> In late 2016 and early 2017 I became burned-out from hunting bugs as it became a race between some very talented researchers and I. For example Derrek and I spent 2 months auditing and coding up PoCs for some bugs in a wifi driver where nearly 95% of our reports were duplicates with the Chinese teams. It was becoming hard to compete with teams who do this 40 hours a week while I do it as a hobby over coffee on Saturday mornings.<p>This isn't really the main focus of the article, but I find this really interesting. There are teams of full-time Chinese researchers looking for and reporting vulnerabilities in Android? Are they doing this to win the bug bounties? If so, it sounds like Google's bug bounty program is really paying off.
What is a vuln name, other than a binding of a CVE to a real word to make it easier to reference or promote.<p>It draws public attention to an issue better than any CVE-2017-XXXXX would do.<p>No, keep it up. Dictionary words are far easier to remember than specific numbers.
Well done to the author. I always found working on more obscure systems to be a lot more entertaining as a hobby and I'd definitely recommend it -- you'll almost never run into the issue of another researcher coming out with something first. Most security researchers seem to shy away from embedded VR due to an unjustified fear of obscure assembly languages and hardware (or perhaps they just realize there's no money in it...), but isn't nearly as hard as anyone thinks.<p>I expect to see drastically more work into IoT devices once tooling and knowledge sharing gets better. A lot of the articles right now begin and end with binwalk. Great tool but that's just the start.<p>The only hard part of embedded work is that it's really, really difficult to collaborate with anyone as VR is always filled with incredible drama and the talent pool of individuals willing to work on this (for free) with the prerequisite knowledge is almost non-existent.<p>Good luck. And thanks for not coming out with another media campaign first and interesting research second.
fascinating write up. Is it normal for wifi-drivers to have such an enormous code base? like, nearly 700k loc? And how much of it is generated code? I'd love any links to stuff on this if anyone has them and time to post, thanks.
Aw I can't take the quiz?<p><a href="https://pleasestopnamingvulnerabilities.com/integers.html" rel="nofollow">https://pleasestopnamingvulnerabilities.com/integers.html</a>