Articles by Maxime Rossi Bellom

4 articles
Date Tue 15 October 2024
Authors Maxime Rossi Bellom, Raphaël Neveu
Category Android

We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the bootloader, get root access on Android with persistency, and finally leak anything from the Secure World's memory including the Android Keystore keys.

Date Mon 14 August 2023
Authors Maxime Rossi Bellom, Damiano Melotti
Category Android

Join us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities.

Date Thu 11 August 2022
Authors Damiano Melotti, Maxime Rossi Bellom
Category Android

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

Date Tue 24 March 2020
Author Maxime Rossi Bellom
Category Reverse-Engineering

In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices. This vulnerability had been known by MediaTek since April 2019, and later exploited in the wild! In this post, we give some details about this vulnerability and see how we can use it to achieve kernel memory reads and writes.