• Home
• People
• Research
• Selected Publications
• Code
• Disclosures
• Testbeds
• Service

Blog

• December 10, 2023

  NEW: The 5Ghoul family of vulnerabilities has been featured by Channel News Asia via an interview with Matheus E. Garbelini -- the PhD student whose thesis research resulted the discovery.

• December 08, 2023

  NEW: Today we released 5Ghoul -- a family of 5G implementation vulnerabilities (10 CVEs) that affect 5G cellular baseband modems from major vendors i.e., Qualcomm and MediaTek. We demonstrate concrete exploitation of 5Ghoul vulnerabilities to continuously launch attacks to drop the connections, freeze the connection that involves manual reboot or downgrade the 5G connectivity to 4G. Based on the Kimovil listings and December security bulletin from Qualcomm and MediaTek, we (under)-estimate that over 710 different smartphone models (with 626 phones having 5G capability enabled) to be affected along with other 5G IoT devices. If you are a 5G module or device maker, or simply interested in 5G research, feel free to read the 5Ghoul Disclosure and get back to us via contact@5ghoul.com for any question. The exploit code and fuzzing tool for 5Ghoul is open source for research and experimentation.

• September 19, 2023

  NEW: We will disclose multiple and unknown 5G implementation vulnerabilities (10+ CVEs) on 7th Dec 2023 affecting major vendors producing Cellular Baseband Modems. Our preliminary search reveals more than 320 different smartphone models affected. Watch out 5Ghoul disclosure website for the details on or after 7th Dec 2023.

• August 04, 2023

  NEW: VitroBench Teaser Video is out, it provides a one of a kind test platform for automotive cybersecurity research. VitroBench is spearheaded by Anthony Yeo and Matheus E. Garbelini, Phd Students in our group. The full disclosure of all source code, attack scripts and attack videos are expected by end September, 2023. Meanwhile, you may read the VitroBench research paper that will appear in Vehicular Communications.

• July 31, 2023

  NEW: A group of security researchers at Star-V Lab launched and tested BrakTooth in many cars. It was great to see their comprehensive report on BrakTooth Hunting in Cars and see the impact of BrakTooth going way beyond our tested subjects. Very cool work by Star-V Lab.

• April 27, 2023

  Dr. Tok Yee Ching, Research Fellow of ASSET Group, has joined the Advisory Board of the SANS Asia Pacific DFIR Summit 2023. The Call for Presentations is currently open till June 5, 2023, and the Summit will be held on September 7-8, 2023.

• March 13, 2023

  I have multiple PhD Scholarships with iTrust available in the area of (Wireless) Communication Security, (IoT) Cybercrime and Forensics and AI/ML Safety, Bias and Security for Sept 2023 and Jan 2024 intakes. If you are interested, send me your CV and set up a (virtual) meeting. All PhD Scholarships with iTrust are now filled. However, PhD opportunities are available under external scholarships such as SINGA, ACIS etc. For Singaporeans and Permanent Residents, there are multiple other opportunities. If you are interested, send me your CV and set up a (virtual) meeting.

• March 12, 2023

  NEW: We have many Post-doctoral and Research Assistant/Officer/Engineer positions available in all the projects enlisted under the Research. In general, if you are interested in any aspect of Cyber Security, then feel free to send Sudipta an email with your CV. If you are an SUTD student and wish to explore research opportunities at UG or graduate level, then do not hesitate to set up an in-person meeting for chat.

• November 19, 2021

  NEW: Matheus E. Garbelini, PhD student in our group, wins Intel Bug Bounty Award to enable discovering two Intel AX200 attacks under the BrakTooth family. The Intel Bug Bounty Award is given for security researchers that discover and report flaws in Intel products. Matheus has been awarded USD 3,000 for each of the Intel AX200 attacks under BrakTooth family, resulting a total award value of USD 6,000.

• November 08, 2021

  NEW: Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, encourages manufacturers, vendors, and developers to review BrakTooth vulnerabilities and patch or find workarounds to counter BrakTooth flaws. See the official CISA announcement and some notable coverage at Bleeping Computer, Threatpost, and PCMag Magazine.

• October 14, 2021

  NEW: BrakTooth research was leveraged into improvements in Keysight IoT Security Assessment software. See the official press release from Keysight here and a coverage of this news here. We are glad that the research done in our group made to industry scale security assessment software. This is also the first time the industry translation of our research on wireless fuzzing is publicly disclosed by Keysight Technologies and other mediums.

• September 13, 2021

  NEW: BrakTooth featured in WIRED, PCMag Magazine, Hacker News, HACKADAY, MalwareBytes, Register, Bleeping Computer, Threatpost, The Record (by Recorded Future), Heise Online, and 40+ other news articles and podcasts (Podcast 1, Podcast 2) worldwide. The BrakTooth security alert has been covered by SingCERT, CSA and German Federal Office for Information Security, and Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), among others.

• August 31, 2021

  NEW: Today we released BrakTooth -- a family of 16 new security vulnerabilities (20+ CVEs) in commercial Bluetooth classic (BR/EDR) stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs. BrakTooth affects major System-on-chip (SoC) vendors such as Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Silicon Labs among others. Bluetooth listings capture over 1400 products to be affected, including but not limited to Laptops and smartphones from major vendors (e.g. Dell, HP, Samsung, Microsoft etc.), Automotive Infotainment systems, Aircraft Entertainment systems, Speakers and Headphones. If you are a Bluetooth module or SoC vendor, feel free to request the proof of concept tool here: BrakTooth PoC.

• June 30, 2021

  NEW: ASSET group will release 16 new security vulnerabilities (20+ CVEs) on 31st August 2021 (currently undisclosed due to confidentiality). The vulnerabilities can be exploited to cause havoc on the devices at your desk, pocket, house, office and whatnot. Just a cursory search reveals that over 1100 product listings are affected by these vulnerabilities. Watch this space when we release all the exploits and details on 31st August 2021.

• May 17, 2021

  NEW: Out of many security vulnerabilities discovered by our Greyhound Fuzzer (For Wi-Fi and Bluetooth), it has received bug bounties for nine (9) of the discovered vulnerabilities (total worth >18K SGD). Join us to improve Greyhound Fuzzer and win more bounties!!!

• April 14, 2021

  NEW: Our Greyhound Fuzzer (for both Wi-Fi and BLE) is now successfully integrated into a commercial pen testing tool used by major automotive industry (names undisclosed due to confidentiality). They have subsequently used the Greyhound component to discover new Denial-of-Service (DoS) attacks. We are glad to see the translation, commercial success and effectiveness at industrial scale within just two years of the inception of Greyhound project at ASSET group.

• March 11, 2021

  NEW: ASSET group PhD student Matheus E. Garbelini wins a bug bounty equivalent to 6000 SGD for finding highly critical security vulnerabilities in Bluetooth protocol implementation (currently undisclosed due to confidentiality). Congratulations Matheus!!!

• December 07, 2020

  Stitcher framework designed by Yee Ching featured and discussed in Forensic Focus. Great work Yee Ching!!!!

• December 04, 2020

  We are organizing SIMLA 2021 Workshop (Security in Machine Learning and its Applications) affiliated with ACNS 2021. If you are working in the area of AI safety and security or application of AI in security, then consider submitting a paper.

• November 20, 2020

  Medtronic acknowledges our SweynTooth work by including involved ASSET group members in their outstanding research contributor page. Many thanks to CSA, Singapore for acknowledging our research effort on discovering Sweyntooth.

• October 10, 2020

  We provide a tutorial on IoT protocol vulnerabilities at Cybersecurity R&D Workshop 2020 held as part of the Singapore International Cyber Week 2020. Watch the Day 2 video (our tutorial starts at 2:26:28).

• July 14, 2020

  The details of the second wave of SweynTooth vulnerabilities (CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595) diclosed today. Affected vendors include (but not limited to, as we do not track all vendors) Espressif Systems, Texas Instruments, Microchip and Zephyr Project. Have fun.

• March 04, 2020

  United States Department of Homeland Security and USA Food and Drug Administration raise SweynTooth alert to make everyone aware of this critical BLE implementation vulnerability. Read the ICS Alert and the FDA Safety Communication. The respective alerts by Cyber Security Agency, Singapore and Health Sciences Authority, Singapore can be found in SingCERT Alert and HSA Safety Communication. It is a wake up call for all BLE SoC vendors and IoT product manufacturers.

• February 25, 2020

  SweynTooth and ASSET group featured in WIRED (top technology journal in the world) and 30+ news articles (and also podcasts) in English as well as in Non-English languages all over the world. I am glad to say that the work is almost single handedly pulled off by a first-year PhD student Matheus Eduardo in the ASSET group.

• February 11, 2020

  Today we release SweynTooth, a family of 12 new Bluetooth implementation vulnerabilities (more coming) affecting major system-on-chip (SoC) vendors such as NXP, Cypress, Texas Instruments, Dialog, Telink, ST Microelectronics and Microchip (the list is not exhaustive) and potentially affecting more than 480 IoT products already in market (most of them unpatched). SweynTooth reveals the terrible state of Bluetooth certification process. Read the description to know what the vulnerabilities are, how they can be exploited and why we name them SweynTooth. Feel free to reach us at sweyntooth@gmail.com for any question and clarification.

• February 09, 2020

  12 new CVEs assigned to show how to cause havoc in wireless systems (currently undisclosed for confidentiality). The vulnerabilities affect millions of wireless products being used. If you are in a "smart" nation, then you are almost certainly at risk (we are currently in the 90-day responsible disclosure window). Watch this space on 9th February, 2020 when we disclose the exploits and the details.

• November 11, 2019

  NEW: Yee Ching wins the Cybersecurity award in the professional category organised by the Association of Information Security Professionals (AiSP) and supported by Cyber Security Agency (CSA). He is also featured in the News today.
  
  Well done and congratulations Yee Ching!! We are proud to have you here.

• November 01, 2019

  NEW: Chundong Wang from our group will join as a tenure-track Assistant Professor at the ShanghaiTech University from early 2020. Chundong was one of the first members to join our group and he has made extremely valuable contributions to the ASSET group research. While we will certainly miss Chundong, at the same time, we are extremely proud of his achievements and will look forward to his research as he moves on to the next level of his career.
  
  Congratulations Chundong!!

• September 03, 2019

  NEW: Detailed descriptions of the CVEs discovered through our work on over-the-air fuzzing released now. Please check them out here (News coverage: Packt, Hacker News, HackaDay, medium): CVE-2019-12586, CVE-2019-12587 and CVE-2019-12588. Follow the discussions at Hacker News or HackaDay and use the proof-of-concept code from here to have fun.

  Quoting a user from Hacker News: "It [ESP8266] is a Wi-Fi enabled microcontroller locally designed and produced in china with a "100 million units sold" target. It is widely used by the makers community and by many new "smart" products. I would say that this has a really large scale impact and a lot of people will need to update the firmware".
  
  Get back to us if you have further queries.

• August 09, 2019

  NEW: Several post-doctoral positions open in all software security projects. Background in any of the following areas are welcome to apply: Software Security, Software Verification and Testing, Embedded Systems, Machine Learning, Formal Methods, Wireless Network. Take a look at our projects and publications for details and contact me directly with your CV if interested.

  NEW: (This position is filled up) One research assistant position (Bachelor or Masters degree holder) is open for the IoT Wireless Security project. Candidates with interest in any of the areas are welcome to apply: Networking, Systems Security and Software Engineering. Strong programming skills are expected. Contact me directly with your CV.

  NEW: We are looking for two PhD students to work on Safety and Security for Artificial Intelligence and Machine Learning. The student must hold a Singapore Citizenship or Permanent Residency. The position offers attractive scholarship and a collaboration with Industry Partner OneConnect Financial.
  For details about the scholarship and the offer, interested candidates can email Sudipta Chattopadhyay with your résumé with the subject "PhD AI/ML Security position".
  
  We look forward to your applications!!

• July 30, 2019

  Our work on over-the-air fuzzing is tested today on a real car: Toyota Altis 2016 version and automatically discovered KRACK together with other anomalous behaviour in the Wi-Fi implementation. If you are using the same car, then you MUST update the firmware (if you haven't done so already).
  
  Great work Matheus!!

• July 27, 2019

  Yee Ching is awarded a bug bounty of 200USD by Crypto.com for finding vulnerabilities in Crypto.com’s payments and cryptocurrency platform (undisclosed for confidentiality).
  
  Congratulations Yee Ching!!

• June 03, 2019

  Three CVEs assigned for finding critical security vulnerabilities in popular wireless devices (currently undisclosed for confidentiality) through our work on over-the-air fuzzing. CVE-2019-12586, CVE-2019-12587 and CVE-2019-12588 . We also win a bug bounty (USD 2200) for discovering the security vulnerabilities.
  
  Congratulations Matheus!!

• May 14, 2019

  We are looking for two PhD students to work on Safety and Security for Artificial Intelligence and Machine Learning. The student must hold a Singapore Citizenship or Permanent Residency. The position offers attractive scholarship and a collaboration with Industry Partner OneConnect Financial.
  For details about the scholarship and the offer, interested candidates can email Sudipta Chattopadhyay with your résumé with the subject "PhD AI/ML Security position".

• October 24, 2018

  CHALICE: Quantifying the Information Leakage in Cache Attacks via Symbolic Execution accepted to appear in ACM Transactions on Embedded Computing Systems (TECS). CHALICE formally quantifies the information leakage from execution for a wide variety of cache attacks, including the one used in Spectre like attacks.

• October 23, 2018

  ASSET research group members served in the organization of IEEE/IFIP VLSI-SoC 2018 (Michele, registration chair), XXXIII Conference on Design of Circuits and Integrated Systems (DCIS) 2018 (Michele, TPC), DATE 2019 (Michele, TPC), 7th IEEE Non-Volatile Memory Systems and Applications Symposium (NVMSA) 2018 (Chundong, TPC), CPSS 2018 (Sudipta, TPC), RTSS 2018 (Sudipta, TPC), RTAS 2019 (Sudipta, TPC), ASP-DAC 2019 (Sudipta, TPC), ISEC 2019 (Sudipta, TPC), DISSECT 2019 (Sudipta, TPC).

• October 09, 2018

  We're looking for highly motivated undergraduate researchers to work on AI/ML Testing and Verification. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé with the subject "Undergraduate AI/ML position".

• October 08, 2018

  We're looking for highly motivated undergraduate researchers to work on analyzing and defending against Timing-channel attacks such as Spectre. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé with the subject "Undergraduate Timing-channel position".

• October 08, 2018

  We're looking for highly motivated post-doctoral researchers to work on analyzing and defending against Timing-channel attacks such as Spectre. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé and a short research statement with the subject "Postdoc Timing-channel position".

• July 10, 2018

  We have proposed oo7 - a low-overhead (below 2%) defense against Spectre attacks based on binary analysis. Our proposed approach is now available in arxiv.1807.05843. To try oo7, send a request here.