Paul's Security Weekly (Audio) Hackers On A Train - PSW #883
Jul 17, 2025
The hosts dive into the intriguing vulnerabilities of train RF control protocols, highlighting the risks of spoofing. They discuss the Flipper Zero's dual nature as a learning tool and potential interrogation device. The conversation touches on AI's evolving role in bug hunting, raising questions about human versus machine effectiveness. Additionally, they explore legacy devices still clinging to FTP, the complexities of securing Gigabyte motherboards, and the looming merger of Android and Chrome OS, weighing security benefits against risks.
AI Snips
Chapters
Transcript
Episode notes
Remote Support Creates Hidden CUI Risks
- Outsourcing technical support to foreign vendors creates real supply‑chain and access risks for CUI.
- Digital‑escort controls sound good on paper but whistleblowers show they can fail in practice.
Treat Remote Support As A CUI Threat Vector
- Enforce strict need‑to‑know and escort controls for remote support sessions and log every action.
- Treat any external remote access as potential CUI exposure and require appropriate clearances or isolation.
Firmware Patching Falls Through Vendor Chains
- Many motherboard vendors drop UEFI patches downstream and leave hundreds of models vulnerable.
- Consumers of gaming hardware often face poor firmware update support compared to enterprise OEMs.