Bike component maker Shimano issued a software update to the pro cycling teams who use its wireless gear shifters after researchers found that hackers can spoof or jam the shifters' signals to sabotage riders. Consumers get the patch later this month. wired.com/story/shimano-…

Our computer scientists UC San Diego not only found a vulnerability in bikes' #wireless gear shifters, they also figured out how to patch it. The work was presented USENIX WOOT Conference on Offensive Technologies this week. Excellent coverage by Andy Greenberg (@agreenberg at the other places) WIRED

📢 The WOOT 2024 presentations are now all available on YouTube: youtube.com/playlist?list=… Enjoy!

USENIX WOOT Conference on Offensive Technologies 2025 (WOOT '25) CFP is online! Deadlines: - Up-and-coming track: March 4th, 2025 - Academic track: March 11, 2025 usenix.org/conference/woo…

USENIX WOOT '25 submissions are due March 11. One month to go - still plenty of time to write a paper about your latest fun offensive security research! Or if you want more guidance to get a paper into shape, up-and-coming track deadline is March 4. CfP at usenix.org/conference/woo…

Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at usenix.org/conference/woo…

Reviewer 2 just rejected your latest offensive security paper? Or didn't submit it anywhere yet? There's still more than a day left to (re)submit to USENIX WOOT '25 and get reviews from a community who love clever hacks, weird bugs 👾 and fun exploits! woot25.usenix.hotcrp.com

Discounted early bird registration for WOOT '25 is open until Monday - usenix.org/conference/woo… - join us in Seattle on Aug 11/12 (right before USENIX Security) for talks and discussions on all kinds of cutting-edge offensive security research (program at usenix.org/conference/woo…).

The Bootkitty story continues on the USENIX WOOT Conference on Offensive Technologies stage!

Thanks to WOOT Conference 2025 sponsors: Meta, BINARLY🔬 Bloomberg, Google and craig newmark

First session, on hardware security: Two talks on attacking the Raspberry Pi RP2350 by nSinus-R (@[email protected]) and Andrew Zonenberg @[email protected] One talk on exploiting software using hardware fault injections by Zhenyuan Liu

WOOT 2025 schedule, all papers are now online open access: usenix.org/conference/woo… Talks are recorded, and should be online in a few weeks.

WOOT 2025 1st session of the afternoon, "Hacking at a Distance" with: - Tommaso Sacchetti on large scale Bluetooth Security Testing - Chengsong Diao: Vulnerabilities in Master Lock Smart Locks - Seyyed Ali Ayati Ali Acoustic Side-Channel on keyboards

WOOT 2025 last session today Network Security : - Mehrdad Hajizadeh: DeepRed: AI-driven red teaming vs ML-NIDS - Shujie Zhao: Stealth BGP hijacks under uRPF - Anqi Chen: FUZZVPN: Hunting OpenVPN vulns

WOOT 2025 Day 2 starts with another Physical Attacks session (Chair: A. Zonenberg) - Valentin Huber: Deep dive into FRAM fault injection effects - Boyapally Harishma: Side-channel reality check on ARM Cortex-A72 - Wooyeon Jo: PLC memory exploitation in industrial systems

WOOT 2025 late morning session: Application Security (Chair: Yves Younan) - Gabriel Karl Gegenhuber: Prekey Pogo—WhatsApp handshake weaknesses - Manuel Karl: Formula injection in real-world spreadsheets - Jannik Hartung: PHP foot-gun case study (Best paper award !)

Last papers session "Exploit All the Things" (Chair: Cristine Hoepers) - Soufian El Yadmani: SecurePoC—detecting malicious GitHub exploits - Andrea Mambretti: SoK on kernel vuln discovery & auto exploit generation - Junho Lee: BOOTKITTY—stealth bootkit-rootkit for modern OSes

WOOT 2025 closing Keynote "Escaping Cantor's Find-Fix Cycle" by Falcon Darkstar from Dartmouth 🌲 and Aiven