Paul's Security Weekly (Audio) Safes, Hackers, and Web Servers - PSW #892
Sep 18, 2025
This week, Deviant, a security researcher, dives into the alarming vulnerabilities found in digital safes and the implications for home security. He reveals insights on reset-heist backdoors and the intricacies of exploiting manufacturer algorithms. The discussion also touches on Differential Power Analysis attacks, using locksmith tools for physical bypass, and the debate over mechanical versus electronic locks. Deviant shares his expertise on locksmithing training and the crucial balance between security and convenience in various settings.
AI Snips
Chapters
Books
Transcript
Episode notes
ASA Devices Remain Widely Exposed
- There are over 113,000 Cisco ASA devices exposed on the public internet, many past or near end-of-life.
- Combined with active scanning and numerous exploits, this creates a high-risk attack surface.
Protect End‑Of‑Life Network Gear
- Monitor ASA firmware integrity and track known vulnerabilities; don't assume end-of-life removes risk.
- Remove internet-exposed management interfaces and replace unsupported ASAs where feasible.
Web Servers On Unexpected Devices
- A researcher ran a web server on a disposable vape by reverse‑engineering its MCU and using TCP/IP over serial.
- The vape-hosted site later returned 500 errors from being hammered after the write-up went public.
