Joshua Schmidt: 0:04

You're listening to the audit presented by IT Audit Labs. My name is Joshua Schmidt, co-host and producer. Today we're joined by Jayden Troffler and Cameron Birkland. They spent a little bit of time working at IT Audit Labs and they've spent even more time, probably in the recent weeks, working on Ponegachi for this episode today. We did a Ponegachi episode maybe two years back, but we wanted to refresh it today and kind of give a fresh look, bring some updates and kind of go over the whole thing from the top to bottom again. So welcome to the Audit Podcast. Thanks for joining us. How are you two doing today?

Jayden Traufler: 0:38

Doing well.

Joshua Schmidt: 0:39

Working from home today.

Jayden Traufler: 0:41

Yes, and we got Eric Brown and.

Joshua Schmidt: 0:42

Nick Mellum riding shotgun in the IT Audit Lab studio today, and we got Eric Brown and Nick Mellum riding shotgun in the IT Audit Lab studio today. It's getting wild over here. We got cats, we got pinball machines. We got Tibetan lunch happening today. As we were getting ready for the podcast. You were talking about our recent experience at Secure360. And I believe we had some contention around the preparation and the winner. Do we need to rehash that? Is there anything we want to talk about?

Eric Brown: 1:08

I don't know if we need to rehash it. I mean, I think we've accepted that we were beaten by the next team.

Nick Mellem: 1:14

You didn't even come in top five, so I don't know. I think the argument that you're bringing up is hold on.

Eric Brown: 1:19

We came in top five, Sam signed delivered, we came in top five.

Nick Mellem: 1:23

We came in top five. Sam signed delivered, we came in top five. Oh, you were top five, you were number five. But we do have to say and bring up how good of a job that Cam did. He led the whole thing, the whole competition, the whole competition. For every player. There was 14 teams, yeah 15., 15.

Eric Brown: 1:41

And two weeks prior, cam was on our team.

Nick Mellem: 1:45

Well, we're going to fact check that news. That's fake.

Cameron Birkland: 1:48

I did do some moving around.

Nick Mellem: 1:51

You don't need a Cam at Com, just keep it to yourself.

Joshua Schmidt: 1:54

I'm going to switch gears to today's topic. We're talking about Ponegachi. So is this like a Tamagotchi? What do we got going on here? What is it? What does it do? Is? What do we got going on here? What is it what?

Jayden Traufler: 2:08

does it do? Can you explain it to me? I don't really know a lot about it. Yeah, I'll start here. Um, tamagotchi, ponegotchi. They're similar but not the same. The Ponegotchi is actually a tiny little Wi-Fi hacking tool. I actually have mine right here you can see, just a tiny little guy, looks similar to a Tamagotchi, but its job is to passively listen to wi-fi handshakes and intercept those, those encrypted keys that are being transferred, and you can take those offline and crack. It's quite the little device.

Joshua Schmidt: 2:52

And Cameron, I know you, you did a lot on our Flipper Zero episodes but maybe you could speak to like it's got a little face on it. Is that actually like showing anything of value or what's behind the face?

Cameron Birkland: 3:04

Yes, so there's a number of faces on it that can correspond to either what it's doing or what it isn't doing, right Like. It can be happy if it cracks or if it grabs a lot of handshakes. It can be sad If it doesn't find any. It can be surprised. I believe it can be angry. It can sleep. I can see if I can show mine. Mine is sleeping right now. It, they don't you know, affect the functionality of it, but it's something fun that it doesn't. It's it? Uh, it almost, you know, is meant to be like a like, like a tamagotchi, right? You can almost form an emotional attachment to this thing.

Nick Mellem: 3:47

Do you have to feed it? Because, merrill, we're.

Jayden Traufler: 3:50

You can get handshakes. We all know when I was younger.

Nick Mellem: 3:55

Okay, see, that's good, because when I was younger I had one. It was a white one. Obviously it looked like an egg. This one looks like a box or a small box, but you had to feed it to keep the thing alive. Looks like a box or a small box, but you had to, like, feed it to keep the thing alive, right?

Eric Brown: 4:06

Okay so it's like the same thing, yep, you had to feed it digitally to keep it alive.

Nick Mellem: 4:09

This is the hard hitting evidence we're gathering right now is if you have to feed your on a gachi.

Joshua Schmidt: 4:15

Eric's pretending like he didn't have a Tamagotchi Never had one Don't even know what it is, just cats.

Nick Mellem: 4:22

Okay, so trying to get up here from Texas, brings three cats with him. I flew up here with three cats, first class Daddy Cathy over here. Yeah, maybe we'll get an appearance from Chatty Boy today. We're trying to. He's ping-ponging off the walls over here. That's why we went mute a second ago to try to get there's Chatty Boy.

Joshua Schmidt: 4:49

Oh my gosh, we got tamagotchi and cats.

Nick Mellem: 4:50

Today we got chatty's little bat over here just living the life. He was engaged about this episode, or he still is so jayden?

Joshua Schmidt: 4:59

um, I was reading on the ponagachi. It claims to be like. It claims to learn from its environment. Is it actually like machine learning or is that just kind of a branding thing that they came up with?

Jayden Traufler: 5:10

Yeah, it's more so like reinforcement learning. It learns based off of its environment and how well it's doing it. Can, you know, determine if it's you know what channels are are the best to scope out? Um, you know it prioritizes its battery life. It knows when it needs to work a little less hard. Um, and what's really cool is, with these devices, um, they can actually detect each other and when they do, they can share that, what they've learned in the environment. And, like I said, little devices but very powerful.

Nick Mellem: 5:49

Do you have to approve the connection between the two, or are they just, like all, interlinked like an AirTag is?

Jayden Traufler: 5:56

It's like a setting you can configure prior like prior when you're making it to allow those connections, but you can block it if it's not something you want to do.

Eric Brown: 6:08

Jayden, the output of it. It's on an e-ink screen right.

Jayden Traufler: 6:12

Yep, yes, that is what these are, and it's not. You don't need the screen, but it definitely makes it better and the face makes.

Eric Brown: 6:24

the face changes a little bit when it gets a handshake or you know it has like when it's getting handshakes and you can even see on the screen, it'll tell you.

Jayden Traufler: 6:33

You know, in the process of getting a handshake from SSID blank, um, so yeah, the screen is definitely helpful in that sense.

Eric Brown: 6:41

So do you just kind of throw it in your backpack or what do you? How do you use it?

Jayden Traufler: 6:47

Um. You know there's different ways to use it, different places to use it. Um. I worked at a company that allowed me to use it in production, um and I had it run for about a day and captured a significant number of handshakes from all sorts of personal devices, corporate devices, anything that is trying to connect to Wi-Fi. But yeah it's very portable. You can put it anywhere.

Nick Mellem: 7:20

Jaden or Cam. Both of you can jump in on this. Is there places you shouldn't? This is not an omission of guilt if you have done anything nefarious.

Cameron Birkland: 7:32

Well, for me I'd say, technically, you're not really supposed to use it anywhere, but at home, right, like you can set a whitelist on it to just do your home network, which is what you're supposed to do, because there's, you know, I don't the laws and everything are kind of a gray area there as far as, like you know, is it legal? You can, I think, things that are traveling through the air like this that are unencrypted, you know it's a. I don't feel like it would necessarily be illegal to capture them. But the Ponegachi also actively deauthenticates devices so that it can grab the handshake when the device reauthenticates. So that's where it gets a little more shaky.

Joshua Schmidt: 8:17

Could you expand on that, cameron? So like, how is a hacker going to use this or a threat actor going to use this and maybe, jaden, you could fill in any gaps but how are people going to use this in a nefarious way?

Cameron Birkland: 8:28

Yeah, I mean. This is a device where if there's a particular Wi-Fi network that you want to get into, you have to get the hash for the password right to be able to crack it. So the Ponegachi goes out and deauthenticates any devices that it can find in an attempt to capture the handshake when it goes to reconnect. And if there's a particular network you're targeting, you can set the Ponagachi to do that, or you can just turn it on in range of the network and just let it run until it captures a handshake.

Eric Brown: 9:01

What's the difference between the Ponagachi and the Flipper Zero?

Cameron Birkland: 9:07

Yeah, the Flipper Zero is more they call sub-gigahertz, right, like the things like garage door transmitters and so on, like not wireless. But there's a wireless attachment for the Flipper Zero that can give it all the capabilities that the Ponegachi has.

Nick Mellem: 9:27

So if you have a Flipper Zero, you're good Essentially, and I did hear that somebody had some sticky fingers at Secure360.

Eric Brown: 9:34

Really.

Nick Mellem: 9:35

We got an email yesterday or one of the last two days that if you took a Flipper Zero, you're supposed to return it to booth. Whatever number it was oh, somebody swiped it from the booth. It might have been Cam, but we can't, we don't know. We're not sure.

Joshua Schmidt: 9:53

I think it might have been one of Nick's cats.

Nick Mellem: 9:55

Mr Miyagi took it.

Joshua Schmidt: 9:57

I'm allergic to these things so yeah, can you think of anything that we missed there? That like, or maybe you can expand upon, like, how threat actors could use this in a various way, like once you get a handshake, then what do you go like? Try to crack, crack passwords, or, or after that what happens?

Jayden Traufler: 10:14

yeah, so you are just capturing any and every handshake you can get your hands on. So I, even if you're just trying to get into one network, you have the potential to get into tons. And you're getting all of these encrypted hashes that you can take offline, go crack and the door's wide open after that.

Joshua Schmidt: 10:37

You mentioned that you got to use this at another project. How did you use it to make sure security was shored up, or how did you use it to make sure security was shored up, or how did you use it in a good way?

Jayden Traufler: 10:48

I think it was more so, just to show how easy it was to do. I mean, you can build one of these things with a few pieces of hardware in an hour of spare time and it I had it on for one day and was able to get hashes from you know significant numbers of SSIDs. So I mean, although, yes, it's good to you know, defend yourself against that. And that's one way to look at it and that's how we took it was. How do we defend against that? But it's also, you know, also showing how simple of a device this is and yet it can be so powerful.

Eric Brown: 11:33

Was it true, Jaden, that on the plane to DEFCON that maybe somebody had the Ponegachi on?

Nick Mellem: 11:41

That's what I was trying to get into when I said you shouldn't do that.

Jayden Traufler: 11:44

There was a rumor that somebody took one on a plane. I cannot confirm or deny.

Nick Mellem: 11:53

You don't know who that would be.

Jayden Traufler: 11:55

I don't know who it was, but I did hear that they were very successful and had 600 handshakes by the time the plane landed.

Nick Mellem: 12:07

So for anybody listening out there, jadenden or cam, can you guys comment on how you would protect yourself against an attack like this? Are you just turning your wi-fi off, or what are we doing here?

Jayden Traufler: 12:16

yeah, I mean, obviously wi-fi off is priority, um, but you can't always do that, so I think turt or deleting old ssids out of your phone is always good. Any SSID that your personal device or any device has connected to, it's consistently trying to make that connection all the time. I mean, if you think about it, you go to work and all of your devices automatically connect to Wi-Fi. It just knows it's always attempting to make those connections.

Cameron Birkland: 12:47

Yeah, yeah, don't use Wi-Fi is what it's always, you know, attempting to make those connections. Yeah, yeah, don't, don't use wi-fi. Is is what it comes down to. But, um, but in actuality, the the ponagachi. I think the main concern is with home and business networks right, public networks. You're already allowing anybody and everybody to access it, even if it has a password. So in the Ponegachi's real goal is to get handshakes with password hashes. So public networks aren't really of concern as much. But for your home network and even your business network, there's a number of things that you can do to protect yourself against a Ponegachi attack. The biggest one is switching to WPA3. Right now, a lot of our networks are still on WPA2. I may support WPA3, but are using both WPA2 and WPA3. Wpa3 can't be touched by the Ponegachi. That's the latest Wi-Fi encryption security standard.

Nick Mellem: 13:55

Well, we were talking about this the other night. At that event, we were what was the mode? It was called, was it?

Eric Brown: 13:59

listener or transition mode, transition mode. So after Secure360 on Wednesday, brian Johnson, who's been on with us before from 7 Minutes Security, was having a gathering and he was talking about going into an organization doing a pen test and one of the things that he's finding is that organizations leave their if they're using Meraki. Meraki has the ability to leave the APs in transition mode and transition mode then still allows for those legacy authentication methods. So if you leave the APs with transition mode enabled, the old attacks still work. So the advice or the guidance was turn off transition mode. But if you do that, then the legacy or older devices may not work. So then you may hear from users and I think the consensus at that thing, nick, was the best way to do it, or kind of the only way to do it is just do it, pick a day and time and do it and then have the screen test.

Nick Mellem: 15:04

All hands on deck for all the tickets that are coming.

Cameron Birkland: 15:07

I mean we're at a point where almost every device that we're using on Wi-Fi now supports WPA3, right, we're just the routers and you know, access points are just kind of still holding on to that old, you know WPA2. Just in case.

Eric Brown: 15:24

So what I was just going to share was, off of this computer, the networks that it had, quote unquote, known. And if I took this computer into a Starbucks or into another location, turn it on, like what Jaden was saying was, it's going to beacon out and it's going to say you know IT audit labs, are you there Because that's one of the known networks and it's going to broadcast that out. Are you there Because that's one of the known networks and it's going to broadcast that out? So if I was at a Starbucks and then I see that the wireless is connected to IT audit labs, I would know that there was someone with a device that was spoofing IT audit labs, something like a Wi-Fi pineapple, for example, or, you know, maybe even a flipper zero that was spoofing the network and then trying to capture that, that handshake.

Joshua Schmidt: 16:17

So, cameron, I know you you're really proficient at the flipper zero and you're kind of our go to tech guy when it comes to these kinds of episodes. When it comes to these kinds of episodes, are there any other like tools you can pair with the Ponegachi to like up its abilities or anything like that? Or is that just kind of a standalone device?

Cameron Birkland: 16:35

Yeah, I mean, there's, you know, more complex devices out there that you can use, and I think the Flipper Zero is actually one of them, just by a bit. But the Ponegachi is just so dead simple is is why it? You know, I don't know if there's something that can compare to it because this is as easy as getting a, you know, raspberry pi and a screen and you know, in my case, a battery, um, flash the firmware onto an sd card and you're running, maybe some minor settings, adjustments, but it just goes and does what it does and you don't have to do anything to it.

Joshua Schmidt: 17:16

So it's kind of a one-trick pony for hackers. Then the tool does specifically one job.

Cameron Birkland: 17:23

Yes, it does one thing, but it does it well.

Nick Mellem: 17:26

I guess either of you, if you were going to buy one of them right now flipper zero or a panagachi would you buy one versus the other, or would you just want them both?

Jayden Traufler: 17:34

I think I would want both of them personally, yeah, yeah, I think the the panagachi is so easy to just build yourself too, like it's not, you know, hard to have both. Reclipper Zero has so many different parts to it and it can do so much more. It's probably a cooler device.

Cameron Birkland: 17:53

but I mean just for one example. Like you know, the Flipper Zero on its own has no wireless capabilities. So you get the Wi-Fi dev board clips on the top and this gives it similar capabilities to the Ponegachi. I'm pretty sure that I don't know if you can run the Ponegachi firmware on here, but you might be able to. I mean, this can essentially do all the same things, right, but you have to get the Flipper Zero, which comes at a little bit of a cost, and then this board is extra, whereas this is probably less than half the price.

Nick Mellem: 18:33

Unless you stole that Flipper Zero from the conference this week. Did that happen? Hey, I can't say so. What I'm curious about is if I wanted to get a panagachi right now, where am I going to go to buy one?

Cameron Birkland: 18:49

so you, you know you can. I believe you can buy them pre-built at a cost, you know, because somebody else builds it for you. But essentially this, this is a project right? You buy the parts and build it yourself. You can go out to a few different places, buy each component and build it. The case in my case is 3D printed and I think that goes for a lot of people. You can buy all kinds of different 3D printed cases. Print it yourself. You know you can do different configurations Like mine is extra tall because I've got a particularly large battery in it so it can run for at least a few hours on its own without having to charge it that's it only a few hours with that big battery it's it.

Cameron Birkland: 19:29

Um, it actually runs a little warm, you know, once, once it starts going, and I think my battery is also a few years old, so it's not as good as it was.

Joshua Schmidt: 19:40

So doubles as a hand warmer here in Minnesota. Have you taken this out into the wild at all? I mean, I know you said you're supposed to use it at home, but what are some of the ethical like implications, Like can you just have this on you and is it always looking for a handshake or?

Cameron Birkland: 19:56

Well, I think that's how people generally use it. And for myself, I would kind of say yeah, I've captured a number of handshakes with mine. I recently, you know, reset it and put new firmware on it, so the count isn't there, but I think I'm up to like 80 different handshakes.

Eric Brown: 20:16

What's your number at Jaden?

Joshua Schmidt: 20:22

I deleted mine off, I'm back at zero. Say, you're doing a blue team kind of a deal and there's a Ponegachi on the premises, like at Secure360, someone snuck one in. What would tip you off? Is there a way that you can tell if there is one looking for handshakes? Are there any any other devices that could help guard against that sort of a thing?

Cameron Birkland: 20:43

I think that there's a um there is. There's not really a great way to, but I know of a um sort of. It's an enterprise sort of program, I believe called enzyme, where it it uses uh, you use, I think you can use Raspberry Pis, wireless ones and use them as like sort of access points, put them around. It keeps tabs on the airspace for wireless and if it can see a bunch of you know DIA packets being sent out, it can send you an alert. You know, because that would be coming from a Ponegachi. But overall there's not always a great way to tell when something is happening especially if you're not specifically set up to detect that.

Eric Brown: 21:32

So, josh, if you're going to a security conference, you're pretty much guaranteed to run into it. You're pretty much guaranteed to run into it. At DEF CON, they used to have this thing called the Wall of Sheep, and they would publicly post whose device they were able to compromise. A little public shaming in the town square, then at the conference. If you're going to the probably the, you know, the premier hacking event in the world, probably pretty safe to assume that there's some characters there that are not doing all white hat work.

Nick Mellem: 22:11

So nefarious activity for sure.

Cameron Birkland: 22:14

Yeah, I wouldn't even want to use a mobile hotspot there.

Joshua Schmidt: 22:17

Right, so is this something a VPN would guard against? I guess, speaking about conferences and then more specifically Ponegachi, if you're running on Wi-Fi and you have a VPN, does that make you safe, or is that just?

Eric Brown: 22:31

Well, this is going to work at a lower level than the VPN right, a lower level than the VPN right. This is going to operate at the networking layer, where it's going to work to grab the session token, if you will, that handshake, when the device is connecting to the wireless access point. So it doesn't necessarily matter if you are using a VPN or not, because the session hasn't necessarily been established. So once the session is established and you have that wireless connection, and then that wireless connection is allowing you to the internet, that's where you could build the VPN tunnel and everything that flows in that tunnel is then encrypted. But if these handshakes are being acquired during the setup phase, so the VPN tunnel doesn't come into play yet. Does that make sense?

Joshua Schmidt: 23:35

Yeah, absolutely, that's a good tip. So, eric, we all know that you like to travel like four laptops deep. When you're going on vacation, are you taking any precautions? Yeah, or when you're going to a conference, I'm sure you're fully loaded as well. Maybe, Nick, you can speak to this, since you're taking a flight tomorrow. Are there any things that you guys do before going to a conference or going on an airplane? We mentioned a few things, but I wanted to dig a little deeper.

Nick Mellem: 24:05

I think we've talked about it before just a few different things but I think notably is we talked about the VPNs. I don't connect to a public Wi-Fi without it. No Starbucks or anything like that. When I did fly up here with the three cats, I did use the Delta Wi-Fi. Without it, you know, no Starbucks or anything like that. When I did fly up here with the three cats, I did use the Delta Wi-Fi. Did you get it working?

Joshua Schmidt: 24:26

I got it working.

Nick Mellem: 24:27

It never worked for me.

Joshua Schmidt: 24:29

I've paid for it and it sits there like with the pinwheel of death spinning and like the loading sign.

Nick Mellem: 24:34

I got it to work. First shot, first shot. But I think, like one other thing we talked about before too was checking the country you're going to see what restrictions they have Because, like Eric said, mexico you probably don't want to go to Mexico with five or six devices. Two is the limit, two is the limit. So this is the kind of things we want to look at.

Joshua Schmidt: 24:57

People obviously want to get on the internet, but the VPN you've got to use the VPN. How about you, jayden? Are there any precautions you take before getting on an airplane or going to public spaces with your gear to work?

Jayden Traufler: 25:04

Yeah, I mean I'm going to turn my Wi-Fi off whenever possible, especially knowing how this device works. But, yeah, always using a VPN for everything and, honestly, just powering down machines when you're not using them. Even if they're just locked, they can still be transmitting lots of handshakes or, you know, reaching out to other things. So turning off completely will mitigate that.

Nick Mellem: 25:30

That's a good one, that's a good one.

Joshua Schmidt: 25:33

I got a tinfoil hat moment for everyone here. Let's see, I wanted to see if you guys followed this rule.

Joshua Schmidt: 25:40

So here we go, folks. Cell phones emit RF radiation. Are you all putting this in your pockets, in your laps, by your head at night, or are you following some of the emerging recommendations to safely distance yourself from your phone, from your head at night and things like that? I like to turn mine on the airplane mode when I'm thrown in my pocket on a walk or whatever. It also helps kind of just create a little space and a little quiet, which is great. But are you guys hip to that at all, or are you not concerned?

Nick Mellem: 26:12

You should get a Faraday cage throw it in there. You know so you can't be tracked. But no, no, you know, josh, I can't say I have that there. You know so you can't be tracked. But no, no, I. You know, josh, I can't say I can't say I have that luxury. You know, we're always available for our clients here at IT Auto Labs.

Joshua Schmidt: 26:23

Nice, well, you can still be working on your laptop, but just when your phone's in your pocket, or more more so at night um you you're on a nap at lunch.

Nick Mellem: 26:32

Yeah, I kept to keep the ringer on.

Joshua Schmidt: 26:34

How about you, Cameron? Are you concerned about RF radiation? Yeah, I've heard about this.

Cameron Birkland: 26:43

I've been hearing somewhere between like this is real and you need to take it seriously, or this is hocus pocus and you really shouldn't worry about it. I don't sleep with my phone next to my head, but it's on the nightstand next to my bed, so I don't know how what that means for me, but it's there.

Nick Mellem: 27:04

You know, josh, do you? Do you think, like the the bit of it, radiation or whatever you're concerned with your phone is a factor compared to what's going around, going on around you on a daily basis?

Joshua Schmidt: 27:15

I I mean I think there's a certain amount that's unavoidable. But I'm with Cameron. I've heard the same range spectrum of advice from. This is not a problem to don't have it anywhere near your head while you're sleeping or make sure it's on airplane mode in your pocket. You know I'm always a little skeptical of like expert advice. I mean there was a point where you know your physician or doctor would recommend you smoke a pack of cigarettes a day to help your anxiety, or your depression.

Joshua Schmidt: 27:49

Those doctors you know, and you know that goes to alcohol and pregnancy and all sorts of terrible advice that they used to give us right about our health. So I'm always a bit skeptical when there's a so-called expert weighing in. And I'm sure there's a lot of lobbyists and there's a lot of money wrapped up in the cell phone business, right. But we haven't heard from Jaden. I want to know what Jaden does. Maybe you can help me out here and make me sound a little less conspiratorial.

Jayden Traufler: 28:21

So what's funny is I actually did a project on that in college and gave a presentation about the radiation aspect of our phones. And it's what I mean honestly not a ton of successful research being how new all of these devices are and their impacts are probably not even being seen yet, but what's known is there definitely is radiation, but it's just a so minuscule amount that you know it's tough to see or tough to know what that impact is. I specifically did like a project on who sleeps with their phones like next to their heads, and for college students it for when I was testing, um, it was 75 percent of the college students actually slept like with it on their pillows. Um, so I mean, that was kind of eye-opening and I don't do that. I, I keep mine on a bed, sit there across the room for me, but, um, yeah, I think there there maybe is an impact. I, I don't have a full like yes, you're on to something.

Nick Mellem: 29:28

I think, yeah, it's just too early to know but so, josh, do you do anything different when you rub up your microwave a couple times a day? I don't't have a microwave. Yeah right, it's fake news, don't.

Joshua Schmidt: 29:41

I switched out my microwave for a toaster oven about a year and a half ago. Yeah, not because I was afraid of micro radiation or anything like that. I just I don't use it and I think food tastes better in the oven.

Eric Brown: 29:57

Quite frankly, and Josh, food tastes better in the oven quite frankly and, Josh, I used to have because I hear you on the radiation and back in the day when cell phones kind of first came out and we were getting into the smartphones, I did have a case or two of the phone cases that purportedly blocked the radiation. Don't know how true it was or not, it's probably more of a gimmick, like half of a Faraday cage, but it, I mean, it is a concern. It's, you know, probably not great to be in your pocket all day long. But you know, I don't know. It's one of those things where I can avoid living underneath power lines. But it would be very difficult to avoid operating without a cell phone because that's my primary communication device.

Joshua Schmidt: 30:56

Yeah, I'm with you, Eric. I guess I just keep my ear to the ground, so to speak, about any kind of news that's coming out about that and take it with a healthy dose of skepticism. But yeah, you can buy stickers that you can put on your phone that have some kind of geometrical symbol on them that are supposed to negate any negative radiation.

Nick Mellem: 31:14

Where are you getting this information from, Josh? What subreddit pages are you on?

Eric Brown: 31:20

I mean from a physics perspective. A little sticker is not going to get the job done. That's not possible.

Joshua Schmidt: 31:27

I agree. I agree. These are things being sold on Instagram. You start going down these rabbit holes and, all of a sudden, these things start popping up on your….

Nick Mellem: 31:37

I mean, hey, good on the people that are making money off that wait, I mean that's a scam no I know but hey, you can make money off that good on you just going circling back on the ponagachi to wrap things up here.

Joshua Schmidt: 31:50

Um, how do you build? How do you build it out? Uh, cameron, like what you said, you had a 3D printed case and you can source the parts online, I'm assuming. So is this to kind of give a better understanding about how these types of things work? It's kind of a nerd gadget. It's kind of part of the fun is putting it together.

Cameron Birkland: 32:10

Yeah yeah. It's a good project for someone who wants to build a fun little tool. You know that that can teach you a lot about how Wi-Fi works and how Wi-Fi attacks work. And it's easy to do too. This is mostly just. The hardest part is flashing the firmware. With this thing, everything's kind of just plug and play. They build it so that you can buy the Raspberry Pi with the header pins on it and the display just slides right on. My battery goes on the bottom and then four screws and that's it, and it's built.

Nick Mellem: 32:45

So, cameron, if somebody wanted to get into this, is there a place you would direct them to? Is there a bunch of traction on Reddit? Is there a bunch of what's going on there? Facebook groups when do you guys go to geek out about this?

Cameron Birkland: 32:59

There's a lot of resources out there. I think the place to start is the Ponegachi website. I think it's ponegachiai. That's the get started guide. You know, like, here's the parts you can use, here's how to build it, here's the firmware and everything. It's probably the best way to get into it. And then for me, I think it just was a little extra research to figure out what battery I wanted and then what kind of case I needed for it.

Cameron Birkland: 33:30

And you know, there's I don't think we touched on this, but there's other firmware out there for the Ponegachi as well. Currently I'm running a custom firmware on mine that's more actively maintained than the stock firmware.

Joshua Schmidt: 33:46

Let me ask you what do you think makes I mean Ponegachi continues to get hits on our videos, like on our analytics?

Cameron Birkland: 34:03

What do you think makes this such a popular tool that creates a community of people that are excited to learn and know about it. I think it's fun because there's not a high barrier to entry with this. If you're just starting out and wanting to learn about how these sorts of things work, this is know most people will have the money to be able to buy. It's less than a hundred bucks to build one of these and that's everything. You know that I have here the battery, the screen, the and it. You know, essentially, once you install the firmware, you just flip the switch and you're going right and you can go from there. It's a great platform to jump off and start learning about Wi-Fi.

Joshua Schmidt: 34:41

Thanks so much for your time today. We've been joined by Jaden and Cameron and we have Eric and Nick the usual suspects here. You've been listening to the Audit presented by IT Audit Labs. My name is Josh, your co-host and producer. Thanks so much for tuning in. Please like, share and subscribe and we'll see you in the next one. Thanks so much for tuning in. Please like, share and subscribe and we'll see you in the next one. Thanks so much for tuning in. Don't forget to like, share and subscribe. If you have a moment, leave us a comment on the youtube channel or give us a review on apple podcasts. It really helps others find the show. Thanks so much for joining us and we'll see you in the next one.