![Sideloading (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F40d830b2-df5a-11f0-87be-07717df3aba3%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Transcript
A (0:02)
You're listening to the Cyberwire Network powered by N2K. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
B (1:23)
The word is sideloading, Spelled side as in not from normal channels, and loading as in installing a program. The process of installing applications on a device without the use of official software distribution channels. Example sentence the user enabled sideloading to install a third party app on their Android phone. Origin and context Most software vendors, including Google, Apple, and Microsoft, offer official versions of their software via portal sites or app stores. The responsible vendors typically vet the software for security and stabilization issues. This isn't foolproof. There have been cases where vendors have deployed malicious apps by mistake, but as a rule, it's generally much safer installing apps from the approved app store than it is installing unvetted apps from third party websites or from Kevin, who lives down the block. That said, there are legitimate reasons for sideloading, and many devices allow users to choose to enable it. Android phones, for example, give users the option to download download third party software from outside of the Google Play Store, although they warn that there are security risks associated with this. IPhones, on the other hand, don't allow the installation of any apps outside the Apple's App Store. Users would need to jailbreak their iOS operating system in order to sideload apps for an iPhone, according to PCWorld, jailbreaking can be thought of as the process of installing a modified set of kernel patches that allow you to run unsigned code. But hackers use sideloading for malicious purposes, too. They can hide malicious code in functional and seemingly legitimate applications Trojan horses giving them a foothold on the system through which they can install additional malware, Matthew Grayson McMinn, head of threat research at Netassia, told CSO Online. Clever criminals try to bundle malware with something useful, such as a free PDF to Word Document Converter. The user installs the useful tool, blissfully unaware of the malware running in the background. This background malware creates a backdoor which gives the attacker access to and control of the device. Researchers at Mimecast last year 2021 discovered a sideloading campaign that exploited Microsoft's App Installer feature to trick users into downloading a malicious app. The attacker sent phishing emails containing a phony link to a PDF file. When the user clicked the link, they'd be taken to a webpage that told them they need to install an app in order to view the file. This would bring up a legitimate Windows installation box that asked the user to approve the download, which contained the Trojan. Nerd Reference youe're listening to one of the songs from the 2004 movie soundtrack Troy. Starring Brad Pitt, Diane Kruger, Eric Bana, Orlando Bloom, and a host of that guy actors and actresses that we all know, the movie dramatizes Virgil's epic poem the Aeneid. Written between 29 and 19 BCE, the story of how the Greeks, after a fruitless 10 year siege of the city of Troy, tried a deception plan. King Odysseus, the legendary Greek king of Ithaca and the hero of Homer's epic poem the Odyssey, built a giant and magnificent wooden horse as a peace offering, left it outside the gates of Troy and sailed away. The Trojans, thinking their ordeal was over, hauled the giant horse into the city. That night, while the city slept, the Greek fleet sailed back to the Trojan stronghold under the COVID of darkness and King Odysseus had secreted away within the belly of the giant horse with some of his best men, snuck out of the horse, opened the gates to let the Greek army in, and burned the city of Troy to the ground. So when you hear that side loading is a kind of a Trojan horse. Now you know what we're talking about. Word Notes is written by Tim Nodar, executive produced by Peter Kilping and edited by John Petrick and me, Rick Howard. The mix, sound design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening, Sam.