December 5, 2018 By Jasmine Henry 3 min read

“Die Hard” is likely the greatest Christmas movie of all time — especially when viewed from an endpoint management perspective. Perhaps you prefer the classic “It’s a Wonderful Life” or, more controversially, “A Christmas Prince.” But it’s hard to argue with the fact that the 1988 heist movie starring Bruce Willis delivers some real thrills.

“Die Hard” has everything: a high-stakes hostage situation, four sequels and loads of snappy dialogue. Nothing inspires holiday cheer like full-screen explosions and a barefoot underdog hanging by his fingertips in an elevator shaft. And if you know what to look for, the films are also packed with Internet of Things (IoT) vulnerabilities, social engineering and user governance failures.

“Die Hard” was almost certainly created with the primary purpose of delivering pure VHS entertainment. However, it unintentionally explores some IT questions that are still relevant 30 years later, such as how to implement strong endpoint security — or how not to. A December marathon of all five “Die Hard” films makes for surprisingly valuable endpoint management research for contemporary cybersecurity professionals.

What Can ‘Die Hard’ Teach Us About Endpoint Management?

As the Nakatomi Corporation staff is celebrating on Dec. 24, the building security guard is shot by a team of terrorists. Within minutes, the sole hacker on the team, Theo, has used the security guard’s computer to commandeer rudimentary smart systems — elevators, doors and surveillance — to nearly steal $640 million in bearer bonds.

“Die Hard” wasn’t written for an audience of cybersecurity professionals 30 years in the future, and few details are given about the hacking methods used. Theo is portrayed as a one-dimensional character: an agreeable genius who can solve any puzzle in seconds, from escalating credentials to drilling vaults. When asked if he can do the impossible, he beams affirmatively at the lead terrorist Hans:

“You didn’t bring me along for my charming personality.”

Sure, it was the 1980s, but Nakatomi Corporation’s endpoint sins set the whole film in motion. If the security guard’s computer had been protected with stronger user authentication and the building’s smart systems were segregated, perhaps even hacking genius Theo couldn’t have launched a $640 million heist with a few clicks.

Fast-Forward to Today’s IoT Risks

In the 1990 sequel, “Die Harder,” a team led by a former special forces colonel William Stewart remotely hacks into the air traffic control system of Washington D.C.’s Dulles Airport. Stewart’s team turns off all airport lights and cuts in-flight communications. The fourth installment, 2007’s “Live Free or Die Hard,” features a financially motivated cyberattack on FBI financial databases. The same nefarious hackers later crack the communication systems of an F-35B Lightning II fighter jets and use social engineering tactics to impersonate a flight controller.

These plot twists are brought to you by the same IoT risks we face today in an increasingly smart and interconnected world. In late July, IBM X-Force presented research on four common smart city devices that revealed 17 security vulnerabilities, including nine critical flaws. The same week, researcher Ruben Santamarta shared vulnerabilities in the IoT global satellite communication system (SATCOM) that could potentially disable in-flight communications for commercial aircraft.

Unlike in 1990, IoT technology adoption is on the rise, and attacks are growing. According to a Ponemon Institute report titled “The Internet of Things (IoT): A New Era of Third-Party Risk,” 21 percent of organizations reported data breaches related to unsecured IoT devices this year, and cyberattacks involving IoT devices increased by 5 percent between 2017 and 2018.

The IoT security failures in the “Die Hard” franchise are, first and foremost, narrative tools. Had the company known how to implement stronger endpoint security, audiences wouldn’t be able enjoy hours of explosions and near-misses. Still, it is worth wondering why those IoT threats are more relevant today than the hairstyles sported by the franchise’s cast members.

There Are No Endpoint Management Miracles

“For many of us, Christmas films are as much a part of the psychological and emotional preparation for the season as mince pies and mulled wine,” wrote Natalie Haynes of the BBC. She argued that the formula that defines a great Christmas film is more complex than films designed to evoke heartwarming feelings.

One theme that unites many movies we return to each December is the idea of miracles — and the triumph of NYPD cop John McClane over many terrorists on Christmas Eve in Nakatomi Plaza is nothing short of miraculous.

While viewing the “Die Hard” franchise through an endpoint security lens is a strictly optional exercise, there’s value in considering how such an incredible movie could have ended in the first 30 minutes if the building had taken the time to implement stronger endpoint security. As it turns out, these decades-old exploits resemble vulnerabilities that persist in the enterprise today.

Trust-based authentication or biometrics, behavioral analytics, and embedded security for IoT devices could have allowed Bruce Willis’s heroic character to enjoy Christmas with his family instead of fighting evil in bare feet. But then we would’ve missed out on so many ageless one-liners.

“Now I have a machine gun, ho-ho-ho.”

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today