Highlights from DEFCON 26 – CF047

This week on Cyber Frontiers Christian and Jim get together to talk about the highlights from DEFCON 26. We dive deep into how voicemails and SMS-unlocks are being used to bypass two-factor authentication on common technology platforms — and how simple attack surfaces are exploited to turn the old tech of voicemails into eye-candy for attackers. We also review the hardware and application based mechanisms used to avoid some of these commonly exploited vectors. We also take some time to discuss potential “digital side doors” into banking data using common financial management applications and introduce the word of the day to our listeners – stylometry. If you want a quick taste of DEFCON 26 with color commentary from your TAG team, this is the show for you.


Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future!   Christian Johnson will bring fresh and relevant topics to the show based on the current work he does.

 

Support the Average Guy: https://www.patreon.com/theaverageguy

WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at http://theAverageGuy.tv/subscribe

You can contact us via email at jim@theaverageguy.tv

Full show notes and video at http://theAverageGuy.tv/cf047

Tags: Podcast, Cyber Frontiers, DEFCON, Voicemail Hacking, Reddit, Google, 2FA, Banks, Banking Software, Stylometry


Hacking 2FA with Old School Tech (Voicemails):

Martin Vigo presents his first DEFCON talk on using voicemail and SMS to bypass two-factor authentication implementations, and to reset passwords into common online platforms.

https://www.martinvigo.com/voicemailcracker/

Think it’s unlikely? Think again. Reddit has a major disclosure using these mechanisms:

https://www.csoonline.com/article/3293904/cloud-security/reddit-discloses-hack-says-sms-intercept-allowed-attackers-to-skirt-2fa-protections.html

Which leads us to…. How to do things the right way:

https://myaccount.google.com/advanced-protection/enroll/details?pli=1

(we demo and talk about the hardware and software solutions on-air).

Your Bank’s Digital Side-Door

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Steven-Danneman-Your-Banks-Digital-Side-Door.pdf

De-Anonymizing Programmers from Source Code:

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Rachel-Greenstadt-and-Aylin-Caliskan-De-anonymizing-Programmers.pdf


Contact Christian: christian@theaverageguy.tv

Contact the show at jim@theaverageguy.tv

Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at:
http://diehardcafe.bandcamp.com/http://cokehabitgo.tumblr.com/tagged/my-music