SN 991: RAMBO - Cloned YubiKeys, Telegram vs. Signal, French Elevators, Unix Time

In the latest episode of Security Now, Micah Sargent and Steve Gibson cover important cybersecurity topics, including the potential cloning of Yubikeys, listener feedback on the security comparison between WhatsApp and Telegram, and issues faced by elevators in Paris. They also discuss a concerning Rambo attack that affects air-gapped systems and the challenges posed by cyber threats in 2024. In addition to these topics, Microsoft faced criticism over a bug concerning the recall feature in Windows 11, which initially gave users hope for easy uninstall options that will reportedly not be available. This mix of insights and security concerns serves as a reminder of the ongoing challenges in the digital world, highlighting the importance of staying informed and vigilant about cyber security.

Microsoft's new AI feature called Recall, set to debuts with Windows Insiders, is causing privacy concerns as it captures screenshots of users' activities. Originally planned for earlier release, its rollout faced delays due to security issues. Microsoft is making it optional and enhancing security, but many users feel uncomfortable and want the option to completely uninstall it. Some observers compare Recall's forced presence to past controversies with Internet Explorer. As concerns grow over privacy, alternatives are being developed to disable Recall, reflecting a broader trend of users demanding control over their software. Ultimately, it highlights the ongoing tension between user privacy and tech companies' push to integrate features into their systems, leaving users anxious about potential surveillance.

Recent research revealed a significant vulnerability in YubiKeys, which are popular security devices used for two-factor authentication. The flaw lies in the Elliptic Curve Digital Signature Algorithm (ECDSA) of the Infineon chip used in these keys. Attackers could exploit this vulnerability by gaining physical access to the device and conducting side-channel measurements to extract private keys, allowing future unauthorized access to accounts. However, carrying out such an attack requires expensive equipment and advanced skills. Notably, two-factor authentication and one-time password functionalities are safe from this vulnerability, maintaining a level of security for users. YubiKey has already addressed the problem in newer products, but existing devices before May 2024 are still at risk. Despite the risks associated with the vulnerability, FIDO-compliant systems remain one of the most secure forms of authentication available today.

Physical keys used in two-factor authentication, like Yubikeys, remain one of the most secure methods of safeguarding accounts. Even if an attacker can clone a key, they still need access to the user’s password. Recently, it was found that a subtle flaw in Yubikeys could be exploited, but it requires expensive equipment and specialized knowledge, making it unlikely for typical users to face such a threat. The company that provides the keys addressed the issue with new hardware, as upgrading the firmware in the field was not feasible due to security concerns. Therefore, for most users, the existing security measures are still robust enough. Overall, unless you're dealing with high-stakes espionage, replacing your physical key may not be necessary, and existing users can feel confident in their security.

Understanding the differences in messaging apps such as WhatsApp, Signal, and Telegram is crucial. WhatsApp offers strong end-to-end encryption thanks to its use of the Signal protocol, ensuring secure messaging even in group chats. On the other hand, while Telegram provides encryption during transmission and storage, it does not offer true end-to-end encryption for all messages. Users need to decide what level of security they need for their conversations. Furthermore, it's important to utilize these platforms responsibly; the typical user may not fully recognize the implications of these security differences. Ultimately, whether for casual chats or more sensitive discussions, knowing which app to use can help in maintaining privacy. Overall, many listeners appreciate the podcast's in-depth discussions on security topics, providing them with useful insights while keeping the feedback from users in mind.

To protect your identity and credit from potential breaches, it’s vital to freeze your credit at all major bureaus. Recently, many people have learned about Inovis, the fourth major bureau, which is often overlooked. Freezing credit is easy and quick, especially with resources available from sites like Cyber Hoot. Users can now easily find how to freeze their credit across all major bureaus with the help of new links. This ensures a higher level of security. While best practices suggest freezing credit at all bureaus, questions still arise about whether or not one should bother with less-known bureaus. Ultimately, doing a freeze at the major four provides comprehensive security against unauthorized credit inquiries, thus offering peace of mind in a world where personal information is commonly exposed. Keeping track of access pins and understanding the freeze process will help individuals manage their credit more effectively.

Using quality data services like Melissa can significantly improve how businesses operate. They offer tools to clean and standardize data, which enhances customer experience and optimizes efficiency. Moreover, Melissa ensures data security and compliance with regulations. As technology evolves, staying updated and informed on relevant changes, such as Unix time issues, can help prevent system breakdowns and interruptions. Keeping updated with technology literature, such as the Baba verse book series and new releases from authors like Peter F. Hamilton, can offer both entertainment and insight into the science fiction genre, making it more engaging, especially for those typically focused on fantasy. Staying connected with technology improvements and cultural releases ensures continuous learning and adaptation in both personal and business environments.

Science fiction often presents exciting adventures that stretch the imagination, like the story of humanity escaping a dying Earth and evolving in new environments. The speaker expresses eagerness to read more about these narratives while sharing insights about technology and personal experiences, revealing the joy of discovery in both literature and innovation. From discussing the cliffhangers common in a given series to exploring the intriguing concept of a data-wiping utility, this conversation highlights the intersection of storytelling, technology, and personal experience in understanding our world. It shows how stories can captivate us and how technology continually evolves to meet our needs, forming a rich tapestry of human experience and creativity. This blend of themes can connect to anyone passionate about books or technology, making them feel part of a broader community that cherishes exploration, creativity, and the pursuit of knowledge.

Air-gapped computers, which are isolated from external networks for security, can still be vulnerable to clever attacks. Researchers at Ben Gurion University developed a method called Rambo that exfiltrates data using radio signals generated from a computer's RAM. Though air-gapped systems seem secure, the encoded signals can leak sensitive information like encryption keys. This new technique showcases how malware can use existing technologies to bypass physical security measures. Past incidents like Stuxnet show that air-gapped networks aren't completely safe, and while this attack might not send massive amounts of data, the extracted small bits can potentially unlock larger systems. Understanding these vulnerabilities is crucial as we increasingly rely on encryption and cloud services, concentrating sensitive information in fewer bits, making such attacks more concerning.

Attacks on air-gapped networks can be highly sophisticated, using malware spread via USB drives or insider actions. Once inside, attackers can manipulate the computer's systems, unnoticed, and exfiltrate sensitive data through specialized radio signals generated by memory operations. Modulation techniques like Manchester encoding allow covert data transmission, making detection difficult. Insiders may unwittingly assist attackers by connecting infected devices, creating a multi-phase strategy that combines social engineering, physical access, and technical manipulation to breach isolated systems.

Rambo's covert channel uses Manchester encoding to effectively communicate data using transitions between signal states. Each bit of data is represented by a specific transition, which aids in synchronization and error detection. This method allows for the transmission of sensitive information over distances up to 23 feet, demonstrating its potential risks. However, it requires more bandwidth because each bit takes two signal states. Despite the challenges, the feasibility of this technique raises concerns about data security, especially in air-gapped systems, which could be compromised if infected with malware. Mordecai's innovative approach highlights the importance of shielding devices against electromagnetic emissions, suggesting a need for robust countermeasures to prevent unauthorized data exfiltration. Understanding these encoding techniques can help enhance security and protect against potential threats from electronic devices that unintentionally leak data through RF signals, potentially impacting sensitive information handling.

Steve emphasized the importance of signing up for the GRC email list to receive show notes before the recording. While there was feedback suggesting that notes be sent out after the show airs, most listeners appreciate having them in advance. This practice helps listeners prepare for the upcoming episode. Additionally, Steve encouraged joining Club Twit, which offers subscribers ad-free content and exclusive shows for $7 a month. Club Twit members can enjoy behind-the-scenes access, participate in a dedicated Discord community, and receive special events and bonus feeds. Both the email list and Club Twit provide valuable content for dedicated listeners, whether they want insights before the show or extra perks after joining. Steve also mentioned that he would return next week to continue sharing insights from Leo’s trip, enhancing the experience for listeners with new information and perspectives from that journey.