CSF's BLOG
  • Home
  • About
  • Writeup

Latest

Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096

Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part III talks about a stack overflow vulnerability in MICO's signature verification process.

By SHENG-FU CHANG 22 Sep 2020
Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?

Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part II explains the OTA update mechanism of Xiaomi Speaker.

By SHENG-FU CHANG 22 Sep 2020
Xiaomi AI Speaker Authenticated RCE I: Firmware  Analysis

Xiaomi AI Speaker Authenticated RCE I: Firmware Analysis

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part I focuses on the approach of obtaining the firmware and introduces the firmware structure in detail.

By SHENG-FU CHANG 15 Sep 2020
CSF's BLOG
Powered by Ghost