October 3, 2025 • 31 mins
We unpack how Apple’s Memory Integrity Enforcement changes the rules of mobile security by rebuilding memory architecture, not just adding guardrails. We weigh who should upgrade now, what this means for Android, and why people remain the biggest risk.
• memory corruption explained with apartment analogy
• why NOP sleds and heap sprays fail under MIE
• tags, type segregation, and synchronous checks at runtime
• market-share vs design: Apple, Windows, Android trade-offs
• Pegasus, zero-click exploits, and threat profiles
• game hacking parallels: reading vs corrupting memory
• should you upgrade: high-risk users vs everyday users
• why architecture-level security beats bolt-on tools
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:01):
Alrighty then, ladies and gentlemen, welcome
back to another episode ofPrivacy Please.
Cameron Ivy here with Gabe Gums.
And uh it's another week,another another thing happening.
We got a pretty interestingtopic to talk about today, Gabe,
but before we get into it, howhow are things on your end?
How's uh how's life?
(00:22):
Life's decent.
No complaints.
How are things on your end?
Good.
Just uh staying afloat in thiscrazy terrible economy.
SPEAKER_00 (00:32):
In this economy, who can afford to stay afloat?
SPEAKER_01 (00:35):
In this economy?
SPEAKER_00 (00:37):
This economy, who could afford to feel terrible?
I mean, and the rich get richer,right?
So this economy, who couldafford to get richer?
Oh, that's right.
Forgot about it.
That's right.
SPEAKER_01 (00:47):
Wait a minute.
Um, all right, so there was abig thing, so let's dive in.
Um there was a big thing thathappened with Apple recently.
Um, so Apple announced a newsecurity feature in Apple or
iPhone 17, which is calledMemory Integrity Enforcement, M
I E.
(01:08):
It's built directly into the newA19 chip, and everybody's you
know, security experts.
Uh, I want to get your expertopinion, but security experts
are calling it the biggest leapforward in mobile security in
over a decade.
Um so let's talk a little bitabout what that actually is.
So before we dig into that,Gabe, let's give the listeners a
(01:31):
little history on what for thelast 25 years, I think it was,
um even uh uh Microsoft, youknow, iPhone, whatever it is,
people have been hacking intothose using something called uh
memory corruption.
SPEAKER_00 (01:47):
Yeah.
SPEAKER_01 (01:48):
Uh what is that what does that exactly mean?
SPEAKER_00 (01:52):
So it means that so let's break it down quite
simply.
When when you're attempting touh take over a system, there's
different ways that you can goabout that.
One of the simpler ways is youcan just get access to the users
that have access, right?
So like you know, you become theadministrator.
(02:14):
Um, but in other cases, you needyou need to get you you you need
to be able to get to that level,right?
Like you don't even start out asthe administrator, you might
start out as a lower level, alevel privileged user of the
system.
And so essentially, you need toget your malicious code onto the
machine.
Whether that getting themalicious code onto the machine
is for the purpose of likegetting again, like elevating
(02:35):
your privilege or just likegetting a foothold onto a
device, you have to get yourmalicious code onto the system.
And one of the more practicaland reliable ways to do that
over the last two and a halfdecades has been to yeah, use
memory corruption techniques tocorrupt memory that is either in
(02:58):
use or not in use for thatmatter, but the memory on the
system and put your maliciouscode into that memory.
And so then when the systemaccesses that memory, it
accesses your malicious code.
Right.
And so essentially what MIEmemory integrity enforcement is
doing, as the name suggests, isit's gonna make it more
(03:20):
difficult for you to corruptthat memory.
Um and hell, memory corruptionattacks, you know, go back even
before, well, I guess certainlyuh hacking and slash cracking.
So even like early video gamecracking, like, you know, relied
on similar techniques where thegame, when it started up, would
(03:44):
look within a certain space inmemory to check if information
you entered, like the serialnumber, was valid.
And so you could crack games bygetting the memory to always
return a true statement when itchecked that memory.
Like, so corrupting memory hasbeen a cracker and a hacker's
(04:07):
like essential tool for a longtime.
I'll give the listeners one moreslightly technical one and we'll
we'll kind of get back to it.
But this is why it's been it'ssuch, it's it's such kind of
it's it is really a big deal.
Like, I'm inclined to agree thatthis is one of the more like
legitimately useful securityadvancements in a very long
time.
And thankfully, it's not justsome you know security product
(04:30):
one needs to go buy.
Like doing this, building thisinto the infrastructure is
definitely going to change thegame.
So there's another um attacktechnique called a you know a
knob sled.
Um it's called a no operationside so noop sled, knob sled, no
p, it stands for no operation,right?
(04:50):
So it's an instruction thattells your processor, in this
case the A9 processor, to donothing.
And then sled, right?
It's a slide or a runway.
And so when you put those twothings together, what you get is
you get this sequence of donothing instructions.
So a list of do nothinginstructions in a row, and they
almost act like a runway leadingright to your malicious code.
(05:13):
And so why is this necessary andhow does it work?
So, like when you corrupt memorybugs inside of machines, you
don't always know where thatcorruption might land in memory.
Because in memory, there's youand I were talking offline about
this, you can use an apartmentanalogy.
Every apartment is a differentmemory block.
(05:34):
So when you get an applicationto overflow its memory buffer,
you might not know where it'sgonna overflow into.
So you might flood apartment 1A,and you're trying to figure out
where that spill is gonna landbecause you want to put your
malicious code in apartment 2B,but you don't know what it is.
(05:55):
So no operation sledsessentially allow you to put it
at the all the way at the end ofthis memory block.
And then no matter where in thisblock it lands, it will find
your malicious code.
So memory integrity enforcementcompletely breaks shit like
this, too, which is huge.
Memory integrity enforcementwill break every single no
(06:17):
operation sled, which is a signlike that's a lot.
That that is just again, that isa common tool in the tool belt
of the average attacker cracker,right?
But here's how it breaks itevery every apartment now has a
unique tag.
So you would need to spanmultiple tagged apartments
(06:38):
somehow, but they all uniquelytag, so the system knows these
aren't these aren't related.
They also what they alsosegregate them by type.
And so each memory is nowsegregated by type.
So if you try moving data typesacross them, that's also gonna
fail.
There's now synchronouschecking, so any mismatch in
(07:00):
those taggings, et cetera, isgonna cause it to fail.
So, like this, I do have toagree, apologies for the the
propellerhead rant there, butthis is a significant, this is a
significant advancement in insecurity.
And it's simply through changingfundamentally how the
architecture of memory works.
(07:21):
And this is what this is what Ithink is really important for
all of security to pay attentionto.
We can't just keep trying tobuild more security tools and
slap them on top of alreadybroken infrastructure.
We've got to change the veryinfrastructure.
SPEAKER_01 (07:34):
So are you saying from what I was hearing you say,
with this new development forthe iPhone, is it more of like
instead of just putting upguardrails or band-aids, they've
actually done, they've builtsomething smarter.
Yes.
Right?
SPEAKER_00 (07:50):
Yeah.
Okay.
They've completely changed howmemory works and is allocated on
the chip as opposed to trying tobuild something on top of it
that maybe checks before it goesinto memory or checks after it,
as it checks while it's running.
We have tons of security toolsthat do all those things.
But ultimately, none of themsolve the problem, which is that
the memory environment itselfshould have been able to protect
(08:11):
itself.
The apartment building shouldn'tallow you to punch through the
hole in 1A and get to 1B andessentially give you a way to
throw your malicious code inthere.
It should have never allowed forthat.
SPEAKER_01 (08:25):
That's crazy.
What was it?
Give give me a real-worldexample, like a simple example
of why someone wouldn't hackinto an iPhone.
Well, actually, that's a sillyquestion.
I know why they want to stealall your information.
SPEAKER_00 (08:40):
You want to steal your information?
There's there are you know,there's that technology,
Pegasus, that is sold um largelyto governments as a spying tool.
Um that's true.
It allows it allows uh allowsyou to to execute remote code
and land completely unknown ontodevices like iPhones.
(09:02):
It it closes a lot of holes, itcloses a lot of windows for
attack.
Um it I without question, in myprofessional opinion, the iPhone
17 might just be one of the mostsecure phones in the market now.
Yeah.
Yeah.
(09:23):
Well, I'm glad I have one.
Well, good for you.
I I um it's a struggle becauselike I'm a big fan of the
Android phone platform, hugefan.
Um, it it allows for a lot moreflexibility, allows for greater
privacy control, but it's reallydifficult to turn like privacy
without security is nothing.
(09:44):
So Yeah.
SPEAKER_01 (09:46):
Well, while we're on that subject, like we were
talking about offline.
Let let me let me set you uphere.
Because I think uh the generalpublic would think, okay, Apple
has always had that reputation,and maybe it's the reputation
that is kind of maybe peoplejust don't understand.
And but for the longest time, Ialways thought, at least
personally, that Apple hasalways been a very safe like
(10:10):
operating system, you know, itwas very hard to quote unquote
hack.
And it was always like aconsistent kind of thing.
When you look at Microsoft orAndroid, those were there were
more holes there.
And because I think of theflexibility like you were
talking about, does that I mean,is there is there a
misconception there with theApple thing over these years
(10:33):
when it comes to privacy?
SPEAKER_00 (10:35):
There is a little bit of um a little bit of
oversubscribing to that, maybe.
I don't know if it's amisconception, it is it is a
true statement, but maybe fornot all the reasons people have
thought, right?
So, and maybe not as as asgreatly to the degree as those
have thought.
Some of it is just about attackservice.
And so, you know, if you want tohave the greatest impact, let's
(11:00):
say you're a terrorist, youyeah, whoa, whoa, whoa, whoa.
Don't negotiate with them.
Don't at them and don'tnegotiate with them.
But you you might not spend timeplanning an attack against a
town with 500 people.
You might plan an attack againsta town with five million people,
(11:23):
and so part of the the securityhas always been uh a market
share relationship.
Yeah there are there were alwaysa larger number of Windows end
users to go after, right?
Like from a ransomwareperspective, et cetera, right?
Like there were always just moreof those to go after.
(11:44):
So if I'm writing exploits andI'm trying to throw as wide of a
net as I can, yeah, you know, Igo after I I go into the city
with more people, I go into thef the pond with more fish.
So that has definitely alwaysbeen part of it.
No two ways about it.
Okay.
Um, but there is also part of ithas been some of the design
(12:05):
choices and some of the and someof the the overall technology
choices has made some of thoseplatforms more secure than
others.
Yes.
Um Apple devices definitely havehave uh have enjoyed better
security based on some of thefundamental decisions.
But some of those fundamentaldecisions were easier to make
also because Apple controls itshardware and its software
(12:28):
ecosystem.
When you buy a Mac, you buy ahardware device and you buy that
operating system.
When you buy Windows, you canbuy it separately as just
software, or you can go buy aLenovo, a Dell, an Acer, right?
Like those are all differenthardware.
(12:48):
And Microsoft has to get theirtechnology, their operating
system has to run across anungodly number of different
types of hardware.
Pretty much an infinite numberof different types of hardware
has to be able to run Windows.
Apple does have the luxury ofcontrolling the hardware
ecosystem of their platforms.
(13:08):
So it only has to run on alimited.
So you get to, you already startout by controlling your attack
surface a bit more.
And so, you know, the theconsumer notion that Apple is a
quote more secure platform isn'tuntrue.
But, you know, the nuances thatI just described might better
(13:28):
help understand why that thatstatement is is not just about
security.
Because if the numbers flippedovernight and more people, you
know, ended up with MacBooks intheir home than than Acer's and
Lenovos, then that that paradigmcould shift just like that.
SPEAKER_01 (13:45):
But you know, it's probably not not always.
I got some deeper questions Iwant to ask.
Um, but before we do that, youdid mention something about like
video game corruption, Ibelieve.
And it may or may not havementioned cracking video games,
of which I may or may not havehad some history with that in my
Can I Okay, well, I want to Iwanna dig in that because um I'm
(14:10):
always curious for context, ifanyone listening is a gamer, you
would understand um like a gamelike uh Destiny 2.
Destiny 2, we've had to dealwith I I couldn't play it
anymore because there were somany hackers that would uh
corrupt the game to cheat,basically.
My my question to you, likeyou've hacked games in the past
(14:32):
because you're an ethicalhacker.
What's the motive?
Like, why is it just to likemake games just to see what you
can do with them?
Is it the curiosity?
Like, what is the reason to hacka game?
Is it to piss off other people?
Like, what's what's the motivethere?
SPEAKER_00 (14:47):
I mean, you're you're definitely asking a super
subjective question.
I can tell you for myself, it itwas always curiosity.
It was always curiosity.
Um even the ones that I Icracked, um, I paid for them.
I I legitimately wanted tounderstand.
I was, you know, I came acrossyou know some things in like
Frac magazine that that taughtyou how to do it.
I was like, oh my God, thislooks awesome.
(15:08):
I have to, I had a I like I haveto understand this.
I want to figure this out.
Um, I don't I'm super hypercompetitive, so for me, there's
not a lot of fun in actuallycheating, right?
Like winning by cheating doesn'tdo it for me.
But I think like that differs,right?
Because, you know, there's alsoa whole other level of
competitors that will absolutelycheat to win, because you know,
(15:31):
like that's why people dope.
Like, because they're they'rehyper competitive, but in a
different way.
Like, I I get very competitive,and for me, cheating just
wouldn't satisfy me in the sameway.
Like it just wouldn't, it justwouldn't satisfy me.
Like, I'd rather lose go home,get better, come back and whoop
that ass again, right?
SPEAKER_01 (15:49):
I agree.
I mean, that's yeah, becausethat the the whole point of like
games that are hard is is likethat grind of like that's the
fun part about it.
That because it almost relatesto life in general, like the
grind of life, yeah, the journeyand the growth and like getting
better at something instead ofjust skipping to the end, and
(16:10):
then you're like, well, fuck, Ibeat it.
Now what?
Like that was you know, likewhat's the point of that?
Uh I don't know.
Cheating in games isinteresting, but hacking them
and um out of curiosity toexplore and see what you can do
is kind of more interesting forsure.
Yeah.
SPEAKER_00 (16:27):
But okay.
So some of the so some of theattacks that that some of the
some of the the uh the hackingthat you saw like in Destiny 2
was also very much based on onmemory type attacks, right?
So like some of them read memorylocally so that they could do
(16:48):
things like go through walls,etc.
Right?
Like if you just write spacememory, yeah.
SPEAKER_01 (16:54):
Basically, you have a gun that doesn't like you
don't even have to aim, it justyou know, like crazy things like
that, yeah.
SPEAKER_00 (17:00):
Right, right, right, right, right.
SPEAKER_01 (17:02):
They'll have like a uh a rocket launcher or
something where like a uh handcannon that's a rocket launcher,
just something crazy that theyso think about it this way: like
the game needs to know where youare in the world.
SPEAKER_00 (17:18):
Right?
And so you can be behind a wall.
And I don't know you're behindthat wall, but the game needs to
know that you're there.
And so like that informationabout where you are is in
memory.
Ah okay.
Yeah, that makes sense.
And so if I can read thatmemory, like forget even
corrupting it.
If I can just read it and know,like, ah, Cameron's there.
SPEAKER_01 (17:37):
Like Okay, yeah, because there's point there's
actually points in the gamewhere you can you have a radar
that shows you where people are.
Yeah.
SPEAKER_00 (17:44):
So there's probably a way that people cheat to have
that radar always on.
And that and that legitimatefunctionality that is used to
even show you like where yourteammates is, is the same
legitimate functionality thatyou can try and and and exploit.
Like it that that thatinformation is stored in memory,
like ah, and it updates memoryas Cameron moves.
Like, ah, Cameron's a positionblank, flank, yeah, and if I can
(18:04):
read that position, then yeah.
SPEAKER_01 (18:06):
The other ways that you know that someone's cheating
in that game is when theyglitch, they will physically
glitch where you can't even hitthem because they're always
moving in a weird in a weirdway.
SPEAKER_00 (18:19):
Probably messing with memory also.
Like the memory thinks it washere, and then all of a sudden
it's like, no, it was over here.
Like, wait, yeah.
SPEAKER_01 (18:25):
So you're basically just poking holes and making,
yeah.
It's an okay, that's anothergood analogy, then the video
game one.
Um so do you, Gabe, if you'relet's say you're an Android
user, you're an iPhone user,you've had it for a while, is
this is this type of new updatefrom Apple, is this worth
upgrading for?
SPEAKER_00 (18:46):
I think that's an individual assessment.
I think everyone's gonna have tomake that assessment on an
individual basis, and here's theprimary reason why.
Um it's really about threatprofile, right?
So who you are and what were youworried about in the first
place?
(19:07):
So the average user was alreadypretty safe.
They were already pretty safe ifthey are on an iPhone, and even
if they're on an i Android,they're pretty safe.
Um, the bonus that you're gonnaget here is a little bit more of
maybe like military gradesecurity.
Uh arguably, however, if privacymatters to you, you can never be
(19:30):
secure enough.
unknown (19:32):
Okay.
SPEAKER_00 (19:33):
Privacy matters, you can never be secure enough.
But for the average user, is itworth dropping the cash and
upgrading?
I don't know that it is, becauseit's a lot of cash.
Like it's expensive.
Now, if you're a high riskperson, if you are an activist,
a journalist, an executive, um,you know, maybe at a publicly
(19:53):
traded company, a cybersecuritycompany, then yeah, I think if
you fall into the high-riskcategory, people, it's worth it.
That that dropping an extra twoG's to do this is absolutely
worth it.
I I think so.
I do believe so.
Um it does depend on your ownthreat profile.
unknown (20:13):
Yeah.
SPEAKER_00 (20:14):
Well, I tell would I tell my mom to go upgrade to the
17?
No, I don't think she needs toworry about it.
Do I think um, you know, if ifyou are if you were journalists
at all, should you?
Yes, 100% you should.
SPEAKER_01 (20:28):
You hear that journalists?
Go upgrade.
Yeah.
Okay, so I don't think we'veever seen a history of Android
or Microsoft or whatever kind offollowing suit with what Apple
does.
Maybe they do in their own way.
Do you feel like Android wouldfollow suit with a feature like
this that's built internally tothe phone?
SPEAKER_00 (20:50):
Uh so I have to plead a tiny bit of ignorance.
I'm not certain if they do nothave uh I don't so they actually
I think I know the answer.
So I'm still gonna plead alittle bit of ignorance.
That's fine.
We don't know everything, Gabe,and it's okay.
Well, because here's the thingmuch like my Apple analogy and
(21:10):
you know the iPad versus aWindows laptop, Android phones
have the same challenge.
They use different chips.
Samsung uses a different chipthan Huawei, then you know
whoever else makes other Androidphones, then the Google phone,
they're all different chips.
This security feature is builtinto the A9 chip.
(21:31):
So if any of those other Samsungphones are already using the A9
chip, which I don't think theyare, I think it's exclusive to
Apple, then they would get thebenefit of this.
Um, do I expect to see this cometo Android phones?
I would hope so, but it wouldrequire the chips that they're
using to adopt these features.
(21:53):
So this isn't just a matter ofupdating the Android software
layer.
This is a matter of updating thechip that the Android software
sits on top of.
This is again where Apple hasthat advantage.
They control the ecosystem oftheir hardware and their
software.
SPEAKER_01 (22:12):
Do they also?
I haven't looked it up and maybewe don't know, but I'm pretty
sure this MIE feature isprobably proprietary to them.
Is what you're saying, maybe?
It is proprietary to that chip.
That chip, okay.
Interesting.
I guess maybe, and I I'm gonnaplay the dumb person here
(22:32):
because, well, I'm not playingit.
Sometimes I am it.
And I'm okay with admitting it.
How I mean when you learn Yeah,I mean, well, you know, I can
always research, but um No, Imeant by admitting that we do
not know things.
Yeah, honestly, I don't um I Ilearn in the action sometimes.
(22:53):
I'm not I'm not a huge reader,but anyways.
How how does I mean everybody'sgot their own individual phones?
How does one hack?
How do how do you like not gethacked in the first place?
Is this something when someone'sin passing, or do they hack
through your network?
Is there multiple ways to do it?
(23:14):
Like, what does that look like?
What should people be lookingout for?
SPEAKER_00 (23:16):
Are some attacks that don't require any
interactions from you at all?
Someone can simply sessage toyour iPhone.
Got it.
That you do not even have tointeract with, and it will so
basically like a phishing email,but to your except one you don't
(23:37):
even have to open.
And so those types of attacks doexist.
Those types of again, those arethe kinds of things that like
Pegasus is designed for.
It is it is designed to uh to beable to to that efficiently and
silently um infiltrate someone'smobile device.
And every year there's acompetition called Pwn to Own,
(24:00):
PWN number two own.
And they give out large prizemoney for these no interaction
remote code execution exploits,like I just described, the
remote code execution exploit,something that you can execute
remotely that does not requirein any interactivity, that will
(24:21):
on the black market, graymarket, and the otherwise I
guess one should only call it agray market, but on both the
gray market and the black marketof exploits, these things sell
in the six to seven digit range.
And what's likely to happen isMIE is probably only going to
drive the price of that up.
(24:42):
If you're able to discoverattacks, remote, no interaction,
remote code attacks against aniPhone 17, that that's worth
easily seven seven figures andabove.
SPEAKER_01 (25:01):
Damn, I missed this earlier, and that might have
helped me uh better understandthe research, but it was saying
that they did six real attackchains that all failed with the
new chip.
So I guess you kind of namedsome of those chains, correct?
SPEAKER_00 (25:16):
Yeah, yeah, like no operation sledge.
Yeah, there's there's differentkinds.
Absolutely.
There's heap spraying attackswhere you essentially just you
you try and throw your payloadacross multiple different parts
of it.
Yeah, yeah.
There's there there aredifferent, there are different
uh some of them aren't evencorruption necessarily.
(25:37):
Some of them are just you knowgetting unauthorized access to
it, reading parts of memory thatyou aren't supposed to have
access to read, right?
Like again, back to that analogyof the apartments.
Like you're not even supposed tobe able to peek into the
apartment and know what's inthere.
But knowing what's in theregives me information.
SPEAKER_01 (25:55):
Now, with all that being said, Gabe, this is a
great feature, good step aheadfor mobile security for sure.
But the number one thing thatyou gotta remember, people, is
that it doesn't fix people.
SPEAKER_00 (26:10):
No.
SPEAKER_01 (26:11):
Because the people that have the phone could still
make the mistakes.
Yeah.
SPEAKER_00 (26:15):
Yeah, yeah, yeah, yeah, yeah, yeah.
There's uh you can build abetter mouse trap, but Mother
Nature will build a bettermouse.
Mouse rat.
That's right.
That's right.
Cocaine mouse.
SPEAKER_01 (26:33):
Oh man, I can't.
Well, you've lived in New York,so you've probably seen some
monsters.
Definitely seen cocaine mouse.
There's no two ways about it.
Like, what's the biggest sizeyou've ever seen, like of a rat?
I mean.
SPEAKER_00 (26:47):
Nose to tail, my my forearm, easy.
Like we're sure that wasn'tsplinter, right?
No, I mean I'm not sure, but youever seen that video of pizza
rat in New York City?
That dude's just fucking No.
He's yeah, he's dragging a wholeslice of pizza up a flight of
New York City stairs subwaystairs, like middle of rush
(27:09):
hour.
Like, just like people are justlike, as you were, sir.
At your slice.
SPEAKER_01 (27:14):
What's going on, Frank?
SPEAKER_00 (27:15):
You would push it.
No, that's just just Frank.
He's just at getting a slice.
Slice!
SPEAKER_01 (27:23):
I love that.
Um, any other any other pointswe want to lay out that we
didn't touch on?
SPEAKER_00 (27:28):
No, this is this is one of those more interesting
security.
Like, you don't get a lot ofthese like really big leaps in
security that happen like that.
There's been tons of breachesthis week we could have reported
on, etc.
But this one is game-changing.
It's game changing from aprivacy perspective, too.
Again, who should who should betaking note?
You know, journalists of theworld, anyone with serious
(27:48):
privacy worries, theydefinitely, definitely, you
might want to highly think aboutand or investing in uh in this
in this technology.
Yeah, you think Trump has aniPhone 17?
Um I don't know.
I I don't know at all, actually.
I I hope he has I hope he hassomething very secure.
(28:10):
Uh I mean I know our I know theUS government began adopting
things like Blackberries, secureBlackberries back when Obama
entered office and moved awayfrom proprietary um black
phones.
Uh I don't know.
I presume that I presume that atthat level there's probably
different phones for differentpurposes.
(28:30):
I would imagine and would hopeso.
SPEAKER_01 (28:32):
Yeah, that's true.
I mean, this would this the thisMIE uh chip, it took five years
to develop.
Uh apparently they kind of didit in quiet.
Yeah.
So I mean, um, it's prettyfascinating.
And we'll see if uh others willfollow suit, or I'm sure hackers
will find a way in and thenthey're gonna have to adapt and
(28:54):
grow just like everything else.
SPEAKER_00 (28:55):
That's the thing about making architectural
changes.
It it this makes itexponentially harder.
This isn't this isn't just abasic cat and mouse game any
longer.
Like it completely changes howthe apartment building is even
built.
So, you know, again, just boringa hole through the wall isn't
enough anymore.
Like, it just it changes thenature of not just what you have
(29:20):
to attack, but how you have toattack it.
It's huge.
It's yeah, it's not this is notan incremental advancement at
all, not in security.
Security and proof and privacy.
This is beyond incremental, thisis exponential.
SPEAKER_01 (29:33):
There you have it on privacy, please.
Appreciate it, Gabe.
Appreciate you.
See you guys next week.
Alrighty then, ladies and gentlemen, welcome
back to another episode ofPrivacy Please.
Cameron Ivy here with Gabe Gums.
And uh it's another week,another another thing happening.
We got a pretty interestingtopic to talk about today, Gabe,
but before we get into it, howhow are things on your end?
How's uh how's life?
(00:22):
Life's decent.
No complaints.
How are things on your end?
Good.
Just uh staying afloat in thiscrazy terrible economy.
SPEAKER_00 (00:32):
In this economy, who can afford to stay afloat?
SPEAKER_01 (00:35):
In this economy?
SPEAKER_00 (00:37):
This economy, who could afford to feel terrible?
I mean, and the rich get richer,right?
So this economy, who couldafford to get richer?
Oh, that's right.
Forgot about it.
That's right.
SPEAKER_01 (00:47):
Wait a minute.
Um, all right, so there was abig thing, so let's dive in.
Um there was a big thing thathappened with Apple recently.
Um, so Apple announced a newsecurity feature in Apple or
iPhone 17, which is calledMemory Integrity Enforcement, M
I E.
(01:08):
It's built directly into the newA19 chip, and everybody's you
know, security experts.
Uh, I want to get your expertopinion, but security experts
are calling it the biggest leapforward in mobile security in
over a decade.
Um so let's talk a little bitabout what that actually is.
So before we dig into that,Gabe, let's give the listeners a
(01:31):
little history on what for thelast 25 years, I think it was,
um even uh uh Microsoft, youknow, iPhone, whatever it is,
people have been hacking intothose using something called uh
memory corruption.
SPEAKER_00 (01:47):
Yeah.
SPEAKER_01 (01:48):
Uh what is that what does that exactly mean?
SPEAKER_00 (01:52):
So it means that so let's break it down quite
simply.
When when you're attempting touh take over a system, there's
different ways that you can goabout that.
One of the simpler ways is youcan just get access to the users
that have access, right?
So like you know, you become theadministrator.
(02:14):
Um, but in other cases, you needyou need to get you you you need
to be able to get to that level,right?
Like you don't even start out asthe administrator, you might
start out as a lower level, alevel privileged user of the
system.
And so essentially, you need toget your malicious code onto the
machine.
Whether that getting themalicious code onto the machine
is for the purpose of likegetting again, like elevating
(02:35):
your privilege or just likegetting a foothold onto a
device, you have to get yourmalicious code onto the system.
And one of the more practicaland reliable ways to do that
over the last two and a halfdecades has been to yeah, use
memory corruption techniques tocorrupt memory that is either in
(02:58):
use or not in use for thatmatter, but the memory on the
system and put your maliciouscode into that memory.
And so then when the systemaccesses that memory, it
accesses your malicious code.
Right.
And so essentially what MIEmemory integrity enforcement is
doing, as the name suggests, isit's gonna make it more
(03:20):
difficult for you to corruptthat memory.
Um and hell, memory corruptionattacks, you know, go back even
before, well, I guess certainlyuh hacking and slash cracking.
So even like early video gamecracking, like, you know, relied
on similar techniques where thegame, when it started up, would
(03:44):
look within a certain space inmemory to check if information
you entered, like the serialnumber, was valid.
And so you could crack games bygetting the memory to always
return a true statement when itchecked that memory.
Like, so corrupting memory hasbeen a cracker and a hacker's
(04:07):
like essential tool for a longtime.
I'll give the listeners one moreslightly technical one and we'll
we'll kind of get back to it.
But this is why it's been it'ssuch, it's it's such kind of
it's it is really a big deal.
Like, I'm inclined to agree thatthis is one of the more like
legitimately useful securityadvancements in a very long
time.
And thankfully, it's not justsome you know security product
(04:30):
one needs to go buy.
Like doing this, building thisinto the infrastructure is
definitely going to change thegame.
So there's another um attacktechnique called a you know a
knob sled.
Um it's called a no operationside so noop sled, knob sled, no
p, it stands for no operation,right?
(04:50):
So it's an instruction thattells your processor, in this
case the A9 processor, to donothing.
And then sled, right?
It's a slide or a runway.
And so when you put those twothings together, what you get is
you get this sequence of donothing instructions.
So a list of do nothinginstructions in a row, and they
almost act like a runway leadingright to your malicious code.
(05:13):
And so why is this necessary andhow does it work?
So, like when you corrupt memorybugs inside of machines, you
don't always know where thatcorruption might land in memory.
Because in memory, there's youand I were talking offline about
this, you can use an apartmentanalogy.
Every apartment is a differentmemory block.
(05:34):
So when you get an applicationto overflow its memory buffer,
you might not know where it'sgonna overflow into.
So you might flood apartment 1A,and you're trying to figure out
where that spill is gonna landbecause you want to put your
malicious code in apartment 2B,but you don't know what it is.
(05:55):
So no operation sledsessentially allow you to put it
at the all the way at the end ofthis memory block.
And then no matter where in thisblock it lands, it will find
your malicious code.
So memory integrity enforcementcompletely breaks shit like
this, too, which is huge.
Memory integrity enforcementwill break every single no
(06:17):
operation sled, which is a signlike that's a lot.
That that is just again, that isa common tool in the tool belt
of the average attacker cracker,right?
But here's how it breaks itevery every apartment now has a
unique tag.
So you would need to spanmultiple tagged apartments
(06:38):
somehow, but they all uniquelytag, so the system knows these
aren't these aren't related.
They also what they alsosegregate them by type.
And so each memory is nowsegregated by type.
So if you try moving data typesacross them, that's also gonna
fail.
There's now synchronouschecking, so any mismatch in
(07:00):
those taggings, et cetera, isgonna cause it to fail.
So, like this, I do have toagree, apologies for the the
propellerhead rant there, butthis is a significant, this is a
significant advancement in insecurity.
And it's simply through changingfundamentally how the
architecture of memory works.
(07:21):
And this is what this is what Ithink is really important for
all of security to pay attentionto.
We can't just keep trying tobuild more security tools and
slap them on top of alreadybroken infrastructure.
We've got to change the veryinfrastructure.
SPEAKER_01 (07:34):
So are you saying from what I was hearing you say,
with this new development forthe iPhone, is it more of like
instead of just putting upguardrails or band-aids, they've
actually done, they've builtsomething smarter.
Yes.
Right?
SPEAKER_00 (07:50):
Yeah.
Okay.
They've completely changed howmemory works and is allocated on
the chip as opposed to trying tobuild something on top of it
that maybe checks before it goesinto memory or checks after it,
as it checks while it's running.
We have tons of security toolsthat do all those things.
But ultimately, none of themsolve the problem, which is that
the memory environment itselfshould have been able to protect
(08:11):
itself.
The apartment building shouldn'tallow you to punch through the
hole in 1A and get to 1B andessentially give you a way to
throw your malicious code inthere.
It should have never allowed forthat.
SPEAKER_01 (08:25):
That's crazy.
What was it?
Give give me a real-worldexample, like a simple example
of why someone wouldn't hackinto an iPhone.
Well, actually, that's a sillyquestion.
I know why they want to stealall your information.
SPEAKER_00 (08:40):
You want to steal your information?
There's there are you know,there's that technology,
Pegasus, that is sold um largelyto governments as a spying tool.
Um that's true.
It allows it allows uh allowsyou to to execute remote code
and land completely unknown ontodevices like iPhones.
(09:02):
It it closes a lot of holes, itcloses a lot of windows for
attack.
Um it I without question, in myprofessional opinion, the iPhone
17 might just be one of the mostsecure phones in the market now.
Yeah.
Yeah.
(09:23):
Well, I'm glad I have one.
Well, good for you.
I I um it's a struggle becauselike I'm a big fan of the
Android phone platform, hugefan.
Um, it it allows for a lot moreflexibility, allows for greater
privacy control, but it's reallydifficult to turn like privacy
without security is nothing.
(09:44):
So Yeah.
SPEAKER_01 (09:46):
Well, while we're on that subject, like we were
talking about offline.
Let let me let me set you uphere.
Because I think uh the generalpublic would think, okay, Apple
has always had that reputation,and maybe it's the reputation
that is kind of maybe peoplejust don't understand.
And but for the longest time, Ialways thought, at least
personally, that Apple hasalways been a very safe like
(10:10):
operating system, you know, itwas very hard to quote unquote
hack.
And it was always like aconsistent kind of thing.
When you look at Microsoft orAndroid, those were there were
more holes there.
And because I think of theflexibility like you were
talking about, does that I mean,is there is there a
misconception there with theApple thing over these years
(10:33):
when it comes to privacy?
SPEAKER_00 (10:35):
There is a little bit of um a little bit of
oversubscribing to that, maybe.
I don't know if it's amisconception, it is it is a
true statement, but maybe fornot all the reasons people have
thought, right?
So, and maybe not as as asgreatly to the degree as those
have thought.
Some of it is just about attackservice.
And so, you know, if you want tohave the greatest impact, let's
(11:00):
say you're a terrorist, youyeah, whoa, whoa, whoa, whoa.
Don't negotiate with them.
Don't at them and don'tnegotiate with them.
But you you might not spend timeplanning an attack against a
town with 500 people.
You might plan an attack againsta town with five million people,
(11:23):
and so part of the the securityhas always been uh a market
share relationship.
Yeah there are there were alwaysa larger number of Windows end
users to go after, right?
Like from a ransomwareperspective, et cetera, right?
Like there were always just moreof those to go after.
(11:44):
So if I'm writing exploits andI'm trying to throw as wide of a
net as I can, yeah, you know, Igo after I I go into the city
with more people, I go into thef the pond with more fish.
So that has definitely alwaysbeen part of it.
No two ways about it.
Okay.
Um, but there is also part of ithas been some of the design
(12:05):
choices and some of the and someof the the overall technology
choices has made some of thoseplatforms more secure than
others.
Yes.
Um Apple devices definitely havehave uh have enjoyed better
security based on some of thefundamental decisions.
But some of those fundamentaldecisions were easier to make
also because Apple controls itshardware and its software
(12:28):
ecosystem.
When you buy a Mac, you buy ahardware device and you buy that
operating system.
When you buy Windows, you canbuy it separately as just
software, or you can go buy aLenovo, a Dell, an Acer, right?
Like those are all differenthardware.
(12:48):
And Microsoft has to get theirtechnology, their operating
system has to run across anungodly number of different
types of hardware.
Pretty much an infinite numberof different types of hardware
has to be able to run Windows.
Apple does have the luxury ofcontrolling the hardware
ecosystem of their platforms.
(13:08):
So it only has to run on alimited.
So you get to, you already startout by controlling your attack
surface a bit more.
And so, you know, the theconsumer notion that Apple is a
quote more secure platform isn'tuntrue.
But, you know, the nuances thatI just described might better
(13:28):
help understand why that thatstatement is is not just about
security.
Because if the numbers flippedovernight and more people, you
know, ended up with MacBooks intheir home than than Acer's and
Lenovos, then that that paradigmcould shift just like that.
SPEAKER_01 (13:45):
But you know, it's probably not not always.
I got some deeper questions Iwant to ask.
Um, but before we do that, youdid mention something about like
video game corruption, Ibelieve.
And it may or may not havementioned cracking video games,
of which I may or may not havehad some history with that in my
Can I Okay, well, I want to Iwanna dig in that because um I'm
(14:10):
always curious for context, ifanyone listening is a gamer, you
would understand um like a gamelike uh Destiny 2.
Destiny 2, we've had to dealwith I I couldn't play it
anymore because there were somany hackers that would uh
corrupt the game to cheat,basically.
My my question to you, likeyou've hacked games in the past
(14:32):
because you're an ethicalhacker.
What's the motive?
Like, why is it just to likemake games just to see what you
can do with them?
Is it the curiosity?
Like, what is the reason to hacka game?
Is it to piss off other people?
Like, what's what's the motivethere?
SPEAKER_00 (14:47):
I mean, you're you're definitely asking a super
subjective question.
I can tell you for myself, it itwas always curiosity.
It was always curiosity.
Um even the ones that I Icracked, um, I paid for them.
I I legitimately wanted tounderstand.
I was, you know, I came acrossyou know some things in like
Frac magazine that that taughtyou how to do it.
I was like, oh my God, thislooks awesome.
(15:08):
I have to, I had a I like I haveto understand this.
I want to figure this out.
Um, I don't I'm super hypercompetitive, so for me, there's
not a lot of fun in actuallycheating, right?
Like winning by cheating doesn'tdo it for me.
But I think like that differs,right?
Because, you know, there's alsoa whole other level of
competitors that will absolutelycheat to win, because you know,
(15:31):
like that's why people dope.
Like, because they're they'rehyper competitive, but in a
different way.
Like, I I get very competitive,and for me, cheating just
wouldn't satisfy me in the sameway.
Like it just wouldn't, it justwouldn't satisfy me.
Like, I'd rather lose go home,get better, come back and whoop
that ass again, right?
SPEAKER_01 (15:49):
I agree.
I mean, that's yeah, becausethat the the whole point of like
games that are hard is is likethat grind of like that's the
fun part about it.
That because it almost relatesto life in general, like the
grind of life, yeah, the journeyand the growth and like getting
better at something instead ofjust skipping to the end, and
(16:10):
then you're like, well, fuck, Ibeat it.
Now what?
Like that was you know, likewhat's the point of that?
Uh I don't know.
Cheating in games isinteresting, but hacking them
and um out of curiosity toexplore and see what you can do
is kind of more interesting forsure.
Yeah.
SPEAKER_00 (16:27):
But okay.
So some of the so some of theattacks that that some of the
some of the the uh the hackingthat you saw like in Destiny 2
was also very much based on onmemory type attacks, right?
So like some of them read memorylocally so that they could do
(16:48):
things like go through walls,etc.
Right?
Like if you just write spacememory, yeah.
SPEAKER_01 (16:54):
Basically, you have a gun that doesn't like you
don't even have to aim, it justyou know, like crazy things like
that, yeah.
SPEAKER_00 (17:00):
Right, right, right, right, right.
SPEAKER_01 (17:02):
They'll have like a uh a rocket launcher or
something where like a uh handcannon that's a rocket launcher,
just something crazy that theyso think about it this way: like
the game needs to know where youare in the world.
SPEAKER_00 (17:18):
Right?
And so you can be behind a wall.
And I don't know you're behindthat wall, but the game needs to
know that you're there.
And so like that informationabout where you are is in
memory.
Ah okay.
Yeah, that makes sense.
And so if I can read thatmemory, like forget even
corrupting it.
If I can just read it and know,like, ah, Cameron's there.
SPEAKER_01 (17:37):
Like Okay, yeah, because there's point there's
actually points in the gamewhere you can you have a radar
that shows you where people are.
Yeah.
SPEAKER_00 (17:44):
So there's probably a way that people cheat to have
that radar always on.
And that and that legitimatefunctionality that is used to
even show you like where yourteammates is, is the same
legitimate functionality thatyou can try and and and exploit.
Like it that that thatinformation is stored in memory,
like ah, and it updates memoryas Cameron moves.
Like, ah, Cameron's a positionblank, flank, yeah, and if I can
(18:04):
read that position, then yeah.
SPEAKER_01 (18:06):
The other ways that you know that someone's cheating
in that game is when theyglitch, they will physically
glitch where you can't even hitthem because they're always
moving in a weird in a weirdway.
SPEAKER_00 (18:19):
Probably messing with memory also.
Like the memory thinks it washere, and then all of a sudden
it's like, no, it was over here.
Like, wait, yeah.
SPEAKER_01 (18:25):
So you're basically just poking holes and making,
yeah.
It's an okay, that's anothergood analogy, then the video
game one.
Um so do you, Gabe, if you'relet's say you're an Android
user, you're an iPhone user,you've had it for a while, is
this is this type of new updatefrom Apple, is this worth
upgrading for?
SPEAKER_00 (18:46):
I think that's an individual assessment.
I think everyone's gonna have tomake that assessment on an
individual basis, and here's theprimary reason why.
Um it's really about threatprofile, right?
So who you are and what were youworried about in the first
place?
(19:07):
So the average user was alreadypretty safe.
They were already pretty safe ifthey are on an iPhone, and even
if they're on an i Android,they're pretty safe.
Um, the bonus that you're gonnaget here is a little bit more of
maybe like military gradesecurity.
Uh arguably, however, if privacymatters to you, you can never be
(19:30):
secure enough.
unknown (19:32):
Okay.
SPEAKER_00 (19:33):
Privacy matters, you can never be secure enough.
But for the average user, is itworth dropping the cash and
upgrading?
I don't know that it is, becauseit's a lot of cash.
Like it's expensive.
Now, if you're a high riskperson, if you are an activist,
a journalist, an executive, um,you know, maybe at a publicly
(19:53):
traded company, a cybersecuritycompany, then yeah, I think if
you fall into the high-riskcategory, people, it's worth it.
That that dropping an extra twoG's to do this is absolutely
worth it.
I I think so.
I do believe so.
Um it does depend on your ownthreat profile.
unknown (20:13):
Yeah.
SPEAKER_00 (20:14):
Well, I tell would I tell my mom to go upgrade to the
17?
No, I don't think she needs toworry about it.
Do I think um, you know, if ifyou are if you were journalists
at all, should you?
Yes, 100% you should.
SPEAKER_01 (20:28):
You hear that journalists?
Go upgrade.
Yeah.
Okay, so I don't think we'veever seen a history of Android
or Microsoft or whatever kind offollowing suit with what Apple
does.
Maybe they do in their own way.
Do you feel like Android wouldfollow suit with a feature like
this that's built internally tothe phone?
SPEAKER_00 (20:50):
Uh so I have to plead a tiny bit of ignorance.
I'm not certain if they do nothave uh I don't so they actually
I think I know the answer.
So I'm still gonna plead alittle bit of ignorance.
That's fine.
We don't know everything, Gabe,and it's okay.
Well, because here's the thingmuch like my Apple analogy and
(21:10):
you know the iPad versus aWindows laptop, Android phones
have the same challenge.
They use different chips.
Samsung uses a different chipthan Huawei, then you know
whoever else makes other Androidphones, then the Google phone,
they're all different chips.
This security feature is builtinto the A9 chip.
(21:31):
So if any of those other Samsungphones are already using the A9
chip, which I don't think theyare, I think it's exclusive to
Apple, then they would get thebenefit of this.
Um, do I expect to see this cometo Android phones?
I would hope so, but it wouldrequire the chips that they're
using to adopt these features.
(21:53):
So this isn't just a matter ofupdating the Android software
layer.
This is a matter of updating thechip that the Android software
sits on top of.
This is again where Apple hasthat advantage.
They control the ecosystem oftheir hardware and their
software.
SPEAKER_01 (22:12):
Do they also?
I haven't looked it up and maybewe don't know, but I'm pretty
sure this MIE feature isprobably proprietary to them.
Is what you're saying, maybe?
It is proprietary to that chip.
That chip, okay.
Interesting.
I guess maybe, and I I'm gonnaplay the dumb person here
(22:32):
because, well, I'm not playingit.
Sometimes I am it.
And I'm okay with admitting it.
How I mean when you learn Yeah,I mean, well, you know, I can
always research, but um No, Imeant by admitting that we do
not know things.
Yeah, honestly, I don't um I Ilearn in the action sometimes.
(22:53):
I'm not I'm not a huge reader,but anyways.
How how does I mean everybody'sgot their own individual phones?
How does one hack?
How do how do you like not gethacked in the first place?
Is this something when someone'sin passing, or do they hack
through your network?
Is there multiple ways to do it?
(23:14):
Like, what does that look like?
What should people be lookingout for?
SPEAKER_00 (23:16):
Are some attacks that don't require any
interactions from you at all?
Someone can simply sessage toyour iPhone.
Got it.
That you do not even have tointeract with, and it will so
basically like a phishing email,but to your except one you don't
(23:37):
even have to open.
And so those types of attacks doexist.
Those types of again, those arethe kinds of things that like
Pegasus is designed for.
It is it is designed to uh to beable to to that efficiently and
silently um infiltrate someone'smobile device.
And every year there's acompetition called Pwn to Own,
(24:00):
PWN number two own.
And they give out large prizemoney for these no interaction
remote code execution exploits,like I just described, the
remote code execution exploit,something that you can execute
remotely that does not requirein any interactivity, that will
(24:21):
on the black market, graymarket, and the otherwise I
guess one should only call it agray market, but on both the
gray market and the black marketof exploits, these things sell
in the six to seven digit range.
And what's likely to happen isMIE is probably only going to
drive the price of that up.
(24:42):
If you're able to discoverattacks, remote, no interaction,
remote code attacks against aniPhone 17, that that's worth
easily seven seven figures andabove.
SPEAKER_01 (25:01):
Damn, I missed this earlier, and that might have
helped me uh better understandthe research, but it was saying
that they did six real attackchains that all failed with the
new chip.
So I guess you kind of namedsome of those chains, correct?
SPEAKER_00 (25:16):
Yeah, yeah, like no operation sledge.
Yeah, there's there's differentkinds.
Absolutely.
There's heap spraying attackswhere you essentially just you
you try and throw your payloadacross multiple different parts
of it.
Yeah, yeah.
There's there there aredifferent, there are different
uh some of them aren't evencorruption necessarily.
(25:37):
Some of them are just you knowgetting unauthorized access to
it, reading parts of memory thatyou aren't supposed to have
access to read, right?
Like again, back to that analogyof the apartments.
Like you're not even supposed tobe able to peek into the
apartment and know what's inthere.
But knowing what's in theregives me information.
SPEAKER_01 (25:55):
Now, with all that being said, Gabe, this is a
great feature, good step aheadfor mobile security for sure.
But the number one thing thatyou gotta remember, people, is
that it doesn't fix people.
SPEAKER_00 (26:10):
No.
SPEAKER_01 (26:11):
Because the people that have the phone could still
make the mistakes.
Yeah.
SPEAKER_00 (26:15):
Yeah, yeah, yeah, yeah, yeah, yeah.
There's uh you can build abetter mouse trap, but Mother
Nature will build a bettermouse.
Mouse rat.
That's right.
That's right.
Cocaine mouse.
SPEAKER_01 (26:33):
Oh man, I can't.
Well, you've lived in New York,so you've probably seen some
monsters.
Definitely seen cocaine mouse.
There's no two ways about it.
Like, what's the biggest sizeyou've ever seen, like of a rat?
I mean.
SPEAKER_00 (26:47):
Nose to tail, my my forearm, easy.
Like we're sure that wasn'tsplinter, right?
No, I mean I'm not sure, but youever seen that video of pizza
rat in New York City?
That dude's just fucking No.
He's yeah, he's dragging a wholeslice of pizza up a flight of
New York City stairs subwaystairs, like middle of rush
(27:09):
hour.
Like, just like people are justlike, as you were, sir.
At your slice.
SPEAKER_01 (27:14):
What's going on, Frank?
SPEAKER_00 (27:15):
You would push it.
No, that's just just Frank.
He's just at getting a slice.
Slice!
SPEAKER_01 (27:23):
I love that.
Um, any other any other pointswe want to lay out that we
didn't touch on?
SPEAKER_00 (27:28):
No, this is this is one of those more interesting
security.
Like, you don't get a lot ofthese like really big leaps in
security that happen like that.
There's been tons of breachesthis week we could have reported
on, etc.
But this one is game-changing.
It's game changing from aprivacy perspective, too.
Again, who should who should betaking note?
You know, journalists of theworld, anyone with serious
(27:48):
privacy worries, theydefinitely, definitely, you
might want to highly think aboutand or investing in uh in this
in this technology.
Yeah, you think Trump has aniPhone 17?
Um I don't know.
I I don't know at all, actually.
I I hope he has I hope he hassomething very secure.
(28:10):
Uh I mean I know our I know theUS government began adopting
things like Blackberries, secureBlackberries back when Obama
entered office and moved awayfrom proprietary um black
phones.
Uh I don't know.
I presume that I presume that atthat level there's probably
different phones for differentpurposes.
(28:30):
I would imagine and would hopeso.
SPEAKER_01 (28:32):
Yeah, that's true.
I mean, this would this the thisMIE uh chip, it took five years
to develop.
Uh apparently they kind of didit in quiet.
Yeah.
So I mean, um, it's prettyfascinating.
And we'll see if uh others willfollow suit, or I'm sure hackers
will find a way in and thenthey're gonna have to adapt and
(28:54):
grow just like everything else.
SPEAKER_00 (28:55):
That's the thing about making architectural
changes.
It it this makes itexponentially harder.
This isn't this isn't just abasic cat and mouse game any
longer.
Like it completely changes howthe apartment building is even
built.
So, you know, again, just boringa hole through the wall isn't
enough anymore.
Like, it just it changes thenature of not just what you have
(29:20):
to attack, but how you have toattack it.
It's huge.
It's yeah, it's not this is notan incremental advancement at
all, not in security.
Security and proof and privacy.
This is beyond incremental, thisis exponential.
SPEAKER_01 (29:33):
There you have it on privacy, please.
Appreciate it, Gabe.
Appreciate you.
See you guys next week.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.