Showing the Swedish Royal Family how to hack
Last week I demonstrated how to hack an Android to Sweden’s King, Queen and Crown Princess.
This was during a cyber security seminar at KTH for a selected audience of 80 people - comprised of royals, politicians, members of the military and heads of industry. During the event there were talks and panel discussions on the current state of Sweden’s cyber defence, as well as what the future may bring. Looming in the background, of course, is the brown bear in the room. Russia’s invasion of Ukraine has brought up fierce debate in Sweden over whether to join NATO, and whilst conflict in the Baltic may look ever slightly more likely now, an increase in cyber attacks originating from Russia is looking inevitable. Many of the speakers mentioned cases such as the Coop attack of 2021 which caused a majority of stores of one of Sweden’s largest supermarkets to completely shutdown. The origin of the attack was a Russian ransomware gang called REvil. Whilst the Russian government claims to not harbour cyber criminals and in fact has said has “dismantled” REvil, many groups like REvil don’t target Russian organisations. The broader question to ask is in the current political climate will Russian police hunt down cyber criminals residing in Russian purely to assist western investigations? I think we know the answer to that. Sweden may be particularly vulnerable to cyber attacks as it is one of, if not, the most digitalised societies in the world. By being effectively cashless and with a transition to tech and service industries in recent years there are many more vectors for attacks. On stage Micael Byden, the Swedish military’s Supreme Commander, stated that Sweden was well aware of these threats and had been working on improving its cyber defence. During his talk he even gave a shout out to a so-called “cyber soldier” graduate sitting right next to me in the audience as an example of the strides being made. I later spoke to the nameless cyber soldier (who was dressed very much like a real soldier) who told me around 30 people graduated from the program in his year. Most of them didn’t carry on to work for the military.
My part in this event was representing KTH’s Cyber Security Lab where I work part-time whilst doing my Master’s in Computer Science. Our department decided to demonstrate a few hacks, one of which being the ES File Explorer vulnerability. The ES File Explorer app was an Android app that brought rich file exploring features to Android devices and was hugely popular in the late 2010s, reaching over 500 million users. The vulnerability in the app is that as part of its local networking features it exposes a port on the user’s phone which essentially allows an external actor full access to the user’s file system. If you had the app open and were connected to a Wi-Fi network, anyone else on the network could have complete read and write access to your device in a matter of seconds. I walked through this with the Royals and alongside my fellow NSE employee Viktor we demonstrated how this hack worked. I took a selfie with the King and Princess and then we showed how that selfie can be stolen. As the Princess herself said, I should probably not give up the hacking to be a photographer.