The summary of ‘#148 – F-Secure Sense "Secure" router teardown and Whoops!’

This summary of the video was created by an AI. It might contain some inaccuracies.

00:00:0000:24:56

The video primarily focuses on the unboxing, physical setup, and detailed internal examination of an F-Secure security appliance, which the presenter compares to a standard router. Key points include the device's significant weight and stylish design, reminiscent of Apple products, but with heavy packaging and questionable functionality of some components, such as non-Cat6 network cables. The presenter disassembles the device, noting its high-quality construction, including features like Wi-Fi antennas, a PCB with differential pairs, heat sinks, a TM1680 chip for displays, and Realtek chips managing Wi-Fi operations. They highlight security vulnerabilities uncovered through a USB 3 test point and UART port that allows root access without a password, posing significant risks. The device's potential as an OpenWRT or VPN router is considered, especially given its technical specs and pre-installed software packages. The narrative concludes with the presenter expressing concerns over the lax security measures despite the device's advanced hardware and evaluating further uses for it.

00:00:00

In this part of the video, the presenter explores an unusually heavy security device, speculated to weigh around 1.5 kilograms. They make a comparison with a standard router, which weighs much less at 443 grams. The heavy device is identified as an F-Secure appliance, part of a short-lived trend where security providers like F-Secure, Symantec, and others produced hardware solutions for end users. The unboxing reveals an overly thick, patronizing card, a quick start guide, and information about the device being a combination of a router, security app, and cloud protection service designed to safeguard multiple connected devices at home. They also briefly check for any interesting or essential information in the included documentation.

00:03:00

In this part of the video, the speaker discusses setting up a router that uses both 2.4 and 5 GHz frequencies and notes disappointment in the extensive, multilingual packaging which doesn’t include an open-source statement. They highlight the substantial weight of the packaging and proceed to unbox the contents, which include a power supply with European and British adapters, and a 12V 2A AC adapter. The router itself is wrapped in cellophane, prompting concerns about accessing it due to the excessive packaging. A set of flat network cables is deemed subpar and not conforming to Cat6 standards. The speaker describes the router’s physical attributes, mentioning its stylish, Apple-esque design, and expresses concern about potentially damaging it during setup. The router features a WAN input, three LAN outputs, a USB port, and a 12V port, though the network capabilities of the LAN outputs are uncertain. The speaker questions the necessity of a bright, flickering display and contemplates connecting it to the network to test its functionality.

00:06:00

In this part of the video, the presenter contemplates examining and disassembling a networking device to understand its functionalities and possibly explore alternative firmware options. They note that others have covered the device’s basic usage, so they decide to take it apart instead. The presenter starts disassembling the device, commenting on its aesthetic design versus its functional practicality. They mention the presence of several Wi-Fi antennas, a display panel, and their attempts to carefully deconstruct the device using a screwdriver. Despite the seemingly intricate design, they discover that certain thought was given to specific design elements, such as thinned-down plastic areas.

00:09:00

In this part of the video, the presenter examines an item with a glossy finish and explains that the inside appears to be sprayed, except where the display area is left unsprayed. They decide to disassemble further but express uncertainty about the next steps. The item has been underappreciated and was supplied to sellers to test its marketability. The presenter then notices screws at the base and regrets not starting there initially. They consider the unusual noise and suspect a large metal piece at the bottom, reminiscent of older designs using metal for stability. Upon removing the base, they confirm the presence of metal, weighed at 120 grams. They slide out the contents, revealing the sprayed translucent plastic, and highlight the area not sprayed inside.

00:12:00

In this part of the video, the host examines a piece of electronic equipment, observing its construction and detailing its components. They note the presence of a black PCB, differential pairs, and significant heat sinking, indicating high-quality manufacturing. The TM1680 chip is identified as controlling the displays, which are LED modules without standard filters. The host discusses the potential for interesting uses of a component marked UM01 and highlights the effort put into the device’s heat sinking, unusual for consumer routers. They proceed to remove Wi-Fi antennas, noting their uniformity despite being designed for dual bands, and express curiosity about their universal design and effectiveness across multiple bands.

00:15:00

In this segment of the video, the presenter examines a circuit board, pointing out various components and their potential functions. Key points include the presence of Wi-Fi output chips, heat sinks with high-quality design, and Realtek chips handling Wi-Fi operations. The board also features multiple labeled test points, flash RAM, and high-speed differential pairs likely for PCI Express and USB. Additionally, the presenter highlights the LED section with specific voltage and control points, suggesting a deliberate design for the LED connectors.

00:18:00

In this part of the video, the presenter discusses findings upon examining a USB 3 test point and a labeled UART port on a security appliance. They connect to the UART port and discover that, after booting up, it allows access without a password, giving root console access. This is highly concerning for a security appliance meant for high-end home users or small to medium enterprises, as it exposes everything openly. The presenter also notes that accessing this hardware was straightforward since the serial connector was accessible from the top and the device had no significant seals preventing easy opening.

00:21:00

In this part of the video, the presenter demonstrates how easily they can access and manipulate a device, highlighting the significant security risks associated with physical access or a supply chain attack. They express disappointment that a reputable company like F-Secure has such vulnerabilities. While the device has decent technical specifications (two cores and reasonable memory), the lack of robust security measures (no effective password protection) is concerning for a home security appliance. The presenter notes the device’s potential as an OpenWRT box or VPN router, despite it running an older version of OpenWRT. The segment concludes with the presenter stating their intention to explore further possibilities for using the device.

00:24:00

In this part of the video, the speaker reviews the contents installed with opkg, noting the presence of various software like a mosquito server, sambra access, and functioning USB ports. The speaker expresses surprise at some of the software choices but affirms having full access and control over the system.

Scroll to Top