):
What?
Yeah.
They only had to pay out $5 million for that?
I know, it seems pretty, pretty...
That's messed up.
I agree, I agree.
That is messed up.
Now, I didn't look into all the details of exactly
how many people were affected or whatever,
(14:08):
but yeah, it's...
Well, and for me, the thing that makes it worse,
I mean, obviously the content, the kids,
and I mean, just the nature of it is bad.
But then from a security perspective,
it just makes me shake my head
because like they're a security company.
Right.
They don't know how to keep their own devices safe.
(14:29):
And it seems like they just let the hackers infiltrate their system.
Well, I'm sure they didn't want to.
There was no way this was any good for them,
but they didn't prioritize keeping their own devices safe sufficiently,
even though they were providing a security service.
(14:49):
Right.
And so...
That's terrible.
Yeah, well, and part of the thing,
the lesson to learn here is
just because a company is providing a security product
doesn't mean that they're great at security
and especially like keeping their own product secure.
(15:10):
You know, this is true not only with hardware,
but software,
because you have like antiviruses on your computer,
for example, an antivirus scanner.
Those are high value targets for hackers, right?
Right, right, absolutely.
Because lots of people have them
and they've, you know,
(15:30):
I don't have a story about that one specifically today,
but there have been plenty of examples of security software getting hacked
and piggybacked, you know, to get malware on there.
And so...
That's awful.
That's part of the reason why I'm less enthusiastic about security software
(15:54):
than I might otherwise be,
because it can paint a target unless they're super careful.
Unless they're really good at security,
then instead of adding a layer of protection,
you're adding basically a big bullseye.
So anyway, there you have it.
Yeah.
(16:16):
So...
Before I go on to the next, the last question,
I want to tell a little bit more about the IoT devices.
Now, IoT, that's the initial...
Internet of Things.
Internet of Things.
I know, I'm beating another acronym into you.
Right, yeah.
Gonna train us, you know?
(16:37):
Yep.
Because, well, and part of the reason is,
so I'm glad you called me on it though,
is you'll see this is the sort of thing,
like when you're reading news articles or whatever,
they'll throw in there and sometimes they'll explain it
and sometimes they won't.
And so sometimes you'll see just an IoT
and it's not complex.
It's just, you know, I got a smart,
I got a camera, I got a light, whatever.
(16:57):
It's nothing crazy or weird,
but they like, you know,
it just means a device that wants to connect to the internet.
But for whatever reason, they have this funny name.
So, but I want to talk about why they are great targets
for that initial infiltration.
(17:19):
Okay, yeah, let's hear why.
Because that was kind of my thought is,
like some of these devices seem so simple,
it doesn't seem like they provide a lot of access.
Yeah, well, and so the thing is,
that's one of the things that actually makes them,
(17:42):
you know, you described them as simple, right?
Right.
But there is kind of this mid-range.
They're not as simple as something
that doesn't have to connect to the internet.
Because in order to connect to the internet,
and for example, like with those lights,
I believe the primary reason they connect to the internet
is to get updates to their software.
(18:07):
But anytime a device is connected to the internet,
that ups the level of, you know, sophistication it has.
Okay.
And, you know, then cameras, for example, is a big one.
They have to, you know,
sometimes you want to be able to live stream it, right?
You want to be able to control it,
maybe give access to your neighbor
(18:27):
if it's a security one while you're gone.
Like all these things introduce complications.
Yeah.
And anyway, the short version is really that a lot of devices,
these internet of thing devices,
kind of have the perfect balance of enough processing power
(18:47):
that you can install malware on them.
Oh, geez.
But not powerful enough.
They're not like a full computer or even a phone
where they have all the same kinds of protections
that you might have on a more powerful device.
Right.
Does that make sense?
Yeah, that makes sense.
(19:09):
So it doesn't apply to all of them,
but that's one of the factors anyway that applies sometimes.
In fact, there was a corporate story,
and I didn't keep the notes of this,
but on one of the security podcasts I listened to,
they were talking about this,
where in a corporate environment,
a camera was very specifically the target
(19:29):
where it was running Linux,
just like Mac or Windows.
It's another variant,
but it was running a full Linux.
And so they were able to install malware on there
and then spread from,
I think it was a camera there as well.
So anyway, the other thing is,
(19:53):
IoT devices, the Internet of Thing devices,
are, as we saw with the Ring,
even if it's a security product,
rarely built with strong protections against hackers.
Right, right.
And in a lot of ways, it feels like, to me,
(20:14):
kind of the early days of routers.
Because we've talked a lot in the recent episodes
about how much the security of routers has improved, right?
Right, right.
But for the most part,
it's not because manufacturers are proactively like,
(20:34):
yes, let's up our security.
It's because of things like the Ring incident.
In the router world-
Where it falls to their hand, essentially.
Exactly.
They had fallout, and so they had to do it, right?
And it feels like we're kind of in that same learning curve
with these other devices.
(20:56):
Gotcha.
It makes sense.
Kind of how I characterize it.
I'm hoping we'll learn faster than with routers.
Right.
Yeah, that's still too very often the case.
We talked also about default passwords with your routers.
(21:17):
Well, some of that goes on in the Internet of Things devices world as well.
And it's just like, that is the worst idea ever.
We've got to get past default passwords.
Never, ever should we be doing that in any circumstance.
It's just such a bad idea.
(21:37):
Right, right.
Anyway, and then the final aspect, I think,
that makes these devices a good target is...
And I guess this is all of them, really.
But just like the manufacturers don't necessarily put a lot of time
and attention into building them to be safe,
(21:58):
consumers, when they buy them, they're not analyzing them.
I wonder how safe is this device?
They're normally counting on the manufacturer.
Well, if they provide me a security system or they provide this,
well, it's their job to make it safe.
And they're right.
It is their job to make it safe.
Right, right.
On the other hand, if you want to be sure,
(22:20):
the only job you can be sure you've done right
is one you do yourself kind of idea, right?
But how would they know, right?
You look at a device you bring home.
It's not like it's obvious.
I wouldn't, yeah.
Yeah, I mean, that's the difference.
With physical device, a hammer, you can kind of look at it and be like,
(22:42):
oh, you can gauge the dangers, right?
It's one of my favorite examples, right?
You got digital devices, like I have no idea.
And if you did know, what do you do about it, right?
So it's just...
Right, right.
It's tricky.
Yeah, you're nailing everything I'm worried about now.
I'm like, uh...
(23:04):
Yeah, yep.
So anyway, that's, yeah, I think that boils down.
That's all of it anyway, for that question.
So you ready for question four?
Yeah, let's hear it.
Okay, so what protection do we not have against these attacks?
(23:27):
And the not part is, you know, in this series,
we've talked a lot about the router.
Right.
And its role...
Block those incoming calls.
Yeah, exactly.
It's the guardian for our home network.
Yeah, yeah.
Unfortunately, most routers do nothing to protect your devices against
(23:48):
the attacks we're talking about today,
against a virus spreading within your network.
That sucks.
Because the attacks are already past the router, right?
They're kind of...
Made it through.
That call came in.
Somebody answered.
Right, well, or...
No, see, it could be like what you talked about,
is you downloaded something, installed malware.
(24:10):
Or these other ways where we got patient zero.
Okay, okay, yeah, yeah, yeah.
There are a number of those ways.
And yes, getting through past the router is absolutely one of them.
They might have gotten through.
And that is a way to get a patient zero.
But there's a bunch of ways.
Right, okay.
But then when we get to the spreading part,
(24:30):
one way or another, right?
All of these come after one layer of protection was already bypassed.
Okay, that makes sense.
That's what I was trying to allude to,
but I couldn't put my finger on it.
Yep, no, that was exactly right intuition.
Is something already failed?
If we're talking about a virus spreading,
(24:51):
because that means the virus is present.
And how did it get present?
Even though we have defenses?
And the answer to that, it depends.
There's a bunch of ways, right?
But at that point, anyway, the router,
we're past the router,
and it's not protecting against that.
Which means that we're going to need to have other layers of protection.
(25:12):
Okay.
Now, of course, we're not talking about that today,
as you might.
Right.
We want to give those the time and attention they deserve.
But I've got a lot of good stuff ready.
I've got at least four layers planned.
And yeah, and one more I'm still considering.
(25:33):
But and we'll do probably a full episode for each of those.
Okay, okay, there we go.
We're going to give you some great tips.
So if you're in my state of frame,
like, oh, crap, we're going to take care of you.
Yeah, well, and that, you know,
that's kind of the weirdness of these kind of episodes
where I do a series like today,
(25:54):
we really only have time to talk about the attacks.
I always like to give you, you know,
some protection if I can in the same episode.
But sometimes it's just, that's the balance.
Sometimes it's just going to have to listen next week
if you want some protection.
Right, well, and sometimes it's just being educated
on where you could be attacked,
(26:14):
understanding the threats, right?
Because, yeah, especially you talk about
the Internet of Things or the IOT.
Did I get that right?
Oh, yeah.
Yeah, we talk about these things.
And those sometimes don't ever cross your minds.
If this could be a weak point, this could be a vulnerability.
And so understanding where you're weak
(26:37):
or where you have vulnerabilities
is very important to be able to protect against those.
No, and actually, thank you for that reminder.
Because that's something I think about and talk,
you know, what I talk about in this context is,
right, really the biggest difference is just,
(26:58):
yeah, awareness is a critical, right?
That already provides you some protection, right?
You can't protect against something
that you don't really understand is a problem.
And so that's true.
Even when we don't talk about the specific layers
of protection, just the knowledge itself
is a layer of protection, essentially.
Yeah, so thank you.
(27:20):
Yeah, you're welcome.
Okay.
So does that mean we've reached that point in time?
Is it our call to action already?
Yeah.
Let's hear it.
What do we got, man?
So I want you to take an inventory
of the devices in your home that connect to the internet.
(27:42):
Yeah, this sounds like a good idea.
Yeah, and obviously the focus is not,
you know, I mean, your phones and computers,
you're going to remember those.
Those are ones you use and like,
well, you know, good to note those.
But specifically, we want to look for devices
that might be overlooked,
like your lights or other smaller things.
TVs, you know?
(28:03):
Like even my DVD player now connects to,
you know, and I'm like, I don't even ever use it.
You know?
And your car.
Yeah, my car.
Yeah, that's one I wouldn't have thought of.
Oh, and I didn't put that on the list
because I didn't really think about it
because I mean, it's not small, right?
(28:23):
Most of the time when I'm thinking
of internet of things, things,
I'm thinking of small things, right?
And obviously your car is big
and I don't know how you'd categorize it,
but there's definitely a risk there.
It's communicating with the internet
and there's all sorts of risks
related to that with your car.
So that's a whole other episode.
But anyway, keep that list around.
(28:45):
And then, you know, the ideas that,
at least for the, you know, this series,
probably ever, but definitely during this series,
have you reference it
and hopefully give you some ideas
so you can get at least,
you can get some layers of protection in place
for, that will help for each of those devices
(29:07):
is the idea.
Okay, all right, I can do that.
You know, as you were sitting there thinking,
I was like, oh man, I actually have some toys,
not me personally, but my son does.
He has multiple toys.
Like one's a robot toy,
one's another little remote control toy
to connect to the internet.
So my, oh wow, hadn't even thought about that.
(29:32):
Yeah, oh one, you know,
the little self-propelled vacuums.
Yeah, yeah, yeah.
You know, we've got one.
Balances around them, yep.
Yeah, and some of those, at least,
I don't know if yours does,
but some of them connect to the internet
and can be hacked.
(29:53):
So, okay.
All right, so there you have it.
Our call to action is figure out
what device is your internet of things, man.
Make that list.
Yep.
Yeah, okay.
Exactly.
Awesome, awesome.
Well, in next week's episode,
we're gonna learn,
(30:13):
this is what I loved about what you outlined.
In next week's episode,
we're gonna learn about the most fundamental
and universal protection for networks
and its firewalls.
And as a non-techie,
this sounds crazy important
because this is the most fundamental and universal.
(30:35):
So, our focus will be on teaching you
the protection firewalls can offer
that you may not be using right now.
So, please, please, please, please
tune in to next week's episode
because if this really is
our most fundamental protection is firewalls,
you'd better tune in for this one.
(30:56):
You'd better understand.
Don't miss out.
Like this is your chance to help somebody.
Invite somebody to listen to next week's episode
because here we go, folks.
Most fundamental, most universal.
I'm pumped.
I'm really pumped.
Cool.
(31:16):
Yeah, me too.
For sure.
Thanks for that pitch.
Yeah, you betcha, dude.
That was a good episode.
I liked it.
Little lengthy, man, for us.
Yep.
I like it.
Ready?
Yep.
Are you ready to take action
and wondering where to start?
Get my Bulletproof MyIdentity Starter Kit for free.
(31:40):
The seven most vital layers of protection everyone needs.
I'll send you one step at a time
and help you if you get stuck.
Just go to bulletproofmyid.com
and enter your name and email
and I will send you the first step.
Again, that's bulletproofmyid.com.
What is a computer virus?
When you initially asked this question, I said, yikes, I know computer viruses are bad
and they can really mess things up, but that's my knowledge and extent about computer viruses.
So I'm kind of excited to get your definition of a computer virus.
(00:23):
How does a computer virus spread?
I'm not sure.
My guess was maybe as we open different apps and different programs,
or maybe it could be with downloads.
Those were my thoughts, you know, and I'll keep in mind to our listeners.
Remember, I'm not the tech savvy one.
I'm right there with you.
I'm going to learn this episode with you.
(00:45):
And this next phrase, holy cow, our master guardians thrown out phrases
lately in these last few episodes that we've had to learn a little bit about.
So if you're like me and you have no idea what this next phrase is about,
great, you're right there with me.
If you know it, you're a step ahead.
(01:07):
If not, we're going to get to it.
How does patient zero get infected?
I don't know what patient zero is, so you can make fun of me in the comments later.
We're going to get to that though.
What protection do we not, not have against these attacks?
(01:29):
My guess is the ability to stop them because they're happening.
So anyways, we've got some good questions lined up and ready to roll today.
Let's go.
Welcome back and thanks for tuning in.
I'm Nick and this is Super Simple Security Principles.
Listen each week and learn how to think, not what to think.
(01:51):
This is episode 56.
Home network attacks from within.
We talked about this in last week's episode, kind of segueing into this.
So I'm excited.
How to stop the attacks from within, man.
That's pretty legit.
(02:12):
Glad you think so.
Yeah, it's going to be fun.
Well, I mean, this episode seems super important to me, you know, because
for me personally, I feel like the first things you need to do is protect that inner circle,
protect the core.
(02:34):
And so, you know, this is what we're trying to do is address these attacks from within, right?
Yeah.
Awesome, awesome.
Well, let's dive in, man.
What do you got for us?
I really do want to know the definition of a computer virus and how you would explain that
(02:56):
because we obviously know that they could get sick, they could have their issues.
That's right.
Well, and yeah, so it's a little bit different.
So and what we're going to do today, Nick, is we're going to work through, unlike usual,
we're going to work through our questions one by one in order.
(03:20):
Before we do, though, before we hop into that first question, I do want to give just a quick
introduction, because we are going to introduce a metaphor that's going to help us understand.
It's kind of what I think of as a thin metaphor, because it's about viruses, right?
(03:40):
And we're most of us, I think, are used to hearing the word virus,
both in relation to humans and computers.
Yeah.
Right. So this is my one sentence description of what these local network attacks are.
They are like a virus spreading.
(04:00):
Okay.
So that's your even two, like, you know, a virus spreading three word over you, whatever, right?
Right.
And then we'll, you know, we'll break it down, but that's the high level.
So what is a computer virus?
So to dive into the metaphor a little bit, in the human world, we talk about viruses,
(04:22):
viral infections, bacterial infections, infectious diseases.
They have different characteristics, what they do, how they spread, how they're treated, etc.
Yeah.
We look at all of them together, we might call that diseases or sicknesses.
In the world of computers, we have something comparable, malware, right?
(04:45):
We've talked about that before.
Yeah.
Software that does bad stuff.
Right.
I love that definition.
Software that does bad stuff.
That's malware right there.
Boom.
Yeah.
And one thing is, just like with diseases in the human world,
it comes in a huge variety.
(05:05):
You know, what it does, how it spreads, and how to protect against it.
And we have a lot of words for it as well.
We've got, and I know, you know, you'll know at least some of these, ransomware.
Yeah.
Virus seems to be the biggest one that most people have heard of.
There's also worm, trojan, and yeah, right?
(05:29):
Like, you know, trojan horse kind of thing, and lots more.
But for our purposes, we're just going to really kind of simplify all of it
to just one word, just virus.
Okay.
And the characteristic that we want to focus on is that a virus, a computer virus,
(05:50):
is a kind of malware that wants to spread itself to as many devices as possible
and do as much damage, like it wants to spread.
Okay.
It wants to spread.
Yeah.
Now, that's not exactly terribly uncommon, you know, not every malware does,
but a lot of malware does, just because for obvious reasons.
(06:10):
Yeah.
But, so lots of malware has multiple, you know, categorizations.
It might be a worm, a virus, and a trojan, or whatever.
But anyway, worm is also the other really common word to describe this kind of malware
that likes to replicate itself and spread.
Yeah.
(06:31):
But anyway, virus is the word I think that most people heard,
and that's part of what that is.
So we're going to stick with virus today.
So that's our definition of what is a computer virus for our purposes of this episode,
is it's just malware that wants to spread.
Okay.
Malware that wants to spread.
I can handle that.
Okay.
(06:52):
Now, second question.
How does a computer virus spread?
I can't remember what your...
Oh yeah, no, I do remember your speculation.
And those are mostly right, except they are more of an answer to question three.
So we'll bring back your answers in for question three.
(07:12):
Okay, okay, yeah.
So the way they spread actually goes back to kind of the foundation
that we talked about at the start of this series.
And we've been talking about throughout,
is these phone calls that devices make to each other to communicate.
Yeah, yeah, yeah, yeah.
Yep.
Right?
Yep.
(07:32):
And very specifically, we talked in episode 52,
where we were talking about the attacks that originate from the internet
that are trying to target devices on your home network,
but they have to get through the router.
So mostly they're targeting your router, right?
Yep.
And in both cases, the remote internet attacks
(07:55):
and your local home network internal attacks,
the idea is essentially the same,
where the attacker is making a lot of calls,
as we're talking about them,
to a device to see if that device will answer any of those calls.
Okay.
So that's step one.
And if anybody's home, right?
(08:15):
Step one.
Yep.
And then if any of the calls are answered,
then it kind of looks for gaps in the defenses.
Because if it won't even communicate at all,
it can't do anything.
It's just cut off right then.
But as soon as there's a line of communication open,
then it can start,
okay, well, let's see if we can figure out a way
to worm our way past their defenses,
(08:37):
because they're actually listening.
Yeah.
And ideally, it wants to be able to install some of its malware
on that device that it's communicating with,
so it can stay there forever,
do bad stuff,
continue to spread,
that sort of thing.
(08:57):
Okay, that makes sense.
Okay.
So that's...
Okay, so then question three.
And this is,
how does patient zero get infected?
Or you could call it device zero.
So we'll step back though
and talk about what patient zero is.
Because this is actually not a computer term.
(09:19):
This is a human virus and condition.
And patient zero means the origin of the sickness,
the first person who got sick.
So like in your family, if somebody gets sick,
and then it spreads to everybody,
who gave it to me?
Who was patient zero?
I now know this, yes.
Patient zero.
(09:40):
Okay.
We don't usually talk about that,
because it's usually in the context of bigger mass events
or whatever, I assume.
I'm not remotely an expert in this topic.
But anyway, that's what patient zero is.
And so I kind of adopted that term for here.
Right.
And so what you talked about is
(10:03):
some of the ways that patient zero could get infected.
If we download something bad, right?
Yeah.
And we've talked about some of these in previous episodes.
Yep.
And there's a bunch.
And we've talked before,
we're going to talk actually,
I've identified at least four specific ones
(10:23):
that we're going to talk about a little bit more in this series.
As we talk about some of the protections related to them
and whatever.
But just to kind of focus in for today,
we're just going to talk about one.
And I chose it, not because it's necessarily like the worst way
(10:48):
or the most likely,
because that really depends on like the specifics of your home network.
But this way that patient zero or device zero gets infected
is it's one we haven't talked a lot about.
And it's growing in significance.
And there was a cool news story about it too.
So awesome.
(11:09):
I like current news stories.
Well, it's not as current as I'd like it to be.
But it's a couple years old,
but it's one that everybody will recognize
or at least a lot will recognize the brand of.
And so that's the one I chose anyway for this.
So the patient zero category is an internet of things devices.
(11:36):
Which is, we talked about this in a recent episode,
things like smart TVs, cameras, alarm systems, appliances,
all these other devices that talk to the, you know,
connect to the internet, right?
You know, but not your,
we're not talking about your phones and your laptops, right?
(11:57):
Right.
For example, my lights that I've got on right now are connected to the internet.
Yeah, yeah, exactly.
Yep.
That'd be an example of one of the devices we're talking about.
Yep.
So the news story is, it's from May 2023.
(12:19):
But have you heard of the Ring home security system?
Yeah, absolutely.
Absolutely.
Who hasn't?
I would say, right.
Well, that's what I was thinking, you know,
but sometimes sanity check, right?
Because there's doorbells all over the ring doorbells you see, right?
Right.
In fact, you know, normally when I think of Ring,
(12:41):
I think of it just as a doorbell.
But in fact, it's, I mean, if you go to the Ring website,
their sales...
It's way bigger than that.
Yeah, exactly.
Like it's a whole home security system.
Yep, yep.
So this is the irony of the situation.
So in May 2023,
(13:02):
they were ordered to pay out $5 million to affected customers.
$5 million to affected customers, huh?
Yeah.
So, and I'm going to read from the official announcement
from the government's FTC website of why, what they did wrong.
It says,
Rings poor privacy and lack security.
(13:24):
Let employees spy on customers through their cameras,
including those in their bedrooms or bathrooms
and made customers videos,
including videos of kids vulnerable to online attackers.
Hackers exploited those vulnerabilities and harassed,
insulted and propositioned children and teens
through their Ring cameras.
Some hackers even live streamed customer videos.
(13:47):
What?
Yeah.
They only had to pay out $5 million for that?
I know, it seems pretty, pretty...
That's messed up.
I agree, I agree.
That is messed up.
Now, I didn't look into all the details of exactly
how many people were affected or whatever,
(14:08):
but yeah, it's...
Well, and for me, the thing that makes it worse,
I mean, obviously the content, the kids,
and I mean, just the nature of it is bad.
But then from a security perspective,
it just makes me shake my head
because like they're a security company.
Right.
They don't know how to keep their own devices safe.
(14:29):
And it seems like they just let the hackers infiltrate their system.
Well, I'm sure they didn't want to.
There was no way this was any good for them,
but they didn't prioritize keeping their own devices safe sufficiently,
even though they were providing a security service.
(14:49):
Right.
And so...
That's terrible.
Yeah, well, and part of the thing,
the lesson to learn here is
just because a company is providing a security product
doesn't mean that they're great at security
and especially like keeping their own product secure.
(15:10):
You know, this is true not only with hardware,
but software,
because you have like antiviruses on your computer,
for example, an antivirus scanner.
Those are high value targets for hackers, right?
Right, right, absolutely.
Because lots of people have them
and they've, you know,
(15:30):
I don't have a story about that one specifically today,
but there have been plenty of examples of security software getting hacked
and piggybacked, you know, to get malware on there.
And so...
That's awful.
That's part of the reason why I'm less enthusiastic about security software
(15:54):
than I might otherwise be,
because it can paint a target unless they're super careful.
Unless they're really good at security,
then instead of adding a layer of protection,
you're adding basically a big bullseye.
So anyway, there you have it.
Yeah.
(16:16):
So...
Before I go on to the next, the last question,
I want to tell a little bit more about the IoT devices.
Now, IoT, that's the initial...
Internet of Things.
Internet of Things.
I know, I'm beating another acronym into you.
Right, yeah.
Gonna train us, you know?
(16:37):
Yep.
Because, well, and part of the reason is,
so I'm glad you called me on it though,
is you'll see this is the sort of thing,
like when you're reading news articles or whatever,
they'll throw in there and sometimes they'll explain it
and sometimes they won't.
And so sometimes you'll see just an IoT
and it's not complex.
It's just, you know, I got a smart,
I got a camera, I got a light, whatever.
(16:57):
It's nothing crazy or weird,
but they like, you know,
it just means a device that wants to connect to the internet.
But for whatever reason, they have this funny name.
So, but I want to talk about why they are great targets
for that initial infiltration.
(17:19):
Okay, yeah, let's hear why.
Because that was kind of my thought is,
like some of these devices seem so simple,
it doesn't seem like they provide a lot of access.
Yeah, well, and so the thing is,
that's one of the things that actually makes them,
(17:42):
you know, you described them as simple, right?
Right.
But there is kind of this mid-range.
They're not as simple as something
that doesn't have to connect to the internet.
Because in order to connect to the internet,
and for example, like with those lights,
I believe the primary reason they connect to the internet
is to get updates to their software.
(18:07):
But anytime a device is connected to the internet,
that ups the level of, you know, sophistication it has.
Okay.
And, you know, then cameras, for example, is a big one.
They have to, you know,
sometimes you want to be able to live stream it, right?
You want to be able to control it,
maybe give access to your neighbor
(18:27):
if it's a security one while you're gone.
Like all these things introduce complications.
Yeah.
And anyway, the short version is really that a lot of devices,
these internet of thing devices,
kind of have the perfect balance of enough processing power
(18:47):
that you can install malware on them.
Oh, geez.
But not powerful enough.
They're not like a full computer or even a phone
where they have all the same kinds of protections
that you might have on a more powerful device.
Right.
Does that make sense?
Yeah, that makes sense.
(19:09):
So it doesn't apply to all of them,
but that's one of the factors anyway that applies sometimes.
In fact, there was a corporate story,
and I didn't keep the notes of this,
but on one of the security podcasts I listened to,
they were talking about this,
where in a corporate environment,
a camera was very specifically the target
(19:29):
where it was running Linux,
just like Mac or Windows.
It's another variant,
but it was running a full Linux.
And so they were able to install malware on there
and then spread from,
I think it was a camera there as well.
So anyway, the other thing is,
(19:53):
IoT devices, the Internet of Thing devices,
are, as we saw with the Ring,
even if it's a security product,
rarely built with strong protections against hackers.
Right, right.
And in a lot of ways, it feels like, to me,
(20:14):
kind of the early days of routers.
Because we've talked a lot in the recent episodes
about how much the security of routers has improved, right?
Right, right.
But for the most part,
it's not because manufacturers are proactively like,
(20:34):
yes, let's up our security.
It's because of things like the Ring incident.
In the router world-
Where it falls to their hand, essentially.
Exactly.
They had fallout, and so they had to do it, right?
And it feels like we're kind of in that same learning curve
with these other devices.
(20:56):
Gotcha.
It makes sense.
Kind of how I characterize it.
I'm hoping we'll learn faster than with routers.
Right.
Yeah, that's still too very often the case.
We talked also about default passwords with your routers.
(21:17):
Well, some of that goes on in the Internet of Things devices world as well.
And it's just like, that is the worst idea ever.
We've got to get past default passwords.
Never, ever should we be doing that in any circumstance.
It's just such a bad idea.
(21:37):
Right, right.
Anyway, and then the final aspect, I think,
that makes these devices a good target is...
And I guess this is all of them, really.
But just like the manufacturers don't necessarily put a lot of time
and attention into building them to be safe,
(21:58):
consumers, when they buy them, they're not analyzing them.
I wonder how safe is this device?
They're normally counting on the manufacturer.
Well, if they provide me a security system or they provide this,
well, it's their job to make it safe.
And they're right.
It is their job to make it safe.
Right, right.
On the other hand, if you want to be sure,
(22:20):
the only job you can be sure you've done right
is one you do yourself kind of idea, right?
But how would they know, right?
You look at a device you bring home.
It's not like it's obvious.
I wouldn't, yeah.
Yeah, I mean, that's the difference.
With physical device, a hammer, you can kind of look at it and be like,
(22:42):
oh, you can gauge the dangers, right?
It's one of my favorite examples, right?
You got digital devices, like I have no idea.
And if you did know, what do you do about it, right?
So it's just...
Right, right.
It's tricky.
Yeah, you're nailing everything I'm worried about now.
I'm like, uh...
(23:04):
Yeah, yep.
So anyway, that's, yeah, I think that boils down.
That's all of it anyway, for that question.
So you ready for question four?
Yeah, let's hear it.
Okay, so what protection do we not have against these attacks?
(23:27):
And the not part is, you know, in this series,
we've talked a lot about the router.
Right.
And its role...
Block those incoming calls.
Yeah, exactly.
It's the guardian for our home network.
Yeah, yeah.
Unfortunately, most routers do nothing to protect your devices against
(23:48):
the attacks we're talking about today,
against a virus spreading within your network.
That sucks.
Because the attacks are already past the router, right?
They're kind of...
Made it through.
That call came in.
Somebody answered.
Right, well, or...
No, see, it could be like what you talked about,
is you downloaded something, installed malware.
(24:10):
Or these other ways where we got patient zero.
Okay, okay, yeah, yeah, yeah.
There are a number of those ways.
And yes, getting through past the router is absolutely one of them.
They might have gotten through.
And that is a way to get a patient zero.
But there's a bunch of ways.
Right, okay.
But then when we get to the spreading part,
(24:30):
one way or another, right?
All of these come after one layer of protection was already bypassed.
Okay, that makes sense.
That's what I was trying to allude to,
but I couldn't put my finger on it.
Yep, no, that was exactly right intuition.
Is something already failed?
If we're talking about a virus spreading,
(24:51):
because that means the virus is present.
And how did it get present?
Even though we have defenses?
And the answer to that, it depends.
There's a bunch of ways, right?
But at that point, anyway, the router,
we're past the router,
and it's not protecting against that.
Which means that we're going to need to have other layers of protection.
(25:12):
Okay.
Now, of course, we're not talking about that today,
as you might.
Right.
We want to give those the time and attention they deserve.
But I've got a lot of good stuff ready.
I've got at least four layers planned.
And yeah, and one more I'm still considering.
(25:33):
But and we'll do probably a full episode for each of those.
Okay, okay, there we go.
We're going to give you some great tips.
So if you're in my state of frame,
like, oh, crap, we're going to take care of you.
Yeah, well, and that, you know,
that's kind of the weirdness of these kind of episodes
where I do a series like today,
(25:54):
we really only have time to talk about the attacks.
I always like to give you, you know,
some protection if I can in the same episode.
But sometimes it's just, that's the balance.
Sometimes it's just going to have to listen next week
if you want some protection.
Right, well, and sometimes it's just being educated
on where you could be attacked,
(26:14):
understanding the threats, right?
Because, yeah, especially you talk about
the Internet of Things or the IOT.
Did I get that right?
Oh, yeah.
Yeah, we talk about these things.
And those sometimes don't ever cross your minds.
If this could be a weak point, this could be a vulnerability.
And so understanding where you're weak
(26:37):
or where you have vulnerabilities
is very important to be able to protect against those.
No, and actually, thank you for that reminder.
Because that's something I think about and talk,
you know, what I talk about in this context is,
right, really the biggest difference is just,
(26:58):
yeah, awareness is a critical, right?
That already provides you some protection, right?
You can't protect against something
that you don't really understand is a problem.
And so that's true.
Even when we don't talk about the specific layers
of protection, just the knowledge itself
is a layer of protection, essentially.
Yeah, so thank you.
(27:20):
Yeah, you're welcome.
Okay.
So does that mean we've reached that point in time?
Is it our call to action already?
Yeah.
Let's hear it.
What do we got, man?
So I want you to take an inventory
of the devices in your home that connect to the internet.
(27:42):
Yeah, this sounds like a good idea.
Yeah, and obviously the focus is not,
you know, I mean, your phones and computers,
you're going to remember those.
Those are ones you use and like,
well, you know, good to note those.
But specifically, we want to look for devices
that might be overlooked,
like your lights or other smaller things.
TVs, you know?
(28:03):
Like even my DVD player now connects to,
you know, and I'm like, I don't even ever use it.
You know?
And your car.
Yeah, my car.
Yeah, that's one I wouldn't have thought of.
Oh, and I didn't put that on the list
because I didn't really think about it
because I mean, it's not small, right?
(28:23):
Most of the time when I'm thinking
of internet of things, things,
I'm thinking of small things, right?
And obviously your car is big
and I don't know how you'd categorize it,
but there's definitely a risk there.
It's communicating with the internet
and there's all sorts of risks
related to that with your car.
So that's a whole other episode.
But anyway, keep that list around.
(28:45):
And then, you know, the ideas that,
at least for the, you know, this series,
probably ever, but definitely during this series,
have you reference it
and hopefully give you some ideas
so you can get at least,
you can get some layers of protection in place
for, that will help for each of those devices
(29:07):
is the idea.
Okay, all right, I can do that.
You know, as you were sitting there thinking,
I was like, oh man, I actually have some toys,
not me personally, but my son does.
He has multiple toys.
Like one's a robot toy,
one's another little remote control toy
to connect to the internet.
So my, oh wow, hadn't even thought about that.
(29:32):
Yeah, oh one, you know,
the little self-propelled vacuums.
Yeah, yeah, yeah.
You know, we've got one.
Balances around them, yep.
Yeah, and some of those, at least,
I don't know if yours does,
but some of them connect to the internet
and can be hacked.
(29:53):
So, okay.
All right, so there you have it.
Our call to action is figure out
what device is your internet of things, man.
Make that list.
Yep.
Yeah, okay.
Exactly.
Awesome, awesome.
Well, in next week's episode,
we're gonna learn,
(30:13):
this is what I loved about what you outlined.
In next week's episode,
we're gonna learn about the most fundamental
and universal protection for networks
and its firewalls.
And as a non-techie,
this sounds crazy important
because this is the most fundamental and universal.
(30:35):
So, our focus will be on teaching you
the protection firewalls can offer
that you may not be using right now.
So, please, please, please, please
tune in to next week's episode
because if this really is
our most fundamental protection is firewalls,
you'd better tune in for this one.
(30:56):
You'd better understand.
Don't miss out.
Like this is your chance to help somebody.
Invite somebody to listen to next week's episode
because here we go, folks.
Most fundamental, most universal.
I'm pumped.
I'm really pumped.
Cool.
(31:16):
Yeah, me too.
For sure.
Thanks for that pitch.
Yeah, you betcha, dude.
That was a good episode.
I liked it.
Little lengthy, man, for us.
Yep.
I like it.
Ready?
Yep.
Are you ready to take action
and wondering where to start?
Get my Bulletproof MyIdentity Starter Kit for free.
(31:40):
The seven most vital layers of protection everyone needs.
I'll send you one step at a time
and help you if you get stuck.
Just go to bulletproofmyid.com
and enter your name and email
and I will send you the first step.
Again, that's bulletproofmyid.com.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com