0:00

Hello and welcome to the Wednesday, May

0:02

17th, 2023 edition of the Sand Senate Storm

0:04

Center's Stormcast.

0:08

My name is Johannes Ulrich and today

0:10

I'm recording from Jacksonville, Florida.

0:15

Jesse today wrote about the effectiveness

0:17

of Faraday bags. These

0:20

are bags that are supposed to block

0:22

wireless signals and

0:25

doing so they are protecting,

0:27

for example, your electronic

0:29

device from connecting to Wi-Fi

0:32

or cell phone networks, but they're

0:34

also often sold to protect, for example,

0:37

credit cards from being skimmed.

0:40

In order to do this test, Jesse

0:42

used Flipper Zero. Flipper

0:44

Zero, if you're not familiar with it, it's this little handheld

0:47

tool that basically has multiple

0:49

radios built in. It's not

0:52

the most effective or most sensitive

0:55

device to, for example, detect RFID,

0:57

but it's pretty good. And of course, it is

0:59

a likely device to be used

1:02

by your average attacker. So

1:05

far, if a particular

1:07

device does not block the Flipper

1:10

Zero, it's probably not going

1:12

to block any more sophisticated device.

1:15

Now, one

1:15

tricky part about these Faraday

1:18

bags or blocking electromagnetic waves

1:20

in general is that the type

1:22

of protection that you need often depends

1:25

on the frequency that you're trying

1:28

to block. And of course, with these

1:30

different devices, there's a wide

1:32

variety of frequencies being used on

1:34

the low end. You have like these proximity

1:37

cards that are often used sort of for

1:40

door opening and such. And on the

1:42

higher end, you then have Wi-Fi

1:45

and

1:45

cell phone signals. What

1:48

Jesse found is that the

1:50

bag that he tested, which at least

1:52

according to the way it sort of looks on Amazon,

1:55

is one of the little bit higher

1:57

quality bags, did

1:59

manage to block any of

2:02

the proximity cards and fobs.

2:05

It did block the credit

2:07

cards, the credit card could not be read. Bluetooth

2:10

it interfered with it but didn't completely

2:13

cut it out. Wi-Fi

2:15

and cell phone networks were

2:17

however cut out. Now interesting

2:20

here is Bluetooth Wi-Fi uses

2:22

pretty much the same frequency maybe

2:25

Bluetooth sort of frequency hopping

2:28

was a little bit more effective here in

2:30

bypassing some of these the shielding

2:33

or maybe just sort of the signal levels

2:36

are a little bit different here which helped

2:38

Bluetooth at least to some extent

2:40

to escape the faraday back

2:43

but really as Jesse puts it what it comes

2:45

down to is if you rely on any protection

2:47

like this test it and make sure

2:50

it actually works.

2:53

And a new story picked up by a couple

2:56

outlets originally posted by

2:58

Andrew Brand mentions

3:01

that SharePoint now apparently is

3:03

scanning password protected zip files

3:06

for malware.

3:08

Overall this is actually not really

3:10

that new Gmail I believe has been

3:13

doing this for years. The problem

3:15

here is if you are

3:17

sharing malware you often do so with

3:20

a number of well-known passwords

3:23

for example just the password infected

3:26

is used a lot here and

3:28

these systems have a list of commonly

3:30

used passwords infected is

3:33

one of those passwords and then essentially

3:35

just brute force the password from

3:37

a relatively small list of passwords

3:40

they'll consider. I

3:42

don't really see this as a big problem here

3:45

yes if you are encrypting

3:47

files you may assume some privacy

3:50

here but on the other hand we have

3:52

seen numerous threat actors

3:55

use password protected files in

3:57

order to sneak past various antiviruses.

4:00

systems. Some antivirus systems,

4:02

for example, will scan the

4:04

email that a particular file

4:07

arrived in in order to find

4:09

possible passwords to a brute

4:11

force. So if

4:13

infected doesn't work, well, pick a different

4:16

passwords and you should

4:18

be good to go. And

4:21

we got yet another critical vulnerability

4:23

in VM to the

4:26

node library that allows you to run

4:28

untrusted code inside

4:30

a specific sandbox

4:33

with only a limited amount of

4:35

modules. Now had a number

4:38

of issues with this concept in the

4:40

past there. VM to did

4:42

allow sandbox escape and this

4:44

is yet another vulnerability that

4:46

allows this attack complexity

4:49

is low and the proof of concept

4:51

is already available. So upgrade

4:54

to version 3 919. And

4:58

Mac OS users be aware Sentinel

5:01

one has observed the use of

5:03

a GeekCon against Mac

5:05

OS. GeekCon is an open source

5:07

port of the cobalt strike

5:10

beacon. It's written

5:12

in Go. So no real big surprise

5:14

that it's being adapted to different

5:17

platforms and Mac OS

5:19

being one of them.

5:22

Well, and that's it for today.

5:24

Thanks for listening. Please subscribe

5:27

to this podcast on your favorite podcast

5:30

platform. Leave good reviews

5:32

and talk to you again tomorrow.