{"id":15614,"date":"2019-06-25T20:45:53","date_gmt":"2019-06-26T04:45:53","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9363\/"},"modified":"2019-06-25T20:45:53","modified_gmt":"2019-06-26T04:45:53","slug":"news-9363","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9363\/","title":{"rendered":"Movie Tech Review: Child\u2019s Play 2019"},"content":{"rendered":"<p><strong>Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Fri, 21 Jun 2019 18:03:06 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"169\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-300x169.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"BETRAYED: A Trend Micro Child&#039;s Play Tech Review\" style=\"float: left; margin-right: 5px;\" link_thumbnail=\"\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-300x169.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-768x432.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-1024x576.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-640x360.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-900x506.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-440x248.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-380x214.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>A while back, Rik &amp; Kasia Ferguson shared <a href=\"https:\/\/www.facebook.com\/TrendMicro\/videos\/247630939223990\/\">their thoughts on the movie<\/a>, \u201cUnfriended: The Dark Web.\u201d The dark web and technology in general plays a pivotal role in the movie&#8217;s plot, so the team decided it would be interesting to have a real-world expert review.<\/p>\n<p>Everyone had a lot of fun, and thus Trend Micro movie reviews were born. I was \u201cfortunate\u201d enough to get the next call. The downside? The movie is, \u201c<a href=\"https:\/\/www.youtube.com\/watch?v=PeHNLikDiVw\">Child\u2019s Play<\/a>\u201d and I don&#8217;t do horror movies well.<\/p>\n<p>Opening night, I powered through, watched the movie and was&#8230;pleasantly surprised?<\/p>\n<p><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/y_5lKaxocX0?feature=oembed\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<h2>The Movie<\/h2>\n<p>Was there too much gore and violence? Absolutely. However, the movie was a lot better than I expected, with an eerie performance by <a href=\"https:\/\/www.imdb.com\/name\/nm0000434\/\">Mark Hamill<\/a> as the voice of Chucky. <a href=\"https:\/\/www.imdb.com\/name\/nm2201555\/?ref_=nv_sr_1?ref_=nv_sr_1\">Aubrey Plaza<\/a>, as Karen, played her role well, which added the only real-relatable character of any depth beyond Chucky.<\/p>\n<p>How does this movie rate in the horror genre? No idea. What I do know is that I enjoyed it more than I expected\u2014which was, an admittedly low bar\u2014and found myself entertained for the duration.<\/p>\n<p><em><strong>[ Spoilers ahead : scroll down if you\u2019re ok with that ]<\/strong><\/em><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2935.png\" alt=\"\u2935\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/2b07.png\" alt=\"\u2b07\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><\/p>\n<h2>Bad Training Data<\/h2>\n<p>Unlike the original entries in the series, this edition brings Chucky into the 21st century. Chucky is no longer a demonically possessed doll, but a blank slate in the form of a nascent AI in a robotic toy doll.<\/p>\n<p>As with any AI or machine learning model, the AI starts off neutral. It requires training data in order to generate results. In Chucky\u2019s case, he is a unique example of the \u201c<a href=\"https:\/\/bestbuddi.com\">Buddi<\/a>\u201d product.<\/p>\n<p>In a classic insider supply chain attack, a QA employee is fired by an overly abusive boss, but before he\u2019s removed from the property, the employee is ordered to finish one last Buddi doll: Chucky.<\/p>\n<p>This employee modifies Chucky\u2019s code to remove any boundary checking for his core behaviours. This creates a truly unbounded, clean slate for the AI that is set out into the world.<\/p>\n<p>Skipping ahead, Chucky is trained on a biased data set. This bias is the naive world view of a group of kids and their run-down neighbourhood. Chucky is exposed to crude humour, horror movies and heated emotional commentary&#8230;all without the context to process it.<\/p>\n<p>This tunes the AI to generate the psychotic behaviour that fuels the rest of the movie.<\/p>\n<h2>IoT Insecurity<\/h2>\n<p>One of the features of this 21st century Buddi doll is the ability to control your smart home. Think of the doll like a walking Alexa or Google Home. Of course, there\u2019s zero authentication or information security controls in place.<\/p>\n<p>Once he\u2019s synced with the latest update from the cloud, Chucky can simply wave his tiny finger and control the devices around him.<\/p>\n<p>This leads to a number of issues around privacy (in this case, used to increase the suspense and move the plot forward) that mirror cases we\u2019ve seen in the real world.<\/p>\n<p>3rd party <a href=\"https:\/\/documents.trendmicro.com\/assets\/pdf\/The-Sound-of-a-Targeted-Attack.pdf\">access to smart speakers<\/a> to terrorize unsuspecting victims, remote <a href=\"https:\/\/theintercept.com\/2019\/01\/10\/amazon-ring-security-camera\/\">viewing of private video streams<\/a>, and <a href=\"https:\/\/www.cbc.ca\/news\/technology\/smart-home-hack-marketplace-1.4837963\">manipulation of key devices, like thermostats<\/a>, have all happened <strong>already <\/strong>in the real world, but not by rogue AIs.<\/p>\n<p>&#8230;yet.<\/p>\n<h2>Lateral Movement<\/h2>\n<p>In the movie\u2019s climax, Chucky really lets loose. He comes into his digital powers and starts to wreak havoc. Our heroes and supporting cast struggle to respond to this maniacal behaviour. The interesting point is that Chucky has developed enough as a character by this point to understand that it\u2019s not maniacal behaviour from his perspective. To him, it\u2019s perfectly reasonable. This underscores the fact that AI is only as good as it\u2019s training data and won\u2019t highlight bad results from a bad model.<\/p>\n<p>While striving to reach his goal, Chucky\u2014a trusted endpoint in the corporation\u2019s services network\u2014reaches out to all of the compatible devices within his local area.<\/p>\n<p>This type of lateral movement is extremely common in today\u2019s cyberattacks.<\/p>\n<p>The movie presents the issue in an overly dramatic fashion (it is a movie after all), but the point stands up. Most technologies, IoT specifically, are generally designed with two types of endpoints: trusted and untrusted.<\/p>\n<p>Security and privacy controls are then designed to prevent untrusted endpoints from accessing trusted endpoints. Trusted endpoints have little to no verification applied when communicating with each.<\/p>\n<p>In \u201cChild\u2019s Play\u201d, this results in disastrous consequences. In the real world, too.<\/p>\n<p>The movie is a stark\u2014and bloody\u2014reminder that networks and systems need visibility across all endpoints and layers and layers of security and privacy controls.<\/p>\n<h2>Takeaways<\/h2>\n<p>The way the movie leverages poor AI training, a lack of IoT security, and lateral movement techniques is intriguing, but what really caught my attention is the larger trend within the horror and suspense genre.<\/p>\n<p>Films are moving away from fantasy and otherworldly villains to digital ones. That\u2019s a reflection of how big a role technology plays in our lives, as well as the general lack of deep understanding of how it works.<\/p>\n<p>For me\u2014and the security community\u2014that\u2019s a big challenge: helping people understand cybersecurity and privacy in context.<\/p>\n<p>If you\u2019re looking for a fun suspense film with a technology slant, I would\u2014shockingly\u2014 recommend watching this movie. As long as you have realistic exceptions and remember that breaking most current IoT security is&#8230;child\u2019s play.<\/p>\n<p>[ <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/1f923.png\" alt=\"\ud83e\udd23\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/>Sorry, couldn\u2019t resist ]<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.trendmicro.com\/movie-tech-review-childs-play-2019\/\">Movie Tech Review: Child&#8217;s Play 2019<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.trendmicro.com\"><\/a>.<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/movie-tech-review-childs-play-2019\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Fri, 21 Jun 2019 18:03:06 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"169\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-300x169.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"BETRAYED: A Trend Micro Child&#039;s Play Tech Review\" style=\"float: left; margin-right: 5px;\" link_thumbnail=\"\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-300x169.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-768x432.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-1024x576.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-640x360.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-900x506.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-440x248.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2019\/06\/trend-micro-childs-play-2019-tech-review-thumbnail-380x214.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>A while back, Rik &#38; Kasia Ferguson shared their thoughts on the movie, \u201cUnfriended: The Dark Web.\u201d The dark web and technology in general plays a pivotal role in the movie&#8217;s plot, so the team decided it would be interesting to have a real-world expert review. Everyone had a lot of fun, and thus Trend&#8230;<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.trendmicro.com\/movie-tech-review-childs-play-2019\/\">Movie Tech Review: Child&#8217;s Play 2019<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.trendmicro.com\"><\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10422,4500,14971,10495,5897],"class_list":["post-15614","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-current-news","tag-cybersecurity","tag-edr","tag-iot","tag-privacy"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15614"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15614\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15614"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}