Extremely proud to announce some of the research I/we have been conducting over the last few months at the Hardware Security Research lab at @TIIuae. This is my first vulnerability and public CVE (CVE-2023-35818). Security advisory by the manufacturer: https://t.co/Dxe8IOXwEX
We built TROPIC01 to find its limits.
Today we're publishing a Security Advisory on a hardware vulnerability discovered during an independent audit by the Ledger Donjon team - alongside the deeper findings our engineers made as a result.
What was found:
👉️ During their audit, Ledger Donjon successfully executed a Laser Fault Injection attack bypassing firmware boot signature under lab conditions - but essential hardware security withstood it.
👉️ Building on that discovery, our team found that more complex combined attack paths can potentially breach the hardware boundary and expose all confidential data.
Worth knowing:
👉️ This is not a remote exploit and there is no evidence of real-world exploitation.
👉️ Mitigation measures for this attack vector are available for deployment.
True hardware security is built on transparency and auditability. So we don't just tolerate scrutiny, we invite it. This disclosure is that principle in practice.
A huge thanks to @DonjonLedger team for their exceptional technical expertise, professionalism and dedication to coordinated disclosure.
📄 Read our full announcement: https://t.co/nrLt3aQRU6
🔬 Link to technical deep-dive: https://t.co/IxoXdMRUlC
See you at SAHA 2026! 👋
Today, more and more systems are deployed in the field, constantly connected, and expected to remain trusted over time. For hardware design houses, drones & autonomus systems developers, and security engineers, this brings very real challenges around device identity, key protection, and secure updates. 🔐
At Tropic Square, we believe trust at the hardware level should be open, transparent, and auditable.
Will you be at @SahaExpo ? If you are working on embedded systems, UAVs, communication, or sensing technologies and want to meet the future of hardware security, we will be there and would love to connect! 🚀
If you'd like to meet on-site, feel free to reach out to Simon Fic (https://t.co/56aBbMTGOA to set up a meeting. 🤝
Looking forward to the conversations!
USENIX WOOT Conference 2026: two submission deadlines this year!
- Cycle 1: December 12, 2025 *only one month away* !
- Cycle 2: March 3, 2026
WOOT still has a SoK track and an "Up-and-coming track" (~Industry), CFP for details : https://t.co/QWaGac1ZvQ
@xataka Por si no lo hemos dejado especialmente claro: da igual la postura que asuma la UE, nosotros nos pensamos asegurar de que los ciudadanos puedan proteger su esfera íntima con mecanismos de cifrado y anonimato de calidad #cryptografree /cc @rootedcon@criptored
Google Wifi Pro - Glitching from Root to EL3 - Part 3
In this third post, we explain in detail, how we used the arbitrary write of 4 bytes to reconfigure the secure memory ranges in the XPU in order to patch EL3 code directly from the REE using devmem.
https://t.co/GShCzn9vNB
Google Wifi Pro - Glitching from Root to EL3 - Part 2
In this second post, we explain in detail, how we used a single EM glitch to read and write a 32-bit value from/to an arbitrary address from within the context of EL3.
https://t.co/Mfx9zFyG1s
Google Wifi Pro - Glitching from Root to EL3 - Part 1
In this first post, we explain in detail, how we were able to inject EM glitches in order to characterize Qualcomm's IPQ5018 SoC susceptibility to EM glitches.
https://t.co/pC0Pel4CtG
Stream Update
The @offby1security with @slava_moskvin_ on Fuzzing Linux Kernel Modules will now run this Thursday, May 22nd at 11AM!
https://t.co/WpG6mXOAtr
Our @pulsoid will be keynoting at the 11th Language-theoretic IEEE Security & Privacy workshop (LangSec).
We are honored to contribute with our research on #faultinjection. We will keep exploring the fine line between #hardware and #software and its #security implications.
Released new Pwndbg: 2025.04.18
It adds display of breakpoints in the disasm view, new libcinfo command, improves attachp & hexdump commands, UI, TUI and more. Also, command names use "-" istead of "_" now for consistency.
Read more and download it on https://t.co/HA6eJA6555 !
And.. it's out.. We are going to be at @reconmtl !
Our "The Art of Fault Injection" training gets to Canada for the first time and we are excited to make it happen.
If would like to master advanced Fault Injection attacks #TAoFI is the perfect place to be.
See you in Montreal!
@andreyknvl That's really great! I can't wait to start!
Will there also be information leaks and cross-allocator attacks?
Thank you very much for your reply and see you on Sunday!
@andreyknvl Hey @andreyknvl! I am really happy to attend to your training at Ringzer0. I wanted to ask you, because I have noticed a small difference in the content that is published at Ringzer0 and the content at OffensiveCon or RECon. Is this right? Thank you very much!