Paul's Security Weekly (Audio) Firmware Backdoors Be Spying On You - PSW #914
Feb 19, 2026
A deep dive into firmware backdoors hiding in Android tablets and kernel-level compromises on embedded devices. They cover a fresh remote code flaw in privileged access tools and the risks of preinstalled vendor software expanding attack surface. The conversation touches on leaked AI assistant secrets in repos, mass internet scanning, and long-lived vulnerabilities in HPC and networking gear.
AI Snips
Chapters
Transcript
Episode notes
Centralize Logs And Crash Dumps For Appliance Forensics
- If you must protect Linux-based appliances, capture logs and crash dumps off-device and centralize them because in-depth forensic imaging is impractical operationally.
- Paul advises collecting device logs, crash dumps, and administrative account lists as compensating controls when filesystem access is unavailable.
Expert Shell Exposes Firmware Forensics Window
- Paul Sidorian recounts finding Linux shells on devices like Cisco FTD where typing 'expert' drops you into a Linux prompt.
- That direct access enabled him to pull binaries and investigate firmware-level malware in lab demos.
Vendor-Restricted Linux Access Hinders Forensics
- Many large vendor appliances intentionally hide or restrict access to their Linux subsystems, which reduces customer visibility and hampers incident response.
- Paul explains vendors limit access for support reasons, but that leaves defenders blind to in-memory or firmware compromises.