HW/FW security researcher @ fruit company
Joined May 2009
- Tweets 1,996
- Following 419
- Followers 1,299
- Likes 3,633
95 Photos and videos
25 Jun 2025
Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details…
7
52
171
29,233
Jeremy Boone retweeted
9 Mar 2025
Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework.
github.com/seemoo-lab/intern…
🔷 A backdoor in the ESP32 chip would allow it to infect millions of devices. Miguel Tarascó and @antonvblanco have revealed this at the @rootedcon this backdoor and presented a tool to perform Bluetooth security audits on any gadget.
tarlogic.com/news/backdoor-e…
4
89
326
40,479
Jeremy Boone retweeted
20 Jun 2024
any interest in working on security in compilers? my team is looking for someone with a peculiar intersection of skills/interests:
jobs.apple.com/en-us/details…
3
14
93
37,240
Jeremy Boone retweeted
10 Jun 2024
🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale. security.apple.com/blog/priv…
14
143
405
96,345
Jeremy Boone retweeted
5 Jun 2024
Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that! jobs.apple.com/en-us/details…
3
24
50
16,653
Jeremy Boone retweeted
21 Feb 2024
🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world. security.apple.com/blog/imes…
7
123
357
60,783
16 Jan 2024
that disclosure timeline though...
16 Jan 2024
Is remote code execution in UEFI firmware possible?
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
Full details by @fdfalcon and @4Dgifts in our new blog post:
blog.quarkslab.com/pixiefail…
ALT Pixies are said to reward consideration and punish neglect of server maintenance on the part of larger humans, they bring blessings to those who are fond of timely patching.
8
1,066
Jeremy Boone retweeted
16 Jan 2024
Is remote code execution in UEFI firmware possible?
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
Full details by @fdfalcon and @4Dgifts in our new blog post:
blog.quarkslab.com/pixiefail…
ALT Pixies are said to reward consideration and punish neglect of server maintenance on the part of larger humans, they bring blessings to those who are fond of timely patching.
4
204
341
78,699
Jeremy Boone retweeted
13 Dec 2023
New Blog: Technical Advisory – Multiple Vulnerabilities in Nagios XI research.nccgroup.com/2023/1…
1
4
8
1,593
Jeremy Boone retweeted
New Blog: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call research.nccgroup.com/2023/1…
2
4
698
Jeremy Boone retweeted
New Blog: Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 research.nccgroup.com/2023/1…
1
2
740
Jeremy Boone retweeted
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
The Era 100 is Sonos’s flagship device, released on March 28th 2023. NCC found weaknesses within the bootloader which can lead to full compromise of the device.
research.nccgroup.com/2023/1…
research.nccgroup.com/2023/1…
15
13
40
6,784
Jeremy Boone retweeted
24 Oct 2023
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3SaMNWM
1
1
249
20 Oct 2023
Caliptra is an open source silicon root-of-trust built using Rust on RISCV. Check out our public report: research.nccgroup.com/2023/1…
1
3
418
Jeremy Boone retweeted
19 Oct 2023
New Blog: Public Report – Caliptra Security Assessment research.nccgroup.com/2023/1…
2
1
615
Jeremy Boone retweeted
19 Oct 2023
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3QoVImr
1
1
208
Jeremy Boone retweeted
19 Oct 2023
1
3
329
18 Oct 2023
Pleased to share our public report for Caliptra. Caliptra is an open-source HW/FW that is designed for server-class ASICs, where it acts as a root of trust for measurement. The audit was performed under the umbrella of the @OpenComputePrj's SAFE program.
research.nccgroup.com/2023/1…
3
8
2,305
Jeremy Boone retweeted
17 Oct 2023
OCP Tackles Data Center Security, Launches New Community-Led Security Program Improving IT Device Security Posture! OCP Security Appraisal Framework Enablement (S.A.F.E.) improves the trustworthiness of devices across all data center IT infrastructure. bit.ly/46ypGde
2
3
757