Paul's Security Weekly (Audio) Devices Are Attacking - PSW #886
Aug 7, 2025
Explore the alarming rise of firmware attacks and the infamous 300-second breach that highlights the vulnerabilities in our systems. The hosts debate the role of AI in cybersecurity and why traditional methods still hold strong. Discover the implications of LLMs scrapping websites and the impact on publishers. The discussion also touches on AI-generated apps facing security flaws and the dramatic story of drones delivering e-bikes in Ukraine. Plus, insights into signed kernel drivers used in malware and covert data transmissions via HDMI emissions.
AI Snips
Chapters
Books
Transcript
Episode notes
Subcomputer Inside Laptops Can Be Weaponized
- Dell laptops contain a daughterboard (Control Vault / Unified Security Hub) that stores secrets and connects biometric readers.
- Vulnerabilities allow key material leakage and permanent firmware modification, enabling powerful persistence outside the OS.
AI Is Tool, Not Panacea
- AI is a powerful tool but not a silver bullet; past tech bubbles show overhyped expectations.
- Use AI to augment processes, not replace fundamental skills, teams, or institutional knowledge.
Learn Manual First, Then Automate
- Automating with AI removes manual career paths and hands-on learning opportunities.
- Teach fundamentals manually first, then layer automation so people retain deep understanding.
