Jeremy Boone
@uffeux
Followers
1K
Following
4K
Media
95
Statuses
2K
HW/FW security researcher @ fruit company
Canada
Joined May 2009
Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more?
jobs.apple.com
Apply for a Red Team Platform and Hardware Security Researcher job at Apple. Read about the role and find out if it’s right for you.
7
55
178
Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches. We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework. https://t.co/nSo82jRRuU
github.com
Bluetooth experimentation framework for Broadcom and Cypress chips. - seemoo-lab/internalblue
🔷 A backdoor in the ESP32 chip would allow it to infect millions of devices. Miguel Tarascó and @antonvblanco have revealed this at the @rootedcon this backdoor and presented a tool to perform Bluetooth security audits on any gadget. https://t.co/Q646g8s1vS
4
92
336
@evilsocket any interest in working on security in compilers? my team is looking for someone with a peculiar intersection of skills/interests: https://t.co/d3xvJVipeB
3
14
97
🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale.
security.apple.com
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute...
13
147
415
Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that!
3
25
52
🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.
security.apple.com
We are introducing PQ3, a groundbreaking cryptographic protocol for iMessage that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive...
8
127
371
that disclosure timeline though...
Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by @fdfalcon and @4Dgifts in our new blog post: https://t.co/g4Bg2GK4Y8
0
0
8
Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by @fdfalcon and @4Dgifts in our new blog post: https://t.co/g4Bg2GK4Y8
5
206
346
New Blog: Technical Advisory – Multiple Vulnerabilities in Nagios XI
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
1
5
8
New Blog: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
0
2
4
New Blog: Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
0
1
2
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 The Era 100 is Sonos’s flagship device, released on March 28th 2023. NCC found weaknesses within the bootloader which can lead to full compromise of the device. https://t.co/h5LBbUJe7g
https://t.co/8JkcXU3y7H
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
15
13
40
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... https://t.co/A9d5DaZxTo
0
1
1
Caliptra is an open source silicon root-of-trust built using Rust on RISCV. Check out our public report:
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
0
1
4
New Blog: Public Report – Caliptra Security Assessment
0
2
1
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... https://t.co/a1IrC4NK9S
0
1
1
Pleased to share our public report for Caliptra. Caliptra is an open-source HW/FW that is designed for server-class ASICs, where it acts as a root of trust for measurement. The audit was performed under the umbrella of the @OpenComputePrj's SAFE program. https://t.co/KoqapP2D26
nccgroup.com
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
0
3
8
OCP Tackles Data Center Security, Launches New Community-Led Security Program Improving IT Device Security Posture! OCP Security Appraisal Framework Enablement (S.A.F.E.) improves the trustworthiness of devices across all data center IT infrastructure. https://t.co/6zXOEh2635
0
2
3