Posts in "Threat Research"

Don’t Give Me a Brake – Xiaomi Scooter Hack Enables Dangerous Accelerations and Stops for Unsuspecting Riders

This proof-of-concept (PoC) is released for educational purposes and evaluation by researchers, and should not be used in any unintended way. Furthermore, this PoC and any other related material has been published only after disclosing it to Xiaomi Researcher: Rani Idan (@RaniXCH)   **UPDATE: Subsequent to the initial disclosure/posting, zLabs discovered a temporary mitigation solution. … Read More

FreeRTOS TCP/IP Stack Vulnerabilities – The Details

Researcher: Ori Karliner (@oriHCX) Following our blog from last month, this blog will cover the technical details of our findings. If you suspect that any of your devices are affected by these vulnerabilities and want our assessment, contact us at freertos@zimperium.com. General information Before we dive into the vulnerabilities, there are some important things to … Read More

CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services

As part of our platform research in Zimperium zLabs, I have recently disclosed a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level). I also wrote a proof-of-concept … Read More