The exploit struck me as exceptionally nasty given screen mirroring[1] is one of Supernote's attractive features.
Am I correct in understanding that the public debug key firmware signing faux pas was plugged in Chauvet 3.21.31 [2], while the unsolicited/unauthenticated P2P file transfer hole was plugged in the most recent Chauvet 3.23.32 [3]?
The changelog doesn't list any updates released circa December 2024 despite disclosure timeline noting that Supernote "...plan[ned] to address the issues in the December update."
[Supernote Linking] Enhanced the security of transferring files through the Supernote Linking feature.
VladVladikoff 5 hours ago [-]
Nice work! The race condition was clever.
goreil 3 hours ago [-]
Great Research!
self_awareness 1 hours ago [-]
> Note that after a hotplug event, the user DOES get a prompt about an update. However, it is an opt-OUT prompt, meaning the update will install in 30 seconds unless "abort" is clicked.
I agree that calling it "0-click" is not a lie, but I also think it's a little bit dishonest.
metaphor 1 hours ago [-]
High probability the target interprets prompt as routine automatic update notification and does nothing.
It's not clear what would actually happen, but it also seems plausible that the hotplug event gets triggered by merely (un)plugging a USB-C charger while folio is closed.
Rendered at 08:09:27 GMT+0000 (Coordinated Universal Time) with Vercel.
Am I correct in understanding that the public debug key firmware signing faux pas was plugged in Chauvet 3.21.31 [2], while the unsolicited/unauthenticated P2P file transfer hole was plugged in the most recent Chauvet 3.23.32 [3]?
The changelog doesn't list any updates released circa December 2024 despite disclosure timeline noting that Supernote "...plan[ned] to address the issues in the December update."
[1] https://support.supernote.com/en_US/Tools-Features/1791924-s...
[2] https://support.supernote.com/en_US/change-log/changelog-for...
[3] https://support.supernote.com/en_US/change-log/changelog-for...I agree that calling it "0-click" is not a lie, but I also think it's a little bit dishonest.
It's not clear what would actually happen, but it also seems plausible that the hotplug event gets triggered by merely (un)plugging a USB-C charger while folio is closed.