In the past few years, we’ve tried our hand at Vulnerability Reward Programs of all kinds of mobile vendors’ products and attack surfaces. Like many others, we’ve encountered as many misses as hits, learning valuable lessons from the mistakes we (and sometimes the vendors) have made. We presented our experiences in a talk this summer at Troopers and Le Hack. You can download the slides from here. A video of the presentations is not available yet, but the Troopers one will eventually be available here. The talk covered several VR projects which were discussed publicly for the first time. We have now released advisories for all of these newly discussed vulnerabilities, including:

Once upon a time, I started at TASZK Security Labs as an intern. My internship project was about hacking hypervisors, and the target we picked for it was Huawei’s HEE (Hypervisor Execution Environment). The research was carried out in late 2020 to early 2021. Although we didn’t publish this work all the way until 2025, it was kept relevant by the fact that the issues remained unaddressed, to the best of our knowledge. If that piqued your interest in the story of the disclosure, please check out our recent Troopers/LeHack talk titled Eastern Promises. In this blogpost, I’ll focus on the technical aspects of the project.