From fault injection to RCE: Analyzing a Bluetooth tracker
The Chipolo ONE is a Bluetooth tracker built around the Dialog (now Renesas)
DA14580 chip. This talk will present the research made on this device, from
extracting the firmware from the locked down chip using fault injection up to
getting remote code execution over Bluetooth.
The talk will also present the disclosure process and how the vendor reacted to
an unpatchable vulnerability on their product.