As far back as I can remember, I loved exploring how things work. This intrigue led me, as a young teen, to disassemble appliances that were earmarked for disposal. I just wanted to see what the inside looked like. Back then, I hadn’t a clue what most of the components I was looking at were or the purpose they played in the grand architecture. I loved removing speakers from radios because those were easy to interact with by just connecting a power source.

In the latter period of high school, I studied Electrical and Electronics at the CXC level, which provided me with an understanding of how electrical and electronic circuits worked. It was an awesome experience applying the knowledge gained to build working products from simple schematic diagrams. This was the spark that eventually led me to a career in Information Technology.

Recently, my mother’s NutriBullet personal blender, an appliance that had become a vital tool in her baking routine, stopped working. I decided to take it apart to see if I could identify the fault before sending it off to the appliance graveyard.

Upon disassembling the unit, I was surprised at the state of the internals. After only a few years, there was an accumulation of gunk inside the unit from liquid that seeped through the waterproofing gaskets. It dawned on me that, as consumers, the thought of regular maintenance really isn’t top of mind. The manufacturers may not even expect this either. When I reviewed the care guide for the device, it only spoke to cleaning the externally accessible area and not the internals.

I’m reminded of the saying “if it ain’t broke, don’t fix it”. This mantra is carried forward into professional settings, and IT and InfoSec are not exempt. I’m certain there is a physical or virtual server in an environment that was spun up to provide a service or solve a business problem and has been running smoothly ever since. So much so that it has been running for months or years without being restarted or updated.

Governance Reminder

Information security is a tactical game and information security governance is the rule book. Security policies, standards and procedures guide the organisation by providing structure and accountability for protecting its digital assets.

While current policies may appear to be working now, they may not be efficient, effective or fit-for-purpose. The threat landscape is evolving at an extremely rapid pace. This often results in playing the game from a disadvantaged position, constantly playing catch-up. To ensure the effectiveness of the security program, the implemented policies, standards and procedures need to be treated as living documents. We must make an effort to review these documents at least once per year to ensure relevance and confirm they address current threats to our organisations.

If you haven’t implemented a governance structure for securing your digital assets, the Center for Internet Security (CIS) and the SANS Institute provide free policy templates to use as starting points for creating your fit-for-purpose policies.

Security Operations Reminder

Just like that gunk building up inside the Nutribullet, security issues don’t announce themselves with flashing red lights. They accumulate silently until something breaks. We need proactive monitoring to catch these warning signs before they escalate into incidents. That’s where exposure management comes in. Exposure management is a proactive approach to identifying, understanding and managing information security risks.

If you don’t regularly and proactively assess your environment, you won’t know what’s degrading until failure occurs. As part of your exposure management, focus on the following areas:

• Vulnerability Management – Maintain an accurate asset inventory. You can’t protect what you don’t know you have. Regularly check with software vendors and hardware manufacturers’ advisories and update releases to apply operational and security fixes asap. Common Vulnerabilities and Exposures (CVE) are like digital wear and tear. Resources like CVEDetails can be searched to identify vulnerabilities affecting your assets, and the CISA Known Exploited Vulnerabilities Catalog can help to prioritise which assets and vulnerabilities to remediate first.
• Misconfigurations – Systems with default or misconfigured settings are common sources of security incidents. An attacker breaching the company’s network perimeter with default admin login credentials for the firewall, a file server compromise because SMBv1.0 is still enabled, a user account compromised due to a weak password policy and no two-factor authentication (2FA), and a network printer with default admin login used to steal sensitive data. Avoid surprises by performing regular configuration audits.
• Credential Management – Attackers don’t break in, they log in. Attackers prefer the path of least resistance, and compromised credentials easily bypass security controls. Ensure service account passwords are rotated frequently or use group-managed service accounts, enforce 2FA especially on privileged accounts, and avoid hard-coded credentials in programs or scripts.
• Unmanaged Infrastructure – Shadow IT is any system, device or software on a network or endpoint that isn’t approved for use by the IT department. Use asset discovery tools, conduct regular asset inventory recon and block or remove any asset not approved for use.

It is clear that neglect compounds over time. Regular maintenance, whether physical or digital, prevents small issues from becoming catastrophic failures. Building a culture of proactivity reduces time spent putting out fires and enables the business’s mission to be executed securely.

The NutriBullet Fix

For the DIYers and fixers among us, let’s walk through how I brought this NutriBullet back to a working state. To operate a Nutribullet, one places the closed jar with the external tabs or keys aligned with the 3 slots on top of the blender. Applying downward pressure and twisting the jar locks it in place and starts the blender.

The white plastic seen in each slot is a strip (see cleanup image below) that runs downward toward the base of the blender. All three strips are spring-loaded, but two of them are responsible for turning on the blender. Each of these two strips has a push-button switch positioned along its travel path when the jar is placed in the blender. The switches default to an open position, breaking the electrical circuit. Inserting the jar, which depresses the spring-loaded strips, activates the switch and closes the electrical circuit.

In my case, one of the switches became inoperable due to damage to the switch holder and one of the screw mount points. After a failed attempt at repairing the broken sections with glue (the glued points could not withstand the spring-loaded pressure), my next option was to modify the activation mechanism.

CAUTION. This dual-switch activation is actually a safety mechanism. This is very similar to tamper-resistant plug outlets in your home. To protect children from electrocution, non-conductive safety shutters are placed in each prong slot of an outlet to prevent a child from inserting objects like keys, paperclips, etc. An even force has to be applied to the safety shutter in each prong slot simultaneously for any object, preferably a male plug, to be inserted. In the NutriBullet blender, the dual-switch mechanism prevents accidental motor activation while the blades are exposed. Insertion of the jar applies simultaneous pressure to depress both switches. Assess the risk and determine your risk tolerance before applying my fix.

The modification I made to the activation mechanism was fairly simple. The switch that could not be activated due to the damaged parts was fixed in a closed state with gaffer’s tape. Activation now only requires depressing one switch to start the blender.

Thank you for taking the time to read this article. If you found value in or agree with my thoughts, please share in the comment section.