Coming up at USENIX Security, we have three exciting papers on Android security across all layers of the stack. Learn about fuzzing trusted components, type confusion in trusted APIs and a study on how trusted apps are updated. EPFL EPFL Computer and Communication Sciences actu.epfl.ch/news/finding-s…

Downgrading trusted apps allows attackers to use N-days for attacking the trusted world. Sadly, Marcel USENIX Security discovered that rollback prevention is lacking on Android. Paper: nebelwelt.net/files/24SEC.pdf

As it turns out, the secure monitor, Android's most trusted component is full of bugs. Christian Lindenmeier and Marcel discovered lots of serious issues USENIX Security though fuzzing. Paper: nebelwelt.net/files/24SEC2.p…

Do you want 0days in Android Trusted Applications using the Global Platform API? Use Marcel's binary static analysis USENIX Security to find type confusions resulting in arbitrary writes. Paper: nebelwelt.net/files/24SEC4.p…

🔒 ARM TrustZone is the backbone of mobile devices 📱, and EL3XIR provides an effective framework for rehosting and fuzzing the secure monitor firmware of proprietary TrustZone-based TEEs Join Marcel & Christian Lindenmeier at #hw_ioNL2024 👉 hardwear.io/netherlands-20… #fuzzing #mobilesecurity

🥁🥁🥁...Uncovering Security Vulnerabilities at #hw_ioNL2024! Marcel; Christian Lindenmeier reported 34 bugs in secure monitors, with 17 classified as security critical. Affected vendors confirmed 14, leading to 6 CVEs for EL3XIR 👉 hardwear.io/netherlands-20… #fuzzing #EL#XIR #monitorsecurity

📢 SPEAKERS ANNOUNCEMENT 📢 On Wednesday Nov. 6th, Marcel Busch Marcel and Philippe Mao 🙋‍♂️, Postdoc and PhD at EPFL HexHive lab, will propose a fascinating talk 🔥 GlobalConfusion: Trustzone Trusted Application 0-Days by Design 🔥 Abstract 👉 blackalps.ch/ba-24/talks.ph…

🚨 At #hw_ioNL2024, Marcel Busch and Christian Lindenmeier introduced EL3XIR, a powerful framework designed to rehost and fuzz the secure monitor firmware layer of TrustZone-based TEEs. YouTube Link: youtu.be/x-VRC0WX5Bo?si… #fuzzing #securemonitor #EL3XIR

💡 ARM TrustZone-based TEEs secure devices like smartphones; drones, but they have critical vulnerabilities Join Marcel at #hw_ioUSA2025 to analyze system designs, spot security flaws & explore isolation and confidentiality techniques 👉 hardwear.io/usa-2025/train… #TrustZoneTEE

🚨 The Insomni’hack 2025 Conferences Programme is LIVE! 📅 2 days, top experts, & cutting-edge cybersecurity talks. Get your tickets now: insomnihack.ch/talks-2025/?ut… #INSO25 #Cybersecurity #EthicalHacking #Switzerland

🗓️ Exciting news! Marcel & Christian Lindenmeier will be joining Insomni’hack 2025 to present "EL3XIR: Fuzzing COTS Secure Monitors". Explore the lineup and secure your spot: insomnihack.ch/talks/el3xir-f… #INSO25 #Cybersecurity #EthicalHacking #Switzerland

We are excited to announce Mathias Payer as the Keynote Speaker for the first day of Talks at Insomni'hack 2025! 🎟️ Register now and secure your spot: insomnihack.ch/talks/advanced… #INSO25 #Cybersecurity #EthicalHacking #Switzerland

🗓️ Exciting news! Marcel & Christian Lindenmeier will be joining Insomni’hack 2025 to present "EL3XIR: Fuzzing COTS Secure Monitors". 🔍 Last days to secure your spot: insomnihack.ch/talks/el3xir-f… #INSO25 #Cybersecurity #EthicalHacking #Switzerland

We sent one of us to scout the grounds of this year's Insomni'hack. From Android rollback attacks to AI-driven malware, here’s what stood out to us: eshard.com/posts/a-look-b…