Silent Mode Cafe
Welcome to Silent Mode Cafe, the podcast where we translate the digital realm into plain English. From data privacy and basic internet security to smart home gadgets and the latest AI developments, we serve up tech insights with a side of caffeine.
Silent Mode Cafe
From Roblox To Botnets: Hijacked Gadgets and more
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
What if your living room was quietly working for someone else? This week we trace how low-cost Android TV boxes get roped into botnets, why that tanks your IP reputation, and the simple network hygiene that keeps your bank logins out of harm’s way. We keep it calm and practical: isolate smart gadgets on guest Wi‑Fi, kill debug modes you don’t need, and retire end‑of‑life routers before they become a liability.
We also unpack a busy Patch Tuesday where Microsoft fixed over a hundred vulnerabilities, including one already exploited. Updates remain your best defense, even when they cause side effects. We share a realistic update routine—save, schedule, reboot, verify—so you stay protected without bricking your morning meeting. Then we shift to AI safety: new research shows how assistant sessions can be hijacked or steered. The rule of thumb stands—don’t paste secrets, recovery codes, or private work into chatbots; if you wouldn’t post it publicly, don’t share it with a model.
Parents will want to hear the Roblox segment. Age verification promises safer spaces for kids, but account reselling and friction raise new risks. We lay out concrete steps: use platform parental controls, coach kids not to buy “verified” accounts, and treat age gates as helpful but imperfect. In our “weird but real” research corner, we hit laser-based eavesdropping on windows, gaming mice acting like microphones, ultrasonic cross-device tracking, and smart TV viewing analytics—plus quick privacy toggles that actually make a difference.
Stick around for a surprise: a preview of our free Account Finder that scans 500+ platforms to surface profiles connected to your email, built with hashing and without storing your data. Try it early by pinging us on social media, and tell us what security fix you’re making first. If this helped, follow, share with a friend who needs a home network tune-up, and leave a quick review—your feedback keeps the show sharp.
Welcome Back & Weekly Rundown
SPEAKER_02Welcome back to Southern Mode Cafe. Uh after a last uh podcast on the whole Maduro-Venezuelan situation. We're back to regularly scheduled programming today, though we do have a special surprise at the end. It's a chill place to talk privacy and security without the doom, and with me is my co-host and partner in crime.
SPEAKER_00Ah. What crime people might wonder there with it. Hey guys, it's Salah. We're talking this week about a few really fun stuff. Android TV box might be doing side gigs for hackers. Windows updates as usual, uh, but this one is pretty interesting, saving us and and as usual, Microsoft has to stay consistent with also annoying us. We're going to chat about an AI assistant. That was the was the AI assistant trick or was it used to trick? I guess we'll get into that. And then Roblox is back in the news, but this time hopefully with something positive. Uh there's age verification, but it's apparently creating some friction for people with it that they have to verify ages. Interesting. Alright, so look,
Rapid-Fire Security Headlines
SPEAKER_00there are a lot, a lot of things this week. Um, the long list is like Google is ending, for those of you who are using uh its dark web reports, starting January 15th, which was just a couple of days ago, you will no longer be able to use it, so you're gonna have to find a replacement. Beach Forum got breached. Yes, Vivic, Breach Forums, the hacker forums itself got breached, data leaks everywhere. Target, interestingly enough, took a dev server offline after some source code claim, source code theft claims by some hackers reporting it, reporting uh says authenticity was confirmed internally, so they were able to confirm it with Target. And then this is why, folks, you always, always, always have to replace your old gear. An old D-Link DSL router is now being exploited. You need to retire these old equipment, folks. If you're still using an old D-Link DSL, uh, you're probably running on an incredibly slow and expensive network just to upgrade it. Um, and then WordPress, many of us use WordPress, WordPress plugin. Many people have used it for personal reasons to build websites or whatever it may be. Um being exported for admin access. So this one is an easy fix. Update your plugin, update it fast, update it like uh, you know, your your rent depends on it here, Vivek.
SPEAKER_02Yeah, and uh don't ignore the R Ignore It headline. Microsoft fixed 100 plus bugs and says at least one of them was actively or already actively exploited. Oh my goodness. So they have another patch. Is it Tuesday? Yes, Tuesday. You know, just like Taco.
SPEAKER_00At some point in life, we should do a Microsoft versus Apple. I got into a debate with a colleague of mine back in the day. I was obviously taking the position, a fun position, which is not true, by the way, folks, is that Mac OS is not exploitable because he was a gun ho Microsoft fan. I'm a fan of both, just to be clear. But one is a lot easier to exploit than the other. You piece that one together.
Android TV Botnet Explained
SPEAKER_02So let's uh let's get on to the top four stories, which will also include Microsoft. So the first story is Kim Wolf Botnet, which is targeting Android TV boxes and IoT devices. We've talked about this before on how your Android TV boxes can get exploited. So let's translate this. A botnet is basically a bunch of gadgets that got volunteered without permission into a hacker group project.
SPEAKER_00Okay, so Kim Wolf appears to love those no-name Android TV streaming boxes, don't they? Um some reporting says it can spread widely and even look for other devices on your network. Oh my god, there's so many places to take that one, boo.
SPEAKER_02Yeah, so why does it matter in real life? So, what happens if a hacker group takes your Android TV box? Who cares? And commandeers. Okay. That could be one. But usually what happens is uh your internet can get used for sketchy traffic, which can slow down, you know, your uh network at home and also puts you on the IP address naughty list. So you have to be careful because once you get on the naughty list, it starts impacting everything from email delivery to everything else in your life, and trying to get out of the naughty list is a pain. And it's also a reminder that cheap smart stuff sometimes ships with sloppy security, though that's debatable, but it is usually said that way. And I'll leave it at that.
SPEAKER_00Vivek. How many times has your IP address reputation been trashed? Twice. Alright. We'll leave that one for another podcast. So if you have a generic Android TV box, the first thing to do is just update it. Okay? If if any updates exist, some of these things tend to be black market, which folks, you're really opening yourself up.
SPEAKER_01Because don't use aftermarket boxes like that.
SPEAKER_00Put create a guest Wi-Fi network at home and put all these devices on your guest Wi-Fi because what you don't
Real-World Risks And Network Reputation
SPEAKER_00want to do is this Android TV box to take over your kids' iPad, your TV, your other IoT devices, such as your your Wi-Fi camera, your ring doorbell, etc., and then they also become hacking devices or botnet devices, right? So if a device has a wired setting, like a remote debugging feature, just turn them off. I know not many of us dig into that, but you know, if you like to log into the device and look at the settings and turn off any features you might think you don't need, it's probably a good idea.
SPEAKER_02Yes. And please update the firmware as always.
SPEAKER_00Because your your living room device is probably listening. Okay, next next topic. So Microsoft patched Tuesday, the patch fallout clinic. Microsoft patched a lot, apparently, from what you updated us on. And they were warned that one of those bugs had already was already being used by attackers.
SPEAKER_02Yeah, so then some people got hit with patch side effects. And Microsoft had to ship an extra update. So patch for a patch.
SPEAKER_00So yeah, patch for a patch. So updates are still your best defense, folks. It's normal to be cautious. Save your work, make that a habit. Reboot your device constantly, especially Windows devices. If you're done, don't walk away for it from it for the day and so it's ready for you in the morning. Just reboot it. And and don't do it two minutes before a big Zoom interview. Speaking out of experience here, do it well in advance of something important happening. Because sometimes these updates happen during reboot.
SPEAKER_02Yeah, and usually Zoom updates themselves take more than two minutes, as we've always experienced, right before a meeting, which just happens. So set updates for a time when you're not rushed. Figure out a time. You know your day better than anyone else. And if you're on Windows 11, Enterprise IoT editions in particular, keep an
Home Segmentation And Firmware Hygiene
SPEAKER_02eye on a post-update behavior. So the patch for the patch.
SPEAKER_00Patch for that's that's the new the new way forward, apparently.
SPEAKER_02Well, they always used to have patch on a patch because they never tested the patch fully for all the edge cases, therefore they had to have a patch for the patch. Yes. Also called as job security, which takes us to story three. Reprompt and AI assistant session hijacks. The reprompt story is basically research has found a way an attacker might steer an AI assistant session. So it spills things it shouldn't. Also known in high school cafeterias as trying to get information from a person during lunchtime.
SPEAKER_00So look, I know this is the reprompt. It doesn't matter what AI assistant this is, like whether it's co-pilot or any assistant that you've looked at in chat GPT, Gemini, whatever it is, the life lesson is the same. Don't treat chat bots like a vault. Right? Don't paste secrets, don't paste passwords, recovery codes, full IDs of anything, private information, company information. Look, if you have to use AI for work docs, share only what you'd be okay with publishing externally to the whole world. If you're not okay with publishing whatever information you're typing into your chatbot, just don't do it.
SPEAKER_02Although it's very enticing the way a chatbot talks to you. So in some cases, they become a virtual therapist. A lot of people are using them for Oh goodness.
SPEAKER_00Didn't we talk about that already? Please don't do that, folks. Please don't do that. Please don't do that. I mean, this is public information. Any even police officer can get your chat logs with a simple request. Please don't share any personal information with your chatbot. Please don't ask it how to build certain toys. Don't ask it how to do things that you again you would not be willing to publish with your name externally because by chatting with the chatbot, you're really publishing this information external.
SPEAKER_01So you know, Roblox Vivic. Yes.
SPEAKER_00Roblox is now, as we all know, folks, it's a big gaming platform for kids. They got in trouble because adults were using it, pretending like they were kids, big pedophile ring bust as a result.
Patch Tuesday Fallout And Safe Updating
SPEAKER_00Roblox finally implemented age verification. The age verification um accounts are already being sold, by the way. So someone created an account, verified it as a child, and went and sold the account. Why is this a big deal?
SPEAKER_02So it's a big deal because age verification often means collecting more sensitive data, and families want it to be accurate and fair. I think that's the reason Roblox AI age verification is causing a confusion. So use platform parental controls, but also assume age gates aren't perfect right now. They're still being developed. It's a really sensitive thing, especially with legal involved, and every country has a regulation, and every country follows different regulations.
SPEAKER_00Some people buy these accounts.
SPEAKER_02Yeah, so please talk to your children and tell them not to buy those accounts. And it's risky because you know, scams, stolen accounts, bans, mostly scams and bans, but yeah, please be careful. That's her recommendation.
SPEAKER_00And parents, spread the word on this. Yeah. If you have friends, if you have nieces, nephews, let everyone know. Spread the word on this one. So have you heard of Kimmy Wolf, Vivek?
SPEAKER_02Yeah, it's uh it's essentially home network hygiene. So if you do one thing this week, please separate your important stuff from your smart stuff. Okay.
SPEAKER_00So you want a phone, plus laptop, on your main Wi-Fi, TV, streaming boxes, cameras on the guest Wi-Fi. That way, if one gadget gets compromised, it's not automatically in the same room as your bank logins. Which are supposed to be encrypted, but you know, there's this thing that's called a man in the middle. And you've got your device and you've got the internet, and now you've got these compromised devices in the middle that can put themselves between that traffic, and they can do this thing called Sysel decryption. So they can capture your stream, decrypt it, look at it, encrypt it, and send it back to your account. But in the meantime, they're siphoning all this. So a good fix is uh change the router password, right? Whenever you receive something, well, if if you've deployed it yourself, right? There's always an admin password. If you go to any of your routers that
When Updates Break: Practical Routines
SPEAKER_00your company, your Comcasts, your Verizons, your ATTs of the world, they give you a box. There's a printed admin password on it, just change it. I'm okay if you even write what that password is and put a sticker on your box, but change it. Turn on automatic updates. Most of your company-based routers will do that automatically, but just change the passwords, update the settings, have it make sure it's an automatic update. Because typically what happens when there's new firmware and it reboots, it kicks out all the stuff that has taken over. If a device has been end of life by the manufacturer, they've just said, hey, we're not supported supporting this anymore. Pretend like it's a rotten egg in your fridge. Get rid of your rotten eggs. Look, the cost of these things, it might seem, ah, I'm not ready for a $300 router upgrade or a $50 camera upgrade. Imagine that logic when your bank account is taken over. It just doesn't add up. So if you don't want to upgrade it, stop using it until you have money to replace it or just quickly replace it.
SPEAKER_02So we have a new section today about weird but real research corners.
SPEAKER_00Yeah.
SPEAKER_02So this is an interesting section that's coming.
SPEAKER_00This is a really fun section, Vivek.
SPEAKER_02This is a really fun session.
SPEAKER_00Because this is this gets into the world of I didn't know this could happen. So tell us. What is this research that uh we should call it?
SPEAKER_01I didn't know this could happen.
SPEAKER_02We have four topics. Okay. One is laser-based eavesdropping is real research.
SPEAKER_00Laser-based eavesdropping. So what they're doing is for some people who listen to the Maduro conversation, we hit that one hard. But I think we're talking about it from a satellite. And you know, Salah still can't afford to send a satellite, not even with Elon Musk's pricing. But that's not what this is, right?
SPEAKER_02No, this is essentially
AI Session Hijacks And Data Discipline
SPEAKER_02pointing lasers at windows, which can pick up tiny vibrations and correlate that with sound. So uh classic eavesdropping, classic James Bond. Well, James Bond is old. What is the new?
SPEAKER_00Yeah, James Bond. If this is, I don't think James Bond even did cool stuff on James.
SPEAKER_02Didn't have lasers? Okay. So this is I don't know. I don't know what's the new du jour, whatever.
SPEAKER_01Right.
SPEAKER_02But but this has been there for a while. I think it started the Russians who experimented it, the Americans caught on. That's right. And then, you know, I guess they're now they're finally acknowledging it exists. Right.
SPEAKER_01It's an old, old story. Old story, yes.
SPEAKER_00Russians decided they were so happy to work with the US, they said, hey, we will offer our services and build the embassy for you. And they they implemented these vibration tools. Obviously, this is not laser, but these vibration devices, just vibration folks. No batteries, no electricity, vibration devices all over in the walls, in art, in vases, all around the embassy, and they were able to spy on the US Embassy by pointing sound vibration devices at the embassy. Really cool story. You should Google that. What else do you got for us on this uh research quarter?
SPEAKER_02Second one is your gaming mouse could be a microphone. Uh research what my mouse? Yeah, research suggests high-performance optical mouses.
SPEAKER_00This guy with the laser in it?
SPEAKER_02Can detect vibrations and reconstruct speech under some conditions. Okay, so this is gaming mouse's potential. So the gaming mouse is a proof of concept.
SPEAKER_00Oh, baloney, man. Gaming mice with laser. So the laser obviously is so delicate it vibrates. Um and start listening to you. So if someone can are you telling me so someone would have to take over my PC and somehow hack my mouse and then start listening? So they'll bypass my microphone and go directly to my mouse. Or maybe because software will detect things listening to your mic, but they won't detect things listening to your mouse vibrations.
SPEAKER_02First of all, the fun part is it's called Mickey Mouse. That's what the project is called. All right, which is Mickey E-Mouse. Second is every mouse Mickey Mouse,
Roblox Age Checks And Family Safety
SPEAKER_02right. Second is every mouse needs a driver, and if you uh put a mouse connected to whatever laptop, Apple, etc., obviously the driver can start listening to your conversation. Probably a Windows be a patch for that. The third one is ultrasonic beacons and cross-device tracking.
SPEAKER_00Ultrasonic beacons.
SPEAKER_02Have listened to inaudible tones to link devices and track behavior.
SPEAKER_00Wait, are you telling me apps that can access my speaker on my phone can send out ultrasonic sounds and use that to sound?
SPEAKER_02Apps can and also the way you type on your computer and the cadence, every every person uniquely on the planet. Yes. When they type, they have their own unique signature based upon the way they type, the tandem, how hard they press the keys. That's all been tracked for a while now.
SPEAKER_00That's that's old news, right? So a lot of websites know who you are based on the fingerprint that is associated with you. With your behavior and how you type. How fast you type, the cadence between the letter A and B or C and A, and they know it's you because you know, just like when you walk, you have a specific gate. When you type, you have a specific gate, and they know who you are. Cadence.
SPEAKER_02Interesting. Similar to that. And last but not the least, in the topic of smart TVs, are watching what you watch, surprisingly. But regulators have acted upon this before, but lawsuits around smart TV tracking keeps on popping up. So what should we do, Salah?
SPEAKER_00Um I think we should go all go back and watch 1984 when the TV starts to yell at you to say you haven't done your Morning workout routine yet.
SPEAKER_02I'd be the first one to be screaming out.
SPEAKER_00So, guys, look, um, this is this is just fun research. The vibe here isn't panic, it's be intentional, right? So just be mindful of devices that have mics, can possibly listen. Review privacy settings on your TV and assistance and devices and whatnot. So if Amazon said, hey, we're no longer supporting this old Alexa format hardware, get rid of it, is really the conversation today, right? Get rid of old devices. Hey Vivek, let's do QA and then maybe we've got something fun to show people. Yeah, absolutely.
SPEAKER_02So uh so we got some questions from our audience, which I got to do stories.
SPEAKER_00Two for you. Or what uh what how about I take one? You take one? Sure. Okay. All right. I'll take a look at the one. I'm gonna throw this one at you. Yeah, yeah.
SPEAKER_01Okay, go for it. Okay.
SPEAKER_00Uh Vivek, I don't know who this is. Anyway, do I need to throw away a smart TV? My smart TV. Oh goodness.
SPEAKER_02So the answer is it depends on the smart TV that you have. Joke. If
Router Basics: Passwords, Updates, EOL Gear
SPEAKER_02uh OLED, please, if it's not OLED, please throw it away. No, jokes apart, please don't throw away your smart TV. I don't want to get hate mailed saying you told me to throw away my smart TV. Please don't. Start with settings, turn off ad personalization. All uh smart TVs, the reason they're called smart and not dumb is they have obviously software installed on them, which you can stream apps, etc., but they can also track you, so please turn off ad personalization style tracking if available. Please mute voice features you don't use and keep firmware updated. Usually that's done automatically, but depends again on the TV and the provider. And so similar to what you do with devices such as Alexa, etc., turn off mute voice features, turn off tracking. And past enforcement shows why these toggles matter. So privacy is in your hands when it comes to smart TV. Interesting. So please continue because it's essentially software and follow similar practices that you would do on your phone. Okay. So I have a question for you from one of our viewers. Okay. Should I stop updating Windows? Because updates sometimes break things, which we talked about patch for a patch.
SPEAKER_00Sorry, the question is should I stop updating? Updating Windows?
SPEAKER_02My Windows, not Mac OS. Not Mac OS.
SPEAKER_00Oh, interesting.
SPEAKER_02It doesn't say Mac, it says Windows.
SPEAKER_00Look, as obnoxious as updates are, and sometimes they do break things. You can't stop updating, unfortunately. Look, still update. Do it at a calm time because sometimes they do take a long time to update and then reboo and then update and then reboo, especially if it's during a heavy patch cycle like it is this time around. Um I have to update my Windows devices, and they did take quite some time. But unpatched systems are our targets. You're just an open target. And they're they're very open to exploits, and most of the time the exploits are active. So yes, please update.
SPEAKER_02Cool. And now uh for a special uh surprise before we end the show today. Yeah, Vivi. Uh you've been working on this really cool uh product.
SPEAKER_00Just a fun little project, man.
SPEAKER_02Fun, fun little project. You know, why don't you tell us about it and give us a quick demo if you can?
SPEAKER_00Let's let's do it. So it started when a friend of mine said, Hey, I don't know if my kid is on TikTok. Can you check? He's like, Well, that's actually an easy thing to check. What's your kid's user ID and what's your kid's email address? User ID is sometimes hard to know, but you
Weird But Real: Lasers, Mice, Beacons, TVs
SPEAKER_00can have your email address, right? And then I thought, well, you know, there are many tools for this, Vivek, but what if we just made these tools easy to use? So um if I went created a thing called account finder, and I said, what if I just put a username on here? Um, and I'm just gonna use um John at sorry, johncomcast.com. I don't know who John at Comcast is, but I bet you there's a John at Comcast. And what you do is you just scan the results, and what it's going to do, folks, is it's going to look for any profile on the web that has accounts associated with John at Comcast. So it looks like John has GitHub, Twitter, Instagram, Reddit, LinkedIn, Facebook, Dribbble, YouTube, Twitch, Medium, SoundCloud, TikTok has a lot of accounts, right? Um, and folks, ignore this right now. There will not be a premium for this. We are going to make this free for you to use. Um, and you can just go in here, go in here, and you can put in your user ID or your email and see what apps are associated with that email address or that user's user uh scan. So I actually had uh family play with this, Vivek. And one question came up is like, Salah, hey, it looks like my email is associated with an account I didn't know I had. Um, and so if you have an email address that's common, like a John at Comcast or a John at Gmail, there might be someone out there, maybe not technically inclined. They didn't know what they didn't do it maliciously. What they were doing, yeah. And they put in, oh yeah, my name is John, uh, my email is John at Google, and they may have mistakenly used your email address. I always go with the this wasn't meant to be malicious approach first. So in any case, uh, you could log in with your email address, reset the password, delete that account, and then therefore it's no longer a problem for you. So that's that's our tech update. It's kind of a cool, fun app.
SPEAKER_02It's a lot of fun. I think this is this looks amazing.
SPEAKER_00Yeah, and look, it is secure, by the way, the way it was built. Everything is hashed, no data is being stored. This is just a free scan. It scans over 500 social platforms and websites um using um our our advanced profile detection and AI analysis, and he'll come back and give you that information. So I hope I hope you uh you you find this interesting. If you want to test this tool before it's deployed for everyone, just just ping me. Ping me up ping us on social media. Please do. And I'll and I'll direct mail you um access to this app and you can play with it. And that's our update for the week. That's the update for the week. Thank you, Vivek. That was a fun update. Yeah. Not as exciting as last week's update, Vivek. You know, you know, cybersecurity. So Thanks very much for your insights, Vivek. Thank you all. See you next time.