BLOG

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)

CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.

Emulating Hypervisors: a Samsung RKP case study (OffensiveCon 2020)

Hello, I'm Aris Thallas, a computer security researcher working at CENSUS. Back in February 2020 I had the pleasure of presenting my work on proprietary hypervisor emulation and bug discovery at the OffensiveCon 2020 conference.

Attacking Hexagon: Security Analysis of Qualcomm's aDSP (RECON MONTREAL 2019)

Attending Recon 2019 was an amazing experience with many interesting talks. I would like to thank the organizers for the excellent event and I definitely hope to return next year.

Hitting the Gym: The Anatomy of a Killer Workout (TROOPERS 2019)

On March 18th 2019 myself and Dimitrios Valsamaras delivered a presentation on cybersecurity vulnerabilities of "smart" fitness equipment, entitled "Hitting the Gym: The Anatomy of a Killer Workout" at the TROOPERS 2019 conference (NGI track).