Oct 212015
 

So there's this new TV series called "CSI: Cyber" (well technically it's new to me and the UK) which is all about an FBI cybercrime unit. 

As it hapens cyber security (if you insist on calling it that) is something I know a bit about. And so this new TV series has two ways of amusing me – the normal entertainment that TV offers, and of course the chance at falling about laughing at the mistakes.

Is it entertaining in the first sense? It's an American cop show with a bit of added "tech", so to some extent it stands out of the American cop show crowd (or perhaps flood). So yes, it's mildly entertaining; nothing worth staying in for, but it will kill an hour that you're too tired to do anything more productive with.

In the second sense I mentioned – yes it's got that in spades.

The most obvious flaw is that everything happens too quickly. Analysing a malicious printer firmware as you plug in the USB disk that contains it? Not going to happen. Finding a zero-day exploit in a collection of IoT devices within an hour? Not going to happen. Hacking a municipal transport network whilst being driven around at furious speed? Well that could happen if you had already done it (they hadn't), but it isn't something you would really try.

Causing a printer to burst into flames with a malicious firmware? I believe the possibility was jokingly mentioned a few years ago when printer firmware became a target for attack amongst the white hat community, but it was also mentioned that it was pretty unlikely as things like thermal cut-out units are isolated and hardwired – you can't turn them off.

Or a malicious exploit causing a laptop battery to burn up; I'm not saying that's impossible, but again battery pack microcontrollers are usually isolated from the computer they power. 

Labelling "zero-day exploits" as something that effects personal devices? Just plain daft, although the rest of the definition was Okay.

Is this a problem? Well, sensible people will realise that this is all just entertainment and will not take it seriously. Indeed it may increase the realisation that criminals with IT skills (and governments) can cause nasty things to happen; even if this show highlights the wrong kind of nasty things. 

Of course the knuckle-dragging neanderthals (with apologies to the real Neanderthals) who watch this show and pay attention (so perhaps there isn't much danger after all) will assume that everything this show demonstrates is for real. And starts panicing anytime someone whips out a copy of metasploit

I imagine I'll be saying: "It's just entertainment" many times over the years.