Christian Werling

The researchers also say they were able to prove the existence of the "Elon mode" (non restricted, fully self driving) and they were able to turn the mode on. All by a voltage glitch attack on the board with cheap equipment #37c3 Full story in German :spiegel.de/netzwelt/gadge…

Security researchers say they were able to access restricted parts of the autopilot board in Tesla vehicles, access the neural networks and reverse engineer most of the program. Even recover deleted footage from a Tesla vehicle. Here is what they told me: spiegel.de/netzwelt/gadge…

Drei Berliner Sicherheitsforschern haben mir berichtet, dass sie per Voltage-Glitch Teslas Autopilot-Platine gehackt und den gesperrten Elon-Modus eingeschaltet haben. Heute stellen Sie beim #37c3 ihre Forschung ausführlich vor, hier eine Übersicht spiegel.de/netzwelt/gadge…

@aisafetyfirst Thanks! We haven’t looked at Zen 4 yet.

@_cwerling Christian this is very valuable research, have you looked at AMD Zen 4 CPUs with faulTPM yet? Very important for people to know if faulTPM is still possible on Zen 4 CPUs otherwise they need to be avoided like the plague for anything that requires reasonable security.

Disk encryption is critical in securing your data when you lose your device or an attacker gets physical access. But we found that if you don't use a BitLocker passphrase on an AMD system (before Windows even comes up), your data is not adequately secured: arxiv.org/abs/2304.14717

#jailbreaking-an-electric-vehicle-in--or-what-it-means-to-hotwire-teslas-x-based-seat-heater-33049" target="_blank" rel="nofollow noopener">blackhat.com/us-23/briefing… Why testing fault injection attacks on integrated circuits matters? ⚡️🚗🔐 At BlackHat 23, a research team from @TUBerlin: Christian (@_cwerling), Niclas, Hans and Oleg will show voltage glitch attack against AMD Secure Processor (ASP) used in Tesla cars!

Find all code and data to mount the attack here: github.com/PSPReverse/ftp…

We built a stealth AirTag clone that is not detected by Apple’s tracking protection. It works by only sending one beacon per generated public key. positive.security/blog/find-you

New blog post: Windows 10 RCE via an argument injection in the ms-officecmd URI handler. While our RCE vector (MS Teams) has been fixed, the argument injection still persists. positive.security/blog/ms-office…

@OrangeCMS Here we go again, #PSPTool 2.3 with several bugfixes and minor improvements is now available 🚂 pypi.org/project/psptoo…

#PSPTool 2.2 now supports JSON output thanks to @OrangeCMS 🎉 pypi.org/project/psptoo…

@WangTielei While checking out the Nailgun Attack paper [0], I saw an acknowledgment to you for checking iOS devices. Any insights you would be willing to share? Wondering whether the M1 might be susceptible, too. [0] compass.sustech.edu.cn/nailgun/

Unpatched, critical vulnerabilities in the PlingStore app and Pling-based Linux marketplace websites and patched, lower-severity vulnerabilities in KDE Discover and the Gnome Shell Extensions website positive.security/blog/hacking-l…

Different port, same exploit: Our research found how a patched vulnerability in ZyXEL NAS devices was still exploitable due to incomplete patching srlabs.de/bites/zyxel-ze…

Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices: positive.security/blog/send-my

After months of hard work, we're releasing #LibAFL ✔️Scales across cores and machines ✔️Windows, Android, no_std, ... ✔ Different Modes like binary-only Frida mode (120k execs/sec on a phone anyone?) ✔ Easy to extend with grammar fuzzing, etc. ✔️Rust ;)

Insecure URI handling leads to 1-click #RCE in many popular desktop applications: #Telegram #Nextcloud #VLC #LibreOffice #OpenOffice #Bitcoin #Dogecoin #Wireshark #Mumble Check our post for more details: positive.security/blog/url-open-…

utk-web now allows for marking #PSP blobs. Click a PSP card to select it! Fun trivia: Even entries from the same "directory" are scattered across a #firmware flash image. Try it out: hostile.education/utk-web/A3MSTX… #UEFI #AMD #reverseengineering

@OrangeCMS Thanks a lot for your PR. Looking forward to check it out on the weekend! :)

So let's add some JSON output support to #PSPTool for further processing. :) Thanks a ton @_cwerling for the awesome project! \o/