Qualcomm IPQ40xx: Achieving QSEE Code Execution

In this post we finally dive into our approach for exploiting the vulnerabilities we’ve identified in QSEE, Qualcomm’s Trusted Execution …

Read more

Qualcomm IPQ40xx: Breaking into QSEE using Fault Injection

We’ve identified multiple critical software vulnerabilities in QSEE, Qualcomm’s Trusted Execution Environment (TEE), on Qualcomm IPQ40xx …

Read more

Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities

It’s time to get technical! In our previous blog post we notified you already about the vulnerabilities we identified in Qualcomm’s Secure …

Read more

Qualcomm IPQ40xx: An Unexpected Cup of TEE

The Qualcomm IPQ40xx family of chips, which includes the IPQ4018, IPQ4019, IPQ4028 and IPQ4029, are popular System-on-Chip (SoC) solutions for …

Read more

Espressif ESP32: Bypassing Encrypted Secure Boot …

We arrived at the last post about our Fault Injection research on the ESP32. Please read our previous posts as it provides context to the results …

Read more

Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)

In our previous post we described an attack where we load an arbitrary value indirectly into the PC register using EMFI. During that attack we …

Read more