Hello, welcome to the Friday, February 28, 2020 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from San Francisco, California.

First of all, thanks to everybody who came to our workshop and our keynote panel today.

Real great turnout for both sessions.

And if you have any questions about either sessions, just email me for the workshop.

We talked about some of the mobile web application authentication challenges.

There will be a website off on the move.com that will be make

available with all the material that we discussed during the workshop right now. You'll already

see sort of some of the little demo code fragments and such that we talked about during the workshop.

As far as the panel goes, RZA will make available a recording may already be available by the time you are listening to this.

Let's take a look at what we have in other news.

Well, first of all, the surfing attack comes out of Washington University

in St. Louis. And essentially, what it's all about is that a lot of mobile phone microphones

are actually quite sensitive to ultrasonic waves. So what this means is that ultrasonic sound can be used to trigger,

for example, digital assistants like Siri or the Google Assistant.

Not this basic idea has been demonstrated before. What's a little bit new in this particular paper

is that ultrasonic sound can also get carried quite well by solid objects,

so it's a little bit easier to inject a command through, for example, a piece of wood,

like a desk or something like this, that can be used to conduct ultrasonic waves.

And of course, it's a little bit more difficult to defend against than sort of a traditional attack

where just someone in the room speaks a command because it makes it more difficult to actually

realize what's happening.

And Douglas Leith from the training college in Dublin did a nice, fairly exhaustive study of

...