CVE-2025-51643

Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...

CVE-2025-25733

CVE-2025-25733 concerns an improper access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs). Affected versions are 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28. The root cause is improper SPI Flash Chip access control, enabling physically proximate ...

ThunderSpy

A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device. Recent assessments: agalauner-r7 at May 11, 2020 4:37pm UTC reported: The risks of DMA...

Hacking Hardware Password Managers: passwordsFAST

TL:DR Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The passwordFast device uses different ways to store the data on a flash chip with a...

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

Ghost hardware. Device No.2, the Boo Buddy

The “Boo Buddy” is sold as a “trigger object” with a wide range of internal functionality such as EMF, motion and temperature detection. It’s a “trigger object”, in the sense that it is designed to evoke the spirits of children, who might be drawn in by the presence of a toy. Many people have...

Belkin F9K1111 firmware vulnerability analysis-vulnerability warning-the black bar safety net

Recently, we noticed that the HP DVLabs has been in the Belkin（Belkin） N300 Dual-Band WiFi range Extender（F9K1111 in at least 1 0 a vulnerability. In response, the Belkin just released the version number is 1. 0 4. 1 0 firmware. Because this is the F9K1111 the first update release, but there is n...