SHENG-FU CHANG - CSF's BLOG

Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part III talks about a stack overflow vulnerability in MICO's signature verification process.

writeup

Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part II explains the OTA update mechanism of Xiaomi Speaker.

writeup

Xiaomi AI Speaker Authenticated RCE I: Firmware Analysis

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part I focuses on the approach of obtaining the firmware and introduces the firmware structure in detail.