Lock and Code

A recent history of hacking shows the importance of experimentation. In 2015, security researchers hacked a Jeep Cherokee and took over its steering, transmission, and brakes. In 2019, researchers accessed medical scanning equipment to alter X-ray images, inserting fraudulent, visual signs of cancer in a hypothetical patient. Today, we're discussing one such experiment—a garage door opener called “Open Sesame.” Join us for a discussion with "Open Sesame"'s developer, who is also the chief security officer and co-founder of Open Path, Samy Kamkar, to hear about how his tool works, and who holds responsibility for protecting against modern attacks.

The world of Google Chrome extensions—the sometimes helpful tools that can work directly with the Google Chrome browser to provide a variety of features—is enormous. So, with a marketplace of more than 200,000 items, quality control gets tricky. On today's episode, we speak with Pieter Arntz, malware intelligence researcher for Malwarebytes, about safely downloading Google Chrome extensions and how to avoid some of the more malicious extensions that are meant to hijack searches or sneakily deliver money for their developers.

Ask yourself, right now, on a scale from one to ten, how cybersecure are you? Are you maybe inflating that answer? Our main story today concerns “security hubris,” the simple, yet difficult-to-measure phenomenon in which businesses, and the people inside them, are less secure than they actually believe. To better understand security hubris—how businesses can identify it and what they can do to protect against it—we’re talking today to Adam Kujawa, security evangelist and director for Malwarebytes Labs and security evangelist.

Parental monitoring apps give parents the capabilities to spot where their kids go, read what their kids read, and prevent them from, for instance, visiting websites deemed inappropriate. But where these apps begin to cause concern is just how powerful they can be. To help us better understand parental monitoring apps, their capabilities, and how parents can choose to safely use these with their children, we’re talking today with Emory Roane, policy counsel at Privacy Rights Clearinghouse

Identity and access management, or IAM, is the name we use for the set of technologies and policies that control who accesses what resources inside a system—from company files being locked away for only some employees, to even your online banking account being accessible only to you. With more individuals using more accounts to access more resources than ever before, threats have similarly emerged. To better understand identity and access management, its impacts on the digital and physical world today, and who holds the responsibility to manage it, we’re talking today to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs.

Last month, cybersecurity experts warned the public about the data collection embedded in the Donald Trump 2020 re-election campaign’s mobile app. Once downloaded, the app requests broad access to user information, including device contacts, rough location, device storage, ID, call information, Bluetooth pairing, and more. On today’s episode, we’re looking at just one of the apps’ requested permissions—Bluetooth. To help us better understand Bluetooth and beacon technology, how they are applied to online advertising, and whether apps that request access to Bluetooth functionality are a big concern, we’re talking today with Chris Boyd, lead malware intelligence analyst for Malwarebytes.

For years, Internet capabilities have crept into modern consumer products, providing sometimes convenient, sometimes extraneous Internet connectivity. This increase in IoT devices has an obvious outcome—a broader attack surface for threat actors. Not only that, but with more devices connecting to the Internet, there are also more devices collecting your data and analyzing it to send you more ads, more frequently, for more products. To help us better understand the Internet of Things—including the cybersecurity and data privacy concerns of IoT devices, and what you can do to stay safe—we’re talking today to JP Taggart, senior security researcher with Malwarebytes.

We may know it’s important to have a strong, non-guessable, lengthy password, and yet we still probably all know someone who writes their password on a post-it, which is then affixed literally onto their machine.   To help us better understand the future of passwords, and any potential pitfalls for the burgeoning alternatives, we’re talking today to Matt Davey, Chief Operations Optimist at 1Password, and Kyle Swank, a member of 1Password's security team.

With shelter-in-place orders now in full effect to prevent the spread of coronavirus, countless businesses find themselves this year in mandatory work-from-home situations. To break down today’s enterprise threats—and our own responses at Malwarebytes—we’re talking today to John Donovan, head of security for Malwarebytes, and Adam Kujawa, director for Malwarebytes Labs.

This week, we speak with Pieter Arntz, malware intelligence researcher at Malwarebytes, about web browser privacy. The often neglected subcategory of data privacy deserves a closer look. Without theproper restrictions, browsers can allow web trackers to follow you around the Internet, resulting in that curious ad seeming to find you from website to website. But, there are ways to fight back.