A team of security researchers have revealed to WIRED's Andy Greenberg (@agreenberg at the other places) a lock hacking technique that impacts millions of locks in thousands of hotel properties across 131 countries.

They call his hack Unsaflok. Read the full story here: wired.com/story/saflok-h…

Come see how I used my jerry-rigged “EMBite” probe to capture an EM side-channels using a HackRF.

I used this to figure out the precise timing of where a completely unknown boot check fails - and then used that timing to bypass the check 😁

Security researchers found flaws in Saflok hotel keycard locks, used on 3 million doors in 13,000 properties worldwide, that can be used to open them in seconds. The lockmaker Dormakaba has been working on a fix but told them only 36% of locks are updated. wired.com/story/saflok-h…

One of my neighbours seems to have a smart toilet - and it looks like I can connect to it 👀

New blog post is out! Extracting the SecOC keys used for securing the CAN Bus on the 2021+ RAV4 Prime. icanhack.nl/blog/secoc-key…

Research started all the way in 2022, but took many evenings of reverse engineering to get code execution.

PoC: github.com/I-CAN-hack/sec…

Using a Chromecast?

The latest security bulletin fixes some vulnerabilities found by Lennert, rqu and me that allowed us to compromise the bootloader, gain kernel-level code-execution and bypass the user-data protections.

source.android.com/docs/security/…

👀

A Starlink User Terminal is a dish best served reversed and that is exactly what Carlo Ramponi did for the past 6 months.
Here he shares his journey and the tools he built during his internship at Quarkslab.
Dive deep into Starlink's UT firmware!
blog.quarkslab.com/starlink.html

⁦Iceman⁩ ⁦Colin O'Flynn⁩

We're so happy to announce that we'll be hosting IACRches in Halifax, Sep' 2024! This will be the first time CHES will be in Canada. CHES 2015 was the first conference NewAE sponsored, it feels full circle to be hosting almost 10 years later! #CHES2024
ches.iacr.org/2024/

'A popular Bluetooth car battery monitor app sends GPS, cell phone tower cell IDs and Wifi beacon data to servers in Hong Kong, mainland China.'
Most apps are actively adversarial to users. Need much stronger permissions protections from operating systems.
doubleagent.net/2023/05/21/a-c…

We (Lennert, rqu and me) just demonstrated some nice bugs we found in the Google Nest Wifi Pro & Chromecast to the Google VRP (Google Bug Hunters) team at hardwear.io

It's ShowTime! We discovered how to mount CPU timing attacks with... the human eye? 👀

How? Find out in our (w/ marton bognar) new paper 'ShowTime: Amplifying Arbitrary CPU Timing Side Channels'.

To appear at AsiaCCS '23: antoonpurnal.github.io/files/pdf/Show…

Clock glitching an STM32F042 with nothing but a Raspberry Pi Pico😎🥳

Thanks to PIO it's trivial to achieve 32MHz with 1/4 width clock glitches. With overclocking more than double that is possible!

So I'm sure all are aware my RAV4 was stolen last year, ironically via 'CAN Injection 🚘💉'. Myself and Ken Tindell 🌻 🐘 [email protected] have been reverse engineering the device that I beleive was used for the theft. More details are on his blog kentindell.github.io/2023/04/03/can…

New: we proved it could be done. I used an AI replica of my voice to break into my bank account. The AI tricked the bank into thinking it was talking to me. Could access my balances, transactions, etc. Shatters the idea that voice biometrics are foolproof vice.com/en/article/dy7…

See you all very soon. Please RT if you can.

📡Showcase your cutting edge #hardwaresecurity research with the World to help build a safer 📟 #connected future

😎We are looking out for your uber cool research here➡️bit.ly/3hyPIIy

#hw_ioUSA2023 #CFP #embedded #callforpapers @[email protected] #hardwarehacking