Cybersecurity Situational Awareness Lessons from Mr. Robot

You found the backup wrap up your go-to podcast for all things

backup recovery and cyber recovery.

In this episode, we break down another wild Mr. Robot episode

that's packed with lessons in cybersecurity situational awareness.

We'll talk about USB stick attacks, Bluetooth hacking, and why that officer

really should have checked his six.

We look at how Elliot bypass prison security systems and

what real world defenses I think would've stopped these attacks.

It's a fun episode with practical cybersecurity lessons that you

can apply today, real cyber lessons from a fictional show.

Go figure.

Well, if you don't know who I am, I'm w Curtis Preston, AKA, Mr.

Backup, and I've been passionate about backup and recovery for over

30 years, ever since I had to tell my boss there were no backups of that

production database that we just lost.

I don't want that to happen to you, and that's why I do this.

On this show, we turn unappreciated admins into Cyber Recovery Heroes.

This is the backup wrap up.

Welcome to the show.

Hi, I am w Curtis Preston, AKA, Mr. Backup, and I have with me a guy who will

not join me on my morning trash pickups.

Prasanna, Molly Yondi.

How's it going?

Prasanna,

I am good Curtis.

Uh, yeah, you're, uh, yeah.

No, I'm not going on

you're, you're not

Although I have to say, I don't think I have as much trash in my neighborhood as

Yeah.

I don't know.

I, um, yeah, so, so I've been taking a morning walk and

then I decided I got tired of.

Seeing how much trash that I see along the thing.

And at first it was like, this is a little bit, just a little bit.

And so I was like, oh, I'm gonna bring a little garbage bag along

with me and, um, try to pick it up.

And that I ended up bringing back three pounds of trash from my first walk.

And I, and I felt pretty good about that.

Yeah,

But then this morning I went a different route and I'm like, oh my God, I would

have to bring a five gallon bucket,

Well,

you know?

should also comment on what you did yesterday on your walk

and what you took with you.

I have a battery operated leaf blower.

Uh, if you have a leaf blower.

You can, they're designed also to be leaf suckers.

Right?

And so they have a bag and essentially it's like a vacuum.

And so my initial idea was that I wouldn't actually be picking up trash.

There's lots of little pieces of trash and I would just suck it up with the

leaf blower into the little leaf bag.

Um, that did not work.

So you're basically walking around with a leaf blower strapped to your

back, just walking down the street.

Just walking down the street with a leaf blower.

Um.

Wondering what people were thinking of this random, you know, random

gray haired dude walking down the street with a leafblower.

Um,

Well, I just wanna say thank you for actually doing like going and actually

picking up trash, because I know a lot of people would just be like, ah, screw it.

It's not my problem.

Not my,

yeah.

not my cir, not my circus, not my monkey, not my monkey, not

Uh, we'll, we'll see.

We'll see.

Like I will say it de definitely, it was very nice feeling.

The problem with the leaf blower is that it's made, or the leaf sucker is, is that

it's made to actually shred the leaves.

The way that the, the impeller, the leaves go through the

impeller and they get chopped up.

And so what happens is when you suck up, let's say, I don't know, a ketchup packet,

Uh,

um, it just gets, it just jams.

yeah.

just, if it makes it through, it doesn't get shredded.

And so it, what I found when I actually took the bag off was

that all of the little trash.

Was all jammed up in the,

Empower.

in the, well, the, the little tube right past the impeller.

It did, you know?

Yeah.

So, so that, that idea was just a bus.

It was just me walking around with a, I don't know, five, 10 pound device.

I think what you should do instead.

Mm-hmm.

Is you should walk with the vacuum cleaner, which you then plug into

your vehicle to then operate and have someone drive alongside you as you're

What if, what if I, what if I turn on FSD and have the car,

you know, like robot taxing me.

wonder if you, no, I don't

I, it, it won't, it won't work.

It won't work.

I, I think I know how you do it.

It's

But

Okay.

You could do FSD, but you basically place a heavy weight in the passenger

seat, so, or in the driver's seat, so it thinks someone's there, and

then you keep something in front of the sensor so it thinks there's

always someone in front of it.

And then as you move, it moves along with you.

I, I think it's a little smarter than that, but

I don't think so.

I think you're a little insane.

Um, speaking of a little insane, this episode was insane.

Um,

it really?

It

well, I, yeah, I was right.

Um, and.

This, this is episode six, AKA 1.5, and I don't know, I don't know if this continues

in season two, if the whole numbering thing continues in season two, but

Brave Traveler.

Right.

Brave Traveler, which comes from Vera.

So Vera is the, the, the, the, the, the drug dealer that he got put in prison.

He figured out that Elliot's the one that put him in prison and he, he calls him

and says, Hey, you need to break me out.

And today,

Yeah,

right?

He has kidnapped Shayla.

And he says, you, you know, you need to break me out today

or else I'll kill Shayla.

And he try, you know, Elliot tries to tell him, Hey, you know,

you, you can't, I can't do that.

Right.

That's not, you know, that's, that's the surefire way to have a unsuccessful

attack, which is to not do any recon.

Right.

We've talked about recon before.

And he's like, you want me to just do that?

But he does figure out that there is, uh, you know, an electronic

system that will open the doors and he just needs to get in the network.

And so he, um, he does this, um, USB stick thing.

Uh, you know, we'll talk about that in a minute.

And, um, that doesn't work.

And, uh, then he gets, um.

Uh, he tries to hack through the wifi and he, he actually does end up successfully

hacking the wifi of a car, of a cop car, getting into the network and then letting,

Well, it wasn't wifi of the car.

oh, it was Bluetooth.

It was Bluetooth.

Right,

Bluetooth of the

right.

in the car and then realized, hey, you're connected to the prison network over

4G, so

Yeah.

Yeah,

you are the weakest link.

yeah, yeah, exactly.

and you know, once again, you know, sex works.

Uh, you know, he uses Darlene, uh, you know, dressed kind of.

Alluring

Hmm.

distract the cop while, while he's gonna control his computer.

And, um, uh, that works.

'cause guys are stupid.

So he, he, he does, he hacks the, um, the, the cop's car via Bluetooth gets

into the thing and he does successfully.

Bust Vera out of prison,

Mm-hmm.

after which he does get Shayla back,

Not the way he was expecting.

right?

He did get Shayla back like they promised, but she was D-E-D-E-D

as my daughter likes to say.

DED Dad.

Um, she was, yeah, shot in the head it looked like, um, that did not look good.

So maybe it's too late to say spoilers.

Yeah.

Well, and it was also like when he gets outta, when Vera gets outta prison, right?

He's like, yeah, she's been with you this entire time, man.

You

Yeah,

realize it.

yeah.

And then I was just like, oh my gosh.

And then the way that they also shot the scene, sorry, this has nothing to do

with cybersecurity or anything else like

Yeah.

just the way they shot the scene, right?

Where it's like.

He goes, he opens the trunk, the trunk opens.

He, they don't show the body or

You see?

You see his reaction?

Yeah.

reaction.

And in the beginning he doesn't make any noise, right.

He doesn't

Yeah.

He doesn't yell, he doesn't scream.

He doesn't even sniffle or cry

Hmm.

of like catatonic and, and then you look at him and then he just like

looks down at the body and then they pan over his shoulder and you just

yeah, yeah.

covered in blood and then he, yeah, and then he runs because the cops are coming

Right, right.

By the way, the, the, the time, the length of time that they stand

around BSing before hopping into the getaway car was like, I was like, I

think you just broke outta prison.

I think maybe you should get in the getaway car now.

You know?

But anyway.

Yeah,

Curtis.

it's a Devi, it's a TV show.

I think is what they

Yeah.

So let's talk about some of the mechanisms that they, that they

used, um, you know, more exploits.

And the first one that I, I don't know.

What if, if I had seen this in real life, I'd have been like, Hey lady,

what are you doing, number one.

Number two, why are there all these USB sticks around here, right?

to recap, right, so Darlene is walking outside a police station,

Yeah,

in the parking lot and she just has like a pocket full, like.

Probably like 50 or a hundred USB sticks.

And every

yeah,

few steps, she just like takes it and dumps out like three and

yeah.

along and you just see

I,

these USB sticks on the road.

yeah.

coming in and out of the station.

There are kids playing like not too far away.

And no one is going, why is this lady dumbing all our US music?

Hey, I think he dropped something.

Nobody says that, but

Well, and, and

yeah.

then you move on, and then she's like, she goes away, and then you

see a scene where a cop comes up

Yeah,

he's like, oh, A

I,

stick.

And he picks it up.

But I'm just thinking in my mind, I'm like, yeah, there's a USB stick.

There's another USB stick, there's another USB stick.

There's like a hundred on the

yeah.

right?

It's

She wasn't very subtle in that.

Yeah.

I was like, shouldn't you know something's up when you see like

a hundred USB sticks just lying

Yeah.

Yeah.

And, um, he puts it in the computer like a maroon, right.

Puts it in the computer and runs it, executes what's on the USB stick.

Do you remember what was on it?

It was like a game, like a.

it was a click this to get a 10 or a hundred dollars

Oh, yeah, yeah, yeah,

and it, it was like, answer these

yeah,

questions.

So it was like.

yeah.

your favorite music type and all the rest, and, and then as it's running, as

he's going through this, what happens?

The intrusion detection system actually detects that he had, um, inserted malware.

Did

Uh, and malware was one running.

It was.

No, I didn't.

avast.

Oh, was it?

Okay.

Running on windows.

Gotcha.

Um, and it, yeah, it noticed that it was, you know, that it was malware and,

uh, and so of course the guy's like, crap, crap, crap, crap, crap, crap.

You know?

And he realizes that he, he screwed up.

what does he do though?

Did you see what he did?

Do you remember?

No, I don't.

so he realizes, he's like, crap, crap.

And then he pulls the USB stick and then he goes and pulls the power cord.

Oh, he pulls a bar.

Yeah.

Yeah, yeah.

Well that's, you know, it's effective I suppose, you know?

but, but you have a story around this,

I do, what do I,

USB stick that contains malware that was handed out at a

oh, yeah, yeah, yeah, yeah.

I, I, yeah.

I've seen this where I was, um.

And, you know, there been, there have been studies where they drop these USB

sticks and people will just do this.

Right.

Um, and, and I've seen that, um, the, the, the one where I experienced

was, was different than that.

I was at a symantec conference.

It, it happened to be the Symantec.

When it was net backup, right?

It was the Symantec Vision and it was the, it was the conference immediately

after Symantec acquiring Veritas.

And they had distributed some stuff, you know, that they wanted you to, to, to

have for the, um, for the conference.

And, uh, there was, and they did it.

They distributed via this USB stick and, uh, the next morning.

We got, you know, they, they told us in the session, please don't put the

USB stick in, there's malware on it.

Right?

Which is that, that right there is ironic, right?

Uh, unlike Alanis Morissette, I actually know what the word ironic means.

Um, it doesn't mean coincidence anyway.

Um,

isn't it ironic?

No, actually it isn't Alanis.

Um, that just sucks.

Um, anyway.

this happened, and I think though when USB sticks first came out,

Mm-hmm.

at conferences, like you'd walk around, it's a freebies that people

would give out because everyone was

Yeah.

B sticks.

They're so

Right, right, right.

And then malicious people realized that is a great way to send things out because

most right at the time, you insert a USB stick, it auto runs whatever is on there,

Yeah.

even let you to be like, Hey,

Yeah.

you sure you wanna open this or do

Right, right.

Yeah.

Do you trust what's on this USB stick?

Yeah.

INF? If you remember Windows

Yeah,

showing my age, Curtis showing my age.

yeah.

Um, I was watching a comedy routine this morning and the, the guy was

talking about how the phones used to have, you know, minutes and,

Hmm.

and number and a limited number of text messages.

Yeah.

The same thing here.

Um.

So, yeah.

So that obviously that is not good.

Right?

And, and so, so we can talk about what can you do to prevent that?

You can disable that

yeah.

in, like if you're in a corporate network, you can disable the use of USB ports.

Before we move on though, sorry.

Yeah.

actually want to give credit to the cop though, because he did not

click the button that said ignore on

Oh,

detection.

Right,

I, I don't, I'm not gonna give him much credit.

at least he did that, right?

Okay.

Yes.

Yeah, he

But, but, but you're right though.

There is things you could do, like make sure that it's not auto running.

Make sure you know where the USB stick came from.

right.

you have a USB stick, that is also your personal.

Also, be careful if you're taking it and plugging into like some other

person's computer, because now your USB stick may be infected that you

Yeah.

necessarily about a USB stick.

Just be careful where you're plugging these USB sticks into.

Well, I guess I'm saying from a corporate perspective, you

can disable these features.

You could disable the USB port altogether.

Um, it's unlikely you're gonna do that on laptops.

Um.

been at companies where they disable USB,

I'm just saying unlikely.

I

uh.

I, I'm sure it happens, right?

Uh, there are some companies that truly take their cybersecurity, uh,

seriously, and they're like, you know, um, but un IWI wonder at that,

at that those companies where they do that, do they also disallow, uh, BYOD.

Uh, n So from the places that I've worked where they've done

that, they don't disallow BYOD,

Mm-hmm.

they

is bring your own device in case people don't know that.

Uh, but it would basically be blocked from accessing pretty much

anything on the corporate network.

Okay.

So they, yeah.

All right.

So they give 'em wifi to, to access the internet, but not to be able to access.

Okay.

yeah,

Yeah.

I, I've seen places that disable all USB ports, even on laptops.

Or especially on laptops.

Right.

Um, and that's something that you should at least think about if you're

not thinking about that, that would, that would've stopped this Right.

I do wonder if they have the capability to just disable

peripherals versus things like a monitor or,

No, you, I think it's in the bios to disable basically USB Port

No, no, no.

I.

like, what if you need to use a monitor for work and the company disables USBC?

Oh, and it's A-U-S-B-C monitor.

Yeah,

Hmm.

That's a good question.

Right.

I

Um

to differentiate between displays, but then you have to also worry about,

okay, a display it also have a USB hub built into it, and now what happens

with that and all the rest, so.

hmm.

Yeah, time to look into that.

Hmm.

Um, all right, so, uh, let's see.

We talked about, um, so the, the, um, the USB stick hack didn't work because

the malware was actually caught.

Good job on the, on the police station.

What.

what Elliot, so Dar Elliot had asked Darlene to go drop the USB sticks, right?

And

Right.

also created the package, the malware package.

Oh yeah.

Yeah.

when it fails, because Elliot sees that someone had plugged in, he's like, oh.

And then he starts to execute stuff and then basically he's not able

to get it to fully run, and so

That that's what, that's when it got detected.

Right.

And so El Elliot was what?

Well, like I never took you for a script kitty, which is the

term I haven't heard in a while.

Right?

Um, yeah.

Uh,

kitty is

yeah.

So this is basically somebody who's downloading and using other people's

code, um, which interestingly enough is, has been escalated

to like ransomware as a service.

Right.

Uh, because a, a true hacker.

As depicted in the show, a true hacker would write their own malicious code.

Oh,

Right.

Which would, which would not be as detectable because it, there's not

an established, uh, you know, IIOC.

Yeah.

today with ai, are all developers script kitties?

Wow.

That's a good question.

That's a good question.

And I, and also I wonder, is there malicious ai?

Because like a lot of the ais that are out there, they have

morals, you know, they have,

Yeah.

well, well they, it's like they act.

So like I've, I've, I've tried to do things, not hack computers, but I've

tried to get some LLMs to do something for me before, and it's like, and it,

it's literally said, I don't think that's.

I don't think you should be doing that.

Right.

And I'm like, um, hello.

Right.

Um, I, I just remember like, it wa I wasn't trying, I don't, I don't remember

exactly, but I do remember me having an argument with an LLM going, but I, what?

Do what I tell you.

You know?

And, and, um, it, it, it was like, no, I, I won't do that.

And I'm like, okay, fine.

I'll go use another LLM.

Yep.

Well, and that's the thing, right?

It's all these companies, right?

The AI companies that build safety models,

Yeah.

sure you're not able to do things like make chemical weapons

Right.

And, and malicious code, I guess is what, is what I'm suggesting.

I don't, I, I don't know if, but I'm assuming there's also bad LLMs, right?

Um, that are able to do, you know, literally whatever you want.

Elliot gets this epiphany as he's talking to Mr. Robot in his stairwell.

And by the way, the bad guys are keeping Elliot hostage and there are two guys

Right.

the time.

Right.

Well, by, by this point, Darlene has been taken hostage.

Right?

Because she came in to tell him what happened and, you know, and,

um, uh, she got taken hostage.

So now they have Darlene and Shayla.

Yep.

Um, yeah.

And so Mr. Robot's like, oh yeah, you should go to the source.

So he basically decides, Hey, I'm gonna go to the prison.

And I'm

Yeah.

visit Vera.

And by the way, when I'm there, and he tells him this, right?

He's like, I came and talk to you.

And Vera's so surprised.

He's like, what are you doing here?

Your face is on camera.

He is like, it doesn't matter.

I needed to drop my cell phone off in

Right, right,

place, right?

right,

allowed to take cell phones into the prison.

And he's

right.

my phone is looking for wifi networks

Right.

to figure out, and he tells him.

He is like, and you need to keep talking with me because

my program needs time to run.

Right, right.

Yeah.

And what happens with that?

Is that how he detects the, the

The cop

go ahead.

So what happens is, so he ends up having this conversation with Vera.

This is where Vera says, okay, you need to come out, you

need to break me out tonight.

And then as he's leaving the police station, he looks at his phone to

see, okay, what did my uh, app find?

And he realizes that it found a bunch of wifi networks, but

they were all WPA two encrypted.

And

Right,

me days to crack,

right.

What wifi WPA two is is for wifi, right?

It's all wireless, right?

You're not physically connected, and so technically, if you didn't

have any sort of encryption, anyone could sit there and listen in over

the air and just like download.

It's just like how you get radio stations, right?

Right.

Right.

listen to it.

But with, uh, encryption, right?

WPA is sort of one type of encryption.

There are

Mm-hmm.

and three.

Um, WPA two was what was available at the time the show was made,

Right.

It allows for your device and the access point you're connected to, to

negotiate sort of an encryption key

Mm-hmm.

that all of your traffic is encrypted

Right.

one else listening in over the air will be able to decrypt your traffic.

And he's like, I could do this if I have time, but I don't have, you know,

because of he's saying it's gotta, yeah.

So he, he needs to

and what's, I was looking it up.

I was trying to find out, but WPA two actually has flaws that allow attackers to

crack your wifi password pretty quickly,

Oh, okay.

which is why they're, they've, uh, released WPA three, I think it's been

out for four years, five years as a

Mm. Right.

secure than WPA two and eliminates a lot of the security vulnerabilities.

So I guess that's a, that's an action item for people is to look into, uh,

you know, upgrading to WPA three, if that's available on your device,

but

but.

the problem is WPA three, if you want to use it, you have to enable

it on your wifi router or your access point, which means all of your client

devices need to support WPA A three.

So

Correct.

devices, like old iPads or laptops, or a lot of.

devices,

Hmm.

WPA three.

Right, right.

So even if you wanted to, you may not be able to.

Now some do

well you,

the mechanism of sort of WPA two or three, so it can

Yeah.

the two, but it's not

Yeah.

Sort of like with the 2.4 and the five.

Right.

Um, and so, you know, once again, it's like upgrade it where you can.

Right.

Um, and, uh, I mean, I mean, I still have devices in my house that only do 2.4.

Yeah,

right.

still have wifi three devices.

Really, really?

Yeah,

Wow.

Yeah.

I have a new, my Sovi.

My Sovi only does 2.4 and it's a new device.

Yeah.

Anyway.

wifi three, I mean like 54 megabit per second.

Fastest speed possible.

Wow, that, that's some, that's some old stuff right there.

Yes, it's my printer.

Oh, of course.

Well, yeah.

Um, what's a printer?

Anyway, sorry.

All right, so, so he goes with O option number three, right?

So first thing failed, second thing failed.

He goes with option number three.

Which is he realizes that the police cars are connected to the network

via 4G and, um, uh, and he can connect to the car via Bluetooth.

And, um, this is where, you know, he, he relies on a time tested method and

that is sex, um, and stupid boys, right?

So he gets, um.

appeal, if you

Sex appeal?

Yeah.

Well, not sex, I guess not sex.

Right.

But, but sex appeal.

Yeah.

Uh, so he gets Darlene to, you know, sort of, she drops her thing, you

know, down the shoulder and she goes over to, Hey, how are you?

Right.

And the stupid cop, you know, because boys are stupid.

The stupid cop is like, oh, hello, how are you?

You know, just, you know, like, like he.

Thi this is what I would call bad situational awareness, right?

He needs to understand, and, and I'm surely that he's taught this, not just

from a cybersecurity perspective, but from a, um, from a life's perspective.

He's a police officer.

Bad things, you know, can happen and that they can literally bring up.

I mean, I, I've watched Alia, I've watched all of Alias, right?

75% of the plots of alias are Jennifer Garner looking amazing,

trying to distract somebody.

Right?

And, uh, that, that, that happens, you know, uh, that I know that

happens all over the place, right?

But you, you'd think that a police officer would be trained better than to, you know,

for some situational awareness that if some girl just comes up and approaches you

and leans in and starts hitting on you.

Maybe you should just, you know, check your six.

Right.

but

he,

also might be that maybe he did look around the car because he

thought, like, as a cop, right?

He was like, oh yeah, maybe other people might be approaching me.

But he's not necessarily looking at his computer screen.

I don't know.

Well, it's just, it's his job to look at the computer screen, right?

No, I

Isn't that part of his job?

Not, not, I don't mean in terms of supervising, and I'm just saying,

But

you know.

when he needs to, he will

Well, in this time he didn't look at it none of the time because he's

looking at Darlene the whole time,

And so

right?

so just for, for people, so the cop is sitting in the PA in the driver's seat.

Yeah,

is at his window on his

yeah,

his computer screen is on his right.

yeah.

And he, she has all his attention because that scene lasted.

Minute or so, you know, uh, yeah.

And he's over there like hacking away and the guy, and he's, you know, uh, Elliot is

taking control of his computer and if he just looks over there for like a second,

he would see, and he does towards the end.

Towards the end, he is like, oh, and his reaction is, oh, my computer's

on the fritz, not, why is there a command and control window up in

front of my, I mean, I get that, like the average person probably doesn't

understand what that would mean.

Um, and, um, but yeah, so he does successfully.

Um, and there was that he, uh, Elliot does have a moment where

he allows them to free Darlene,

yep.

uh, because he's like, I, I just need to press go, but I'm not gonna press go

until you drive away and let Darlene go.

Right?

Uh, so he does that and we do later find out that it's a good thing

that he did that because, you know,

Yeah.

got.

here's one thing I want to know, right, is if you were the prison

network or whatever else, right, the

Mm-hmm.

Mm-hmm.

would you allow a cop car, which is probably not very secure,

Um,

access to your prison network?

well, the answer would be, um, video download.

No, but even then, it should be a very specific

Yes, it should be a very specific use case, a very specific port and a system.

You're allowed to, you know, do this.

Right.

Because

Agreed.

Elliot FTP something to the cop car, and then from the cop car,

he f TPed that, or migrated that

Yeah.

Yeah.

network.

Right, right.

Um, which then gave him, uh, control of the prison network.

Um, yeah, it's a very good point, right?

I was also gonna add Bluetooth security, right?

Uh, because that does exist.

It exists in most anything.

And you have to, like, you, if you're gonna control a device with Bluetooth,

it's like, you know, when you first pair something, it's gonna pop up a number.

It should pop up a number, and you need to look at the screen and tell

the number, which in any scenario would've stopped this attack.

If you use a standard Bluetooth security, it would've popped up a number on the

screen of the cop car, and he would not have been able to see the number

unless he employed Darlene to go to, to say the number out loud or something.

Well, I think that works in some scenarios, Curtis, but I don't think

in all, for instance, keyboard has

Uhhuh,

dongle.

right.

Right.

I plug it in.

It doesn't ask me for anything.

No, it doesn't, but I'm saying it could.

It could, yes.

Right.

And, and in this scenario, you would think that the, the Bluetooth that is capable

of controlling the, the car would, uh, would have that as a feature, right?

the other thing is, do they even need Bluetooth?

Yeah, that,

Right.

I was about to say the same thing.

Why does it, why does it need Bluetooth?

Right.

Is it what, what exactly Well is like, maybe is is is camera, the, the, the body

cam, is that connecting via Bluetooth?

No, they didn't.

They had Bluetooth because that's what the plot needed.

Okay.

Prasanna.

The cop wanted to listen to his music on the, on the stereo?

Yeah.

With his Bluetooth, with his AirPods.

Um, back then, 'cause there's actually one, there's actually AirPods.

Yeah.

Probably AirPods, but not, but the Bluetooth headsets did,

Yeah.

uh, there's actually one in the episode I remember.

Uh, when, um, when Angela goes to visit Terry Colby, the sun turns his

head and he's got one of those black

i I had

yeah, yeah, I had one of those too.

It, you look like, you look like such a. Uh, idiot.

I think back when you, when you wore those, I don't know, you

just seem like you know, whatever

love the Bluetooth headsets, especially on calls.

you mean back then now or, you know.

Yeah.

Yeah.

I, I as well, but I don't know.

They were just so big.

They just, I don't know.

There was something, I think when you, when they first came out, they,

they looked kind of, I don't know,

but anyway.

them.

I still like them.

I, I did too.

I had,

headset.

had one of the Plantronics ones that went around the ear and the thing over here.

Oh, do you?

Why?

Why do you still have it?

Well, it's not broken.

You know what I remember, I remember I had a Plantronics

desktop, um, Bluetooth for my phone.

Okay.

Uh, 'cause I had a desk phone.

Right.

And what I remember was

I would forget that I was on a desk call

Oh,

and I had my Bluetooth headset, and I would get in my car and drive away.

And then at some point, the, the, the, the thing would drop.

And I'm like, oh, sorry, crap.

I still use a over the ear headset for my calls.

Really?

Why?

Uh, I find it more comfy than, and the quality audio quality is better.

And then I also like the fact that it comes with the mic, that you can actually

flip up to know for sure that something

Okay.

Okay.

because I never can remember is it muted or is it not?

And

Oh, oh, it mutes when you flip the mic up.

Gotcha, gotcha.

Alright.

One funny story and then we'll, we'll put this episode to bed.

A hundred years ago I was working at a consulting company and we used

to live in corporate housing and there were like three of us that

were in this corporate housing.

This story takes place in Marina Delrey for those of you that are familiar with

that in the Oakwood corporate housing.

And we were all sitting around.

We had a speaker phone, we were all sitting around on the mandatory,

like Monday morning conference call and this our direct boss.

Was blabbering on.

Okay.

And I reached over, pressed the mute button, and I said,

what are you still talking?

He is like, why are you still talking?

You know?

But I muted.

And then I was like, I said, I exclaimed something.

And then there was a pause and it was like, what?

What did you say?

And I go.

Uh, that's when we learned and we found out later that the, that the mute button.

It didn't work on the speaker,

no,

light would come on, but it didn't, but it, it didn't actually mute the call.

And so I, so luckily there were several of us, and this was

because nowadays would like zoom.

It would be like, Curtis just blurb something else.

You know, your, your picture would pop up on the screen, but at least in this

case, just some random, and I said, it really whatcha talking about, you know.

And, and I was like, what, what was that?

And I was like,

Uh,

and this is how Curtis almost got fired anyway.

the 10th time

Yeah.

Yeah.

I've only been fired, hired like three times in my life when I

all, all, when I was younger.

Um,

So, all right, so what's the recap for this episode?

So again, continued security, right?

So obviously, uh, devices or USB devices bad, right?

Trusting USB ports, bad trusting.

Um, even, even the fact that like if you're, if you're truly concerned

about like cell phone security, put that cell phone in a Faraday bag,

Mm-hmm.

right?

That's the thing.

Um, that would've stopped.

bag for people

a Faraday bag, uh, comes from the idea of the Faraday cage, which is come from

the name of the guy, and basically you put the cell phone in a Faraday bag.

It's unable to communicate outside that bag.

I've been in facilities where you had to leave your phone and you

had to put it in a Faraday back.

In schools, they make you do that too for kids?

Oh, do they?

Yeah.

They make you put it in a bag so you can't communicate outside.

And then I think it has like a lock that only opens at certain times.

Interesting.

Um, and then, if you have an external device, in this case a police car

that has network access, that device should be very limited, right?

It should be for the very specific use case, the very specific port and device.

Yeah.

you should at least be monitoring to be like, Hey, why is it uploading files to an

Yeah, yeah,

when that should never be happening?

yeah.

I, I would say yes, and I would say, and you should be

monitoring, but, um, and then, um,

oh, and if you get offered something enticing, check your six.

Yeah, or just think about if it's too good to be true.

It's like, Hey, why don't you see, uh, CISO come out to this great resort.

We're doing this giant conference and we'll

Yeah,

about things and

yeah,

And you've never heard of the place.

yeah.

Do you mind

I, I actually watched, uh, I watched an exploit with that where basically they.

They wanted to exploit a person.

They sent him an invitation to be a speaker at their show,

hmm.

right?

They had a full like, you know, trade show website and everything.

And they said, we'd like you to speak at this show.

And then, um, they, um, um, so I lost my train of thought.

Oh.

And so they said we'd like to just have a quick zoom call.

Hmm.

Prior to the show to just make sure, you know, set expectations

and everything, like I said.

Sure.

And so they sent him a link.

That link was not a Zoom link.

Hmm.

That link was a malicious link that immediately downloaded the

malware and then opened up Zoom

Mm.

so it could have been stopped by, you know, and so basically what you're

counting on is the person being distracted because they're, you know, they're, um.

Their pride, et cetera.

You know, they're, they're just thinking about, oh, I'm gonna, I'm gonna, and,

and they had like a speaker's fee.

They were gonna pay a speaker's fee and so Yeah.

Boom, boom, boom.

And the guy clicks on the thing and it, and the, the exploit runs in like,

Yep.

you know, milliseconds and then he opens up Zoom and so you

never thought anything of it.

Right.

Um, and uh, then immediately they're controlling the guy's network.

people are the weakest link.

They are.

They will continue to be that way.

All right.

Well thanks Prasanna for, uh, having another chat.

No, this was good.

I'm gonna go hunt around for some random USB sticks on my next walk.

So have you

I'm going to

USB stick on your walk yet?

No,

Okay.

I have encountered USB sticks in the wild, but not on any of my walks.

Okay.

I have encountered.

Really weird stuff.

The my favorite thing that I picked up yesterday was, um, was,

um, the instruction manual for some sort of electronic device.

I was like, a lot of the stuff I understood, like it was like,

you know, slim jim wrappers and, you know, things like that.

Like it, it's, somebody bought a snack into seven 11, they want to throw it

out the window before they get home and get busted for having a slim jim.

But why was there.

Um,

don't know.

I don't know that.

But anyway, I'm gonna drive around and, you know, hope that some young girl

leans in the window and talks to me.

okay.

But if she does, I will check my six.

Yes.

Well, thanks, uh, for listening everybody.

That is a wrap.

The backup wrap up is written, recorded and produced by me w Curtis Preston.

If you need backup or Dr. Consulting content generation or expert witness

work, check out backup central.com.

You can also find links from my O'Reilly Books on the same website.

Remember, this is an independent podcast and any opinions that you

hear are those of the speaker.

And not necessarily an employer.

Thanks for listening.

I.