Category: Technical

Bypassing the Google Pixel Tablet Dock Secure Boot 

Introduction: Implications of These Findings This piece details the development of a chain of two exploits intended to allow an individual to run a custom OS/unsigned code on the Pixel Tablet Dock and utilize that to perform further security-research on the Pixel Tablet itself. The injection vector, as well as the ability to bypass AMLogic (AML)… Read more »

Executing a Chromecast Exploit – Times Three

Chromecast with Google TV (1080P) Secure-Boot Bypass Introduction: Implications of These Findings This piece details the development of a chain of three exploits intended to allow an individual to run a custom OS/unsigned code on the Chromecast with Google (CCwGTV) 1080P. Security researchers Jan Altensen, Ray Volpe, and I developed this chain of vulnerabilities as… Read more »

Is This Thing On? Privacy and Your Smartphone Sensors

Smartphone Snooping Without Microphone Access Can your smartphone sensors still enable apps to eavesdrop on your conversations even after the app has been denied microphone access? It does seem possible. We dug into this question based on two research papers, “AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary”, and “Side Eye: Characterizing the Limits of POV… Read more »

A New Content Agnostic Solution for Fake News Detection

Exploring Fake News Detection as a Service Automated or machine-learning solutions for fake news detection are both necessary and challenging in the fight against misinformation. This post explores the first automatic, content-agnostic approach to fake news detection, FNDaaS, which considers both new and unstudied website features. The Challenges of Fake News Detection Using Current Methods… Read more »

Does Using an AI Coding Assistant Generate Insecure Code?

The Pros and Cons of Leveraging Artificial Intelligence for Code Development Using an AI coding assistant is rapidly becoming an attractive choice for developers. Instead of analyzing your own problem-solving processes and translating them into code, why not draw on the massive body of developed software that has likely solved your problem a hundred times?… Read more »

2023 Security Operations Threat Report

X