> Do you like feeling safe about leaving your expensive stuff in your hotel room? Have you ever had anything stolen out of your room, or discovered someone has gained access to your room while you weren't there? .. what about .. other rooms? Maybe not EXACTLY a hotel room? I've presented on securing hotel rooms in the past, but adding home assistant, zwave devices, co2 sensors and millimeter wave radar it's become a whole new game
> We use the GNURadio software along with RTL-SDR and ADALM-PLUTO hardware to explore the world of digital communication. We build up to a simple QPSK modem and rudimentary GPS reception.
> official [PlutoSDR] firmware updates are no longer focus on new features for SDR enthusiastic people.. tezuka.. aims to be Universal Zynq/AD9363 firmware builder for.. PlutoSDR, Pluto+, AntSDR (e200), LibreSDR
It seems to me that this exploit was used in a chain with a WhatsApp issue that would trigger the malicious DNG data to be loaded as a zero click, presumably just into WhatsApp. It’s unclear to me if there was a sandbox escape or kernel vulnerability used along with this; it might have been used to exfiltrate WhatsApp messages only.
This would explain why there’s only a single patch for a simple memory corruption issue; usually an attacker would need a lot of chained vulnerabilities to bypass mitigations on iOS, but if the vulnerability is in the exact target application to begin with, it sure does make things easier.
Maybe I'm confused but isn't that for a different version of the LibreSDR? The one in the submitted article uses Ettus drivers and doesn't seem to use the Zynq SoC.
It demonstrates hardware capability of PlutoSDR clones. With options for open firmware (e.g. https://github.com/F5OEO/tezuka_fw) and OS drivers, users can choose a stack for desired provenance, cost, function, performance and compatibility.
Thanks for the clarification. Delaying patches for all Android is even worse than delaying for AOSP. Excerpts below.
.. Google recently made.. misguided changes to Android security updates.. almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access which we know for a fact is being widely leaked including to attackers.
.. Google's existing system for distributing security patches to OEMs was already.. problematic. Extending 1 month of early access to 4 months is atrocious. This applies to all of the patches in the bulletins. This is harming Android security to make OEMs look better by lowering the bar.. The existing system should have been moving towards shorter broad disclosure of patches instead of 30 days.
.. Android's management has clearly overruled the concerns of their security team and chosen to significantly harm Android security for marketing reasons.. Android is very understaffed due to layoffs/buyouts and insufficient hiring.. Google does a massive portion of the security work on the Linux kernel, LLVM and other projects.. providing the resources and infrastructure for Linux kernel LTS releases. Others aren't stepping up to the plate.
This would be a good discussion topic for the Linux Plumbers conference in 3 months.
Displaying malicious image causes HDMI cable to emit LoRa packets, https://github.com/XieyangSun/TEMPEST-LoRa
"Build a passive radar with software-defined radio" (2022), https://hn.algolia.com/?query=passive%20radarSEC-T 0x11 (2025) on evil maid defense, https://www.youtube.com/watch?v=ScwNIWzk4RQ
> Do you like feeling safe about leaving your expensive stuff in your hotel room? Have you ever had anything stolen out of your room, or discovered someone has gained access to your room while you weren't there? .. what about .. other rooms? Maybe not EXACTLY a hotel room? I've presented on securing hotel rooms in the past, but adding home assistant, zwave devices, co2 sensors and millimeter wave radar it's become a whole new game
Video tutorial series with book references, https://gallicchio.github.io/learnSDR/:> We use the GNURadio software along with RTL-SDR and ADALM-PLUTO hardware to explore the world of digital communication. We build up to a simple QPSK modem and rudimentary GPS reception.
LibreSDR firmware, https://github.com/F5OEO/tezuka_fw
> official [PlutoSDR] firmware updates are no longer focus on new features for SDR enthusiastic people.. tezuka.. aims to be Universal Zynq/AD9363 firmware builder for.. PlutoSDR, Pluto+, AntSDR (e200), LibreSDR
reply