Do you offer security consulting?

Yes — we provide mobile and IoT application assessments, surface mapping, and vulnerability analysis for organizations.

Actuator Security - Android & IoT Research

Edward "Actuator" Warren | DEF CON 33

Mobile Threat Research

Actuator Security is a cybersecurity research lab dedicated to strengthening resilience across Mobile and IoT technologies that people rely on every day.

All findings are responsibly disclosed to affected vendors-following a 90-day coordinated disclosure process in alignment with Google's Project Zero’s reporting guidelines.

Mobile Application Security

Internet of Things (IoT)

Reverse Engineering

View CVE Feed > Contact

Selected Public Disclosures

CVE-2025-43988

IOT KuWFi 5G01-X55 5G Hotspot - Pre-Auth RCE & Arbitrary SMS via AT CMD Injection

CVE-2024-53944

IOT Tuoshi LT15D/LT21B LTE Hotspot - Pre-Auth RCE

CVE-2024-53932

ANDROID GeniusTools Labs: Call Screen Theme - Unauthorized Phone Calls

Focus

Public Work

We research systemic weaknesses in mobile and IoT platforms.

Our work has led to the identification of critical (CVSS) vulnerabilities associated with more than 100 CVE's impacting over 2 billion users, with recognition from bug bounty programs including Google , TCL & OPPO.

We have presented this research at cybersecurity conferences including DEF CON, ShmooCon, and Security BSides Las Vegas .

Blog

Recent Blog Posts

Talks

Recent Conference Presentations

Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G and LTE/4G Routers

DEF CON 33 - 08/2025 - Las Vegas, NV

>

Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers Edward "Actuator" Warren This research examines security oversights in modern 4G/5G routers used in small businesses, industrial IoT, and mobile deployments. Several routers contain weaknesses such as weak default credentials, inadequate authentication checks, and command injection pathways. Reverse-engineering and endpoint analysis enabled practical demonstrations of RCE, arbitrary SMS sending, and related exploitation on Tuoshi and KuWFi devices. Through examples including Burp Suite traffic and Ghidra disassembly, the talk highlights how these flaws can give attackers root access, enable fraudulent activity, or compromise entire networks. Recommended mitigations include hardened authentication, regular firmware updates, and proper segmentation. Link: https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60370 https://github.com/actuator/DEFCON-33

The Permission Slip Attack: Leveraging a Confused Deputy in Android with ‘pSlip’

ShmooCon - 01/2025 - Washington, D.C.

CVE Feed

Selected Public Disclosures

CVE Target Category Impact Install Surface (Android) CVSS Year

Need an Android or IoT surface reviewed?

If you're interested in a FREE consultation on your connected device or app’s security posture and its business implications, don’t hesitate to reach out!
Email Us

© 2025 Actuator Security