@ryne It may be a bit trickier as I have seen most interfaces are locked down. I expect some eMMC/UFS desoldering (or otherwise, butchering of the device) may be involved to get it out for the first time before we can hook to the OTA server and pull it from there ;)
@ryne I also have one coming my way but it will take months to arrive, so until then I will keep an eye for more security researchers getting their hands on it 👀
Oh wow, now this is sketchy. The login onto Spotify is performed on a remote machine via... VNC? What the...?
If I place the cursor outside of the Spotify login page, I can see Xorg's default X logo. And the page stutters upon scrolling. Why do they do that instead of normal API tokens? Is this remote machine going to store my browser session for the LAM's scrapping purposes?
By the way I was super late to the party and this was known since a few days ago. Check rabbit's bird site account for the details per their CTO. Someone before me saw this very thing and started a defamation campaign against rabbit, stating LAM was all just a Microsoft Playwright automation script. But it has been proven wrong already as the VNC'd machines had some source code which demonstrated they were only capable of account management and logging credentials for future use, not automation
Add comment