![]() Doing so requires to boot the SoC in USB Download mode by holding a combination of buttons. The first thing to check once we have the device in hands is if the known USB vulnerability has been fixed. Conveniently, manufacturing date is on box : December 2020. ![]() Especially since we already discovered and exploited an USB vulnerability in the same chipset. Not a feature for users, so a priority for us. They also reveal the existence of one USB port hidden underneath the device. Overviews of internal hardware published on FFC ID website and Electronics360 indicate the device is based on Amlogic S905D3G SoC. You are solely responsible for any damage caused to your hardware/software/keys/DRM licences/warranty/data/cat/etc. ![]() Then, using a Raspberry Pi Pico microcontroller, we exploit an USB bug in the bootloader to break the secure boot chain.įinally, we build new bootloader and kernel images to boot a custom OS from an external flash drive. In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS.įirst, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary code execution on the device. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |