POSTS

Overcoming (some) Spectre browser mitigations
By Noam Hadad & Jonathan Afek,
26-Jun 2018
,
ALEPH-2018000
Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6's Secure Boot
By Roee Hay & Noam Hadad,
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (4): Runtime Debugger
By Roee Hay & Noam Hadad,
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction
By Roee Hay & Noam Hadad,
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting
By Roee Hay & Noam Hadad,
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
By Roee Hay & Noam Hadad,
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Untethered initroot (USENIX WOOT '17)
By Roee Hay,
30-Aug 2017
,
CVE-2016-10277
A-62345923
Nexus 9 vs. Malicious Headphones, Take Two
By Roee Hay,
13-Jun 2017
,
CVE-2017-0648
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
initroot: Hello Moto
By Roee Hay,
07-Jun 2017
,
CVE-2016-10277
initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
By Roee Hay,
23-May 2017
,
CVE-2016-10277
CVE-2017-1000363
OnePlus OTAs: Analysis & Exploitation
By Roee Hay,
11-May 2017
,
CVE-2017-5948
CVE-2017-8850
CVE-2017-8851
CVE-2016-10370
Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
By Roee Hay,
26-Mar 2017
,
CVE-2017-5622
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 9 with Malicious Headphones
By Roee Hay,
08-Mar 2017
,
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
Owning a Locked OnePlus 3/3T: Bootloader Vulns
By Roee Hay,
08-Feb 2017
,
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 6/6P Custom Boot Modes
By Roee Hay & Michael Goberman,
05-Jan 2017
,
CVE-2016-8467
CVE-2016-6678

VULNS

01/22/18

ALEPH-2017029
Nokia 6/5 EDL triggering through USB
01/22/18

QPSIIR-909
Qualcomm EDL Firehose Programmers Peek and Poke Primitives
01/22/18

CVE-2017-13174
Google Nexus 6 & 6P EDL triggering through ADB
01/22/18

CVE-2017-5947
OnePlus EDL triggering through ADB or Hardware Key Combination
01/09/18

CVE-2017-0829
Motorola Bootloader Old UTAGs may lead to Kernel Command-line Injection
08/30/17

A-62345923
Motorola Android Bootloader Unlocking a Re-locked Bootloader from Platform OS
08/01/17

CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
06/13/17

CVE-2017-0648
Google Nexus 9 Ephemeral Access to Unrestricted FIQ Debugger and SysRq
05/25/17

ALEPH-2017017
Apple iOS/watchOS/tvOS IOKit Buffer Overflow in Device-Tree Parsing
05/23/17

CVE-2017-1000363
Linux lp.c Out-of-Bounds Write via Kernel Command-line
05/23/17

CVE-2016-10277
Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass
05/11/17

CVE-2016-10370
OnePlus OTA Lack of TLS Vulnerability
05/11/17

CVE-2017-8851
OnePlus OTA One/X Crossover Vulnerability
05/11/17

CVE-2017-8850
OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability
05/11/17

CVE-2017-5948
OnePlus OTA Downgrade Vulnerability
05/04/17

CVE-2017-0582
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability
05/03/17

CVE-2017-0563
Google Nexus 9 Cypress SAR Firmware Injection via I2C
04/25/17

CVE-2017-5625
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot
03/28/17

CVE-2017-2436
macOS IOFireWireAVC Kernel Extension Out of Bounds Vulnerability
03/26/17

CVE-2017-5622
OnePlus 3/3T OxygenOS Charger Boot Mode ADB Access
03/19/17

CVE-2017-5623
OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing
03/08/17

CVE-2017-0510
Google Nexus 9 Unauthorized Access to FIQ Debugger
02/08/17

CVE-2017-5626
OnePlus 3/3T OxygenOS 4F500301 Bootloader Locking Bypass