upvote

points

by throwaway8920115 hours ago |
comments
upvoteby BiraIgnacio13 hours ago|
next
[-]
The hacking aspect has been hit and miss for me. Just today I was trying to verify a fix for a CVE and even giving the agent the CVE description + details on how to exploit it and the code that fixed it, it couldn't write the exploit code correctly.

Not to say it's not super useful, as we can see in the article

reply
upvoteby mikae19 hours ago|
parent|
[-]
CVEs and all, but I just can't wait for firmwares for cheaper modern cameras from Sony, Nikon and Panasonic getting hacked and modified too add features from more expensive models.

They're all firmware restricted to justify buying more expensive models, in one way or another way.

DNG support would be pretty awesome too.

reply
upvoteby rl35 hours ago|
prev|
next
[-]
>... but as there's no complete feedback loop, it still would require a lot of human effort.

Not for long. Picture this: a robot receives instructions on what to physically solder in order to complete the desired modification task.

However, before it can send an image back to the vision-aware LLM guiding it, the PCB lights on fire along with the robot because said LLM confidently gave the wrong instructions.

Then, the robotic fire brigade shows up and mostly walks into walls unable to navigate anywhere useful.

The future is bright.

reply
upvoteby CursedSilicon6 hours ago|
prev|
next
[-]
Minor correction. At 27c3's "Console Hacking 2010" talk. Geohot's Hypervisor work is mentioned at 4:25 or so. Described as "really unreliable" and "eh whatever" due to requiring hardware modification and only granting rudimentary hypervisor access.

These were the same people that then went on to explain how they reverse-engineered the encryption keys of the PS3 to enable "fakesigned" code to be installed

reply
upvoteby mswphd14 hours ago|
prev|
next
[-]
didn't PS3 have a hardcoded nonce for their ECDSA impl that allowed full key recovery? I would agree that I doubt LLMs let people mount side-channel attacks easily on consumer electronics though.
reply
upvoteby throwaway8920114 hours ago|
parent|
[-]
Yes indeed, that chain of exploits was all software and not hardware. Developed after the Hotz exploit and Sony subsequently shuttering OtherOS.

It didn't directly give access to anything however. IIRC they heavily relied on other complex exploits they developed themselves, as well as relying on earlier exploits they could access by rolling back the firmware by indeed abusing the ECDSA implementation. At least, that turned out to be the path of least resistance. Without earlier exploits, there would be less known about the system to work with.

Their presentation [1] [2] is still a very interesting watch.

[1] https://www.youtube.com/watch?v=5E0DkoQjCmI

[2] https://fahrplan.events.ccc.de/congress/2010/Fahrplan/attach...

reply
upvoteby dpark14 hours ago|
prev|
next
[-]
> fully secured against attackers, of which the mere existence of a hypervisor layer is proof of

https://en.wikipedia.org/wiki/Virtual_machine_escape

reply
upvoteby JCattheATM14 hours ago|
parent|
[-]
The last one was 8 years ago. It's not a terribly common vuln anymore - not that it ever was.
reply
upvoteby KomoD12 hours ago|
parent|
[-]
> The last one was 8 years ago

Not true. There's way more than that list. I could immediately think of 2 more from last year: CVE-2025-22224 and CVE-2025-22225

reply
upvoteby hrimfaxi13 hours ago|
prev|
[-]
> Perhaps an LLM can assist with mounting such an attack, but as there's no complete feedback loop, it still would require a lot of human effort.

LLMs have had no problem modifying software on an attached android phone. It's only a matter of time.

reply