We dug deeper into the vulnerability and patch for CVE-2020-9054, a pre-auth command injection in ZyXEL NAS devices. We found that the patched vulnerability was still exploit-able due to incomplete patching.
UPDATE December 17, 2019: Attacks still possible Six weeks after first publicly discussing the Smart Spies attacks, we performed some retests to see whether Google and Amazon implemented sufficient checks to mitigate the attacks.
In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people.