Qualcomm IPQ40xx: Breaking into QSEE using Fault Injection

We’ve identified multiple critical software vulnerabilities in QSEE, Qualcomm’s Trusted Execution Environment (TEE), on Qualcomm IPQ40xx …

Read more

Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities

It’s time to get technical! In our previous blog post we notified you already about the vulnerabilities we identified in Qualcomm’s Secure …

Read more

Qualcomm IPQ40xx: An Unexpected Cup of TEE

The Qualcomm IPQ40xx family of chips, which includes the IPQ4018, IPQ4019, IPQ4028 and IPQ4029, are popular System-on-Chip (SoC) solutions for …

Read more

Espressif ESP32: Bypassing Encrypted Secure Boot …

We arrived at the last post about our Fault Injection research on the ESP32. Please read our previous posts as it provides context to the results …

Read more

Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)

In our previous post we described an attack where we load an arbitrary value indirectly into the PC register using EMFI. During that attack we …

Read more

Espressif ESP32: Controlling PC during Secure Boot

In our previous post we demonstrated that the ESP32 chip is vulnerable to EMFI. We used this to bypass the Secure Boot implementation of the ESP32. …

Read more