CSF's BLOG
  • Home
  • About
  • Writeup
Subscribe
SHENG-FU CHANG

SHENG-FU CHANG

3 posts published

Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096
writeup

Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part III talks about a stack overflow vulnerability in MICO's signature verification process.

  • SHENG-FU CHANG
SHENG-FU CHANG Sep 22, 2020 • 4 min read
Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?
writeup

Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part II explains the OTA update mechanism of Xiaomi Speaker.

  • SHENG-FU CHANG
SHENG-FU CHANG Sep 22, 2020 • 4 min read
Xiaomi AI Speaker Authenticated RCE I: Firmware  Analysis
writeup

Xiaomi AI Speaker Authenticated RCE I: Firmware Analysis

This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART). Part I focuses on the approach of obtaining the firmware and introduces the firmware structure in detail.

  • SHENG-FU CHANG
SHENG-FU CHANG Sep 15, 2020 • 4 min read
CSF's BLOG © 2022
Powered by Ghost