Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

November 9th, 2024  |  1 hr 37 mins

apple, apt research, cisa, nation-state, palo alto, sophos, zero-day

Three Buddy Problem Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.

Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days

July 12th, 2024  |  1 hr 11 mins

apple, at&t, cisa, csrb, microsoft, snowflake

The 'Three Buddy Problem' Podcast Episode 4: Listen as the hosts delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute

June 22nd, 2024  |  46 mins 55 secs

ai, apple, csrb, microsoft

Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also discuss the KL ban.

Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars

October 18th, 2022  |  59 mins

apple, car hacking, iphone, lockdown mode, pwn2own, self driving cars

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Famed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet.

Costin Raiu on the .gov mobile exploitation business

December 23rd, 2021  |  41 mins 18 secs

android, apple, exploits, ios malware, nso pegasus, psoas, zero-day

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Amanda Gorton, co-founder and CEO, Corellium

December 20th, 2021  |  46 mins 20 secs

apple, corellium, emulation, ios, virtualization

Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.