When your iPhone is turned off, the Bluetooth, NFC and UWB chips might stay on and interact. This enables Find My and Express Cards and Keys, including the UWB-based Digital Car Key 3.0.

What does this mean to security and privacy? Find out in our paper: arxiv.org/abs/2205.06114 Short video teaser if you don't have the time for reading:

Fuzzed the phone in the iPhone, aka CommCenter, via Apple Remote Invocation (ARI) and Qualcomm MSM Interface (QMI). The #rC3 talk is scheduled for tomorrow 1:40PM. Very visual fuzzer, so the talk will be easy to follow for fuzzing and security newcomers.

rc3.world/rc3/public_fah… Since the stream currently has some issues, the slides are here: docs.google.com/presentation/d…

We just released Polypyus, a binary-only diffing tool programmed by @freebejan that runs independent from Ghidra and IDA and integrates into the workflow of other diffing tools. (1/n)
github.com/seemoo-lab/pol… This was a long journey starting with @dennismantz who reverse-engineered the Nexus 5 Bluetooth firmware. It doesn't have any strings or symbols, but he located threads, HCI handlers & enabled firmware patching with InternalBlue mid 2018. (2/n)

Because several people were asking about #Bluetooth, I'll make a thread. But I might ignore further questions, especially regarding over-the-air exploits. #DP3T

• BLE advertisements have a longer range than 2m, but are way more accurate than LTE cell towers.
(1/n) • BLE advertisement distance measurement accuracy depends a lot on the chips, meaning that they will work well within the Apple ecosystem, but probably not so well on some Androids. (2/n)