Monthly Archives: July 2017

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets | Exodus Intelligence

An impressively detailed start-to-end explanation of how an exploit is created. This exploit is unusually powerful in that it does not require the user to perform any action – no need to open attachments, click on hyperlinks etc. The only requirement is that Wifi is turned on. For iOS users, this exploit has been patched in the latest iOS 10.3.3.

Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit.

Source: Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets | Exodus Intelligence

[github] kosua20/herebedragons

Someone implemented the same 3D scene using different API/frameworks. Interesting from a learning point of view. But as someone commented in HN, some implementations could be made to look the same given enough effort.

This repository contains multiple implementations of the same 3D scene, using different APIs and frameworks on various platforms. The goal is to provide a comparison between multiple rendering methods. This is inherently biased due to the variety of algorithms used and available CPU/GPU configurations, but can hopefully still provide interesting insights on 3D rendering.

[github] kosua20/herebedragons

Roomba’s Next Big Step Is Selling Maps of Your Home to the Highest Bidder

Privacy concerns or fearmongering?

The Roomba is generally regarded as a cute little robot friend that no one but dogs would consider to be a potential menace. But for the last couple of years, the robovacs have been quietly mapping homes to maximize efficiency. Now, the device’s makers plan to sell that data to smart home device manufacturers, turning the friendly robot into a creeping, creepy little spy.

Source: Roomba’s Next Big Step Is Selling Maps of Your Home to the Highest Bidder

Starbucks should really make their APIs public. – Tendigi

See how closed API reverse engineering typically happens.

Now that I was able to sign and fingerprint my login requests, I combined everything into a small Node.js module that allows some basic Starbucks API functions. The good news is that it’s (mostly) hosted here on GitHub!

Voilà! Programmatic coffee.

Source: Starbucks should really make their APIs public. – Tendigi