IoT: Full Disclosure Vulnerabilites NEC Large Format Displays

This blogpost will cover some vulnerabilites discovered in the actual Firmware of NEC Large Format Displays ( several, such as Rev. 18 or Rev1.8). The following vulnerabilites were discovered: Local File Inclusion (CVE-2020-26125) Stack based Buffer-Overflow (CVE-2020-26127) Broken Authentication (CVE-2020-26126) The vulnerabilities exist (at least) on the following devices of the vendor NEC Display Solutions, […]


Hintergrund. Anlässlich der andauernden COVID-19-Pandemie wird der Ruf nach technischen Lösungen – insbesondere mobilen Apps – zur Überwachung, Vorhersage und Steuerung von Infektionsgeschehen und Massnahmen lauter. Die grosse Hoffnung auf eine herbeigesehnte Rückkehr zur Normalität hat gleichzeitig jedoch Schattenseiten: Eine Betrachtung der Verhältnismässigkeit und Angemessenheit findet nicht statt, die mit derartigen Lösungen stets einhergehenden Risiken […]

iOS/Android: (Un)Secure Apache Cordova Apps

Background information. The advent of cross-platform development frameworks such as Apache Cordova breathed new life into the old slogan of „Write once, run anywhere“ then invented by Sun Microsystems.In most cases, „write once“ translates directly into „write in JavaScript“, as it is the language of the web, or rather the WebView component on the mobile platform.The JavaScript […]

Disclose or not Disclose.

Abstract. Last week something annoying happened to me (and it keeps bugging my mind), someone else published the details of a vulnerability that I discovered and reported earlier. I’m not writing this blogpost because I want the attribution for this vulnerability but it’s still part of the game. Therefore, if you’re a researcher and you’re […]

iOS: Bluetooth packet logging

About. This blogpost describes how you can access the BlueTooth communication of your iOS device. At the time writing this blogpost iOS 13 was not yet released to the public, but only to Apple Developers. Therefore, an Apple developer account is a prerequisite. Furthermore, the „Additional Tools for Xcode 11 Beta“ are required. (Apple developer […]

IoT: Full Disclosure Topcon Positioning Net-G5 Receiver

Abstract. This write up is about the discovery of two vulnerabilities (CVE-2019-11326, CVE-2019-11327) in the Net-G5 GNSS Receiver from Topcon Positioning. The Story. The ones who are interested in the vulnerabilities itself can skip this topic. Everyone else is invited to keep reading. Every now and then friends of mine ask me to take a […]

Veröffentlicht unter IOT

iOS: keychain_dumper extension

Recently I found myself in the situation, were it was not possible to dump Keychain Item data with Frida. Please don’t ask me why, I did not figure out why. I knew that there was a tool called keychain_dumper. The output of keychain_dumper was sufficient for the assessment, but I found it really painful to […]