Posts
Salut, Marco Casagrande will talk about E-Spoofer and I will talk about BLUFFS at the 2024 Toulouse Hacking Convention (THCON)! Both research works are funded by the ORSHIN Horizon Europe research grant.
- E-Spoofer talk: 4th April 2024, 10:15-10:45
- BLUFFS talk: 4th April 2024, 11:15-10:45
- Where: Marthe Condat auditorium, Paul Sabatier University, Toulouse
- THCON program
See you in Toulouse 🇫🇷 at THCON'24
Marco Casagrande’s presentation of our E-Spoofer paper about Xiaomi e-scooters' security and privacy recorded at ACM WiSec'23
Riccardo Cestaro’s master thesis, done at EURECOM in my group as a visiting student from UniPD, won the second prize in the CLUSIT (Italian Association for Information Security) thesis contest. CLUSIT yearly awards some of the best Information security theses in Italy. The list of winners is available here.
I am looking for a postdoc interested in Industrial Internet-of-Thing (IIoT) network security and privacy. The postdoc will be funded by the PEPR5g ANR project, work under my supervision at and join EURECOM’s S3 group. I can start hiring from the beginning of this summer.
Marco Casagrande presented at WiSec'23 our paper titled: E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem.
In a nutshell, we reverse-engineered the proprietary wireless protocols used by Xiaomi e-scooters and companions applications (i.e., Mi Home) over BLE, found critical vulnerabilities, exploited them to get arbitrary read and write capabilities on an e-scooter both in proximity and remotely (via a malicious Android app), developed concrete countermeasures, released a toolkit to reproduce our findings and tamper with the protocols, and responsibly disclosed our results to Xiaomi.