Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jiska Profile picture
Jiska
@naehrdine
Malware artist, unicorn creator, wireless hacker. Working at @HPI_DE (ex @seemoolab). Opinions are my own. https://t.co/GbL7GINJBo / @jiska@chaos.social
Nov 13 4 tweets 1 min read
See the latest iOS inactivity reboot in action!

iOS 18 comes with improved anti-theft measures. Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data. (1/4) Inactivity reboot puts your iPhone into "Before First Unlock" state, effectively locking encryption keys in the Secure Enclave Processor. Even if thieves leave your iPhone powered on for a long time, they won't be able to unlock it with cheaper, outdated forensic tooling. (2/4)
May 13, 2022 7 tweets 4 min read
When your iPhone is turned off, the Bluetooth, NFC and UWB chips might stay on and interact. This enables Find My and Express Cards and Keys, including the UWB-based Digital Car Key 3.0.

What does this mean to security and privacy? Find out in our paper: arxiv.org/abs/2205.06114 iPhone with low battery ind... Short video teaser if you don't have the time for reading:
Dec 27, 2020 4 tweets 3 min read
Fuzzed the phone in the iPhone, aka CommCenter, via Apple Remote Invocation (ARI) and Qualcomm MSM Interface (QMI). The #rC3 talk is scheduled for tomorrow 1:40PM. Very visual fuzzer, so the talk will be easy to follow for fuzzing and security newcomers.

rc3.world/rc3/public_fah… Since the stream currently has some issues, the slides are here: docs.google.com/presentation/d…
Apr 26, 2020 9 tweets 3 min read
We just released Polypyus, a binary-only diffing tool programmed by @freebejan that runs independent from Ghidra and IDA and integrates into the workflow of other diffing tools. (1/n)
github.com/seemoo-lab/pol… This was a long journey starting with @dennismantz who reverse-engineered the Nexus 5 Bluetooth firmware. It doesn't have any strings or symbols, but he located threads, HCI handlers & enabled firmware patching with InternalBlue mid 2018. (2/n)
Apr 10, 2020 11 tweets 3 min read
Because several people were asking about #Bluetooth, I'll make a thread. But I might ignore further questions, especially regarding over-the-air exploits. #DP3T

• BLE advertisements have a longer range than 2m, but are way more accurate than LTE cell towers.
(1/n) • BLE advertisement distance measurement accuracy depends a lot on the chips, meaning that they will work well within the Apple ecosystem, but probably not so well on some Androids. (2/n)