Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Hello and welcome to the Wednesday, May
0:02
17th, 2023 edition of the Sand Senate Storm
0:04
Center's Stormcast.
0:08
My name is Johannes Ulrich and today
0:10
I'm recording from Jacksonville, Florida.
0:15
Jesse today wrote about the effectiveness
0:17
of Faraday bags. These
0:20
are bags that are supposed to block
0:22
wireless signals and
0:25
doing so they are protecting,
0:27
for example, your electronic
0:29
device from connecting to Wi-Fi
0:32
or cell phone networks, but they're
0:34
also often sold to protect, for example,
0:37
credit cards from being skimmed.
0:40
In order to do this test, Jesse
0:42
used Flipper Zero. Flipper
0:44
Zero, if you're not familiar with it, it's this little handheld
0:47
tool that basically has multiple
0:49
radios built in. It's not
0:52
the most effective or most sensitive
0:55
device to, for example, detect RFID,
0:57
but it's pretty good. And of course, it is
0:59
a likely device to be used
1:02
by your average attacker. So
1:05
far, if a particular
1:07
device does not block the Flipper
1:10
Zero, it's probably not going
1:12
to block any more sophisticated device.
1:15
Now, one
1:15
tricky part about these Faraday
1:18
bags or blocking electromagnetic waves
1:20
in general is that the type
1:22
of protection that you need often depends
1:25
on the frequency that you're trying
1:28
to block. And of course, with these
1:30
different devices, there's a wide
1:32
variety of frequencies being used on
1:34
the low end. You have like these proximity
1:37
cards that are often used sort of for
1:40
door opening and such. And on the
1:42
higher end, you then have Wi-Fi
1:45
and
1:45
cell phone signals. What
1:48
Jesse found is that the
1:50
bag that he tested, which at least
1:52
according to the way it sort of looks on Amazon,
1:55
is one of the little bit higher
1:57
quality bags, did
1:59
manage to block any of
2:02
the proximity cards and fobs.
2:05
It did block the credit
2:07
cards, the credit card could not be read. Bluetooth
2:10
it interfered with it but didn't completely
2:13
cut it out. Wi-Fi
2:15
and cell phone networks were
2:17
however cut out. Now interesting
2:20
here is Bluetooth Wi-Fi uses
2:22
pretty much the same frequency maybe
2:25
Bluetooth sort of frequency hopping
2:28
was a little bit more effective here in
2:30
bypassing some of these the shielding
2:33
or maybe just sort of the signal levels
2:36
are a little bit different here which helped
2:38
Bluetooth at least to some extent
2:40
to escape the faraday back
2:43
but really as Jesse puts it what it comes
2:45
down to is if you rely on any protection
2:47
like this test it and make sure
2:50
it actually works.
2:53
And a new story picked up by a couple
2:56
outlets originally posted by
2:58
Andrew Brand mentions
3:01
that SharePoint now apparently is
3:03
scanning password protected zip files
3:06
for malware.
3:08
Overall this is actually not really
3:10
that new Gmail I believe has been
3:13
doing this for years. The problem
3:15
here is if you are
3:17
sharing malware you often do so with
3:20
a number of well-known passwords
3:23
for example just the password infected
3:26
is used a lot here and
3:28
these systems have a list of commonly
3:30
used passwords infected is
3:33
one of those passwords and then essentially
3:35
just brute force the password from
3:37
a relatively small list of passwords
3:40
they'll consider. I
3:42
don't really see this as a big problem here
3:45
yes if you are encrypting
3:47
files you may assume some privacy
3:50
here but on the other hand we have
3:52
seen numerous threat actors
3:55
use password protected files in
3:57
order to sneak past various antiviruses.
4:00
systems. Some antivirus systems,
4:02
for example, will scan the
4:04
email that a particular file
4:07
arrived in in order to find
4:09
possible passwords to a brute
4:11
force. So if
4:13
infected doesn't work, well, pick a different
4:16
passwords and you should
4:18
be good to go. And
4:21
we got yet another critical vulnerability
4:23
in VM to the
4:26
node library that allows you to run
4:28
untrusted code inside
4:30
a specific sandbox
4:33
with only a limited amount of
4:35
modules. Now had a number
4:38
of issues with this concept in the
4:40
past there. VM to did
4:42
allow sandbox escape and this
4:44
is yet another vulnerability that
4:46
allows this attack complexity
4:49
is low and the proof of concept
4:51
is already available. So upgrade
4:54
to version 3 919. And
4:58
Mac OS users be aware Sentinel
5:01
one has observed the use of
5:03
a GeekCon against Mac
5:05
OS. GeekCon is an open source
5:07
port of the cobalt strike
5:10
beacon. It's written
5:12
in Go. So no real big surprise
5:14
that it's being adapted to different
5:17
platforms and Mac OS
5:19
being one of them.
5:22
Well, and that's it for today.
5:24
Thanks for listening. Please subscribe
5:27
to this podcast on your favorite podcast
5:30
platform. Leave good reviews
5:32
and talk to you again tomorrow.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More