Jeremy Boone

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 The Era 100 is Sonos’s flagship device, released on March 28th 2023. NCC found weaknesses within the bootloader which can lead to full compromise of the device. research.nccgroup.com/2023/12/04/sho… research.nccgroup.com/2023/12/04/tec…

Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details/…

Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches. We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework. github.com/seemoo-lab/int…

where my peeps on bluesky? @uffeux.bsky.social

any interest in working on security in compilers? my team is looking for someone with a peculiar intersection of skills/interests: jobs.apple.com/en-us/details/…

🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale. security.apple.com/blog/private-c…

Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that! jobs.apple.com/en-us/details/…

🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world. security.apple.com/blog/imessage-…

that disclosure timeline though...

Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by @fdfalcon and @4Dgifts in our new blog post: blog.quarkslab.com/pixiefail-nine…

New Blog: Technical Advisory – Multiple Vulnerabilities in Nagios XI research.nccgroup.com/2023/12/13/tec…

New Blog: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call research.nccgroup.com/2023/12/04/tec…

New Blog: Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 research.nccgroup.com/2023/12/04/sho…

Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3SaMNWM

Caliptra is an open source silicon root-of-trust built using Rust on RISCV. Check out our public report: research.nccgroup.com/2023/10/18/pub…

New Blog: Public Report – Caliptra Security Assessment research.nccgroup.com/2023/10/18/pub…

Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3QoVImr

Here is @NCCsecurityUS' #security analysis: research.nccgroup.com/2023/10/18/pub…

Pleased to share our public report for Caliptra. Caliptra is an open-source HW/FW that is designed for server-class ASICs, where it acts as a root of trust for measurement. The audit was performed under the umbrella of the @OpenComputePrj's SAFE program. research.nccgroup.com/2023/10/18/pub…

OCP Tackles Data Center Security, Launches New Community-Led Security Program Improving IT Device Security Posture! OCP Security Appraisal Framework Enablement (S.A.F.E.) improves the trustworthiness of devices across all data center IT infrastructure. bit.ly/46ypGde