Techly NewsGet the app

Get the latest tech news

Uncovering a 0-Click RCE in the SuperNote Nomad E-Ink Tablet


Details of our SuperNote Nomad research which led to the disclosure of a 0-click RCE vulnerability

Nmap was unable to identify the service directly, so we decided to investigate this mysterious port a bit further by grabbing a firmware image for the device from Ratta Software's"Updates" page. This puts into context quite a bit of the strange behavior observed inside run()- different operations are being triggered based on what custom headers are passed from the client. A researcher poked at the previous generation of SuperNote devices and found that firmware images were signed with publicly available debug keys and the bootloader was unlocked by default...nice.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of click rce

click rce

« Lawmakers are skeptical of Zuckerberg's commitment to free speech
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs »