Do you offer security consulting?

Yes — we provide mobile and IoT application assessments, surface mapping, and vulnerability analysis for organizations.

Edward "Actuator" Warren | DEF CON 33

Independent Mobile & IoT Vulnerability Research

Actuator Security is an cybersecurity research lab dedicated to strengthening resilience across Mobile and IoT technologies that people rely on every day.

All findings are responsibly disclosed to affected vendors-following a 90-day coordinated disclosure process in alignment with Google's Project Zero’s reporting guidelines.

Mobile Application Security

Internet of Things (IoT)

Reverse Engineering

View CVE Feed > Contact

Focus

Public Speaking and Research

Edward Warren is a Sr. Cybersecurity Analyst in the Fortune 500 sector and Principal Security Researcher at Actuator Security, specializing in IoT and mobile application security.

Over the past few years Edward has discovered numerous critical (CVSS) 0-day vulnerabilities. He has also been awarded Hall of Fame acknowledgements from bug bounty programs such as the Google Play Security Reward Program (GPSRP), TCL & OPPO in addition to crediting attribution to 100+ CVE publications.

'Actuator' has presented his work at major information security conferences such as DEF CON , ShmooCon and Security BSides Las Vegas . When not tracking down digital bugs, Edward can be found hiking rugged trails or exploring the seas with a newfound passion for scuba diving.

Blog

Recent Blog Posts

Talks

Recent Conference Presentations

Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G and LTE/4G Routers

DEF CON 33 - 08/2025 - Las Vegas, NV

>

Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers Edward "Actuator" Warren This research examines security oversights in modern 4G/5G routers used in small businesses, industrial IoT, and mobile deployments. Several routers contain weaknesses such as weak default credentials, inadequate authentication checks, and command injection pathways. Reverse-engineering and endpoint analysis enabled practical demonstrations of RCE, arbitrary SMS sending, and related exploitation on Tuoshi and KuWFi devices. Through examples including Burp Suite traffic and Ghidra disassembly, the talk highlights how these flaws can give attackers root access, enable fraudulent activity, or compromise entire networks. Recommended mitigations include hardened authentication, regular firmware updates, and proper segmentation. Link: https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60370 https://github.com/actuator/DEFCON-33

The Permission Slip Attack: Leveraging a Confused Deputy in Android with ‘pSlip’

ShmooCon - 01/2025 - Washington, D.C.

CVE Feed

Selected Public Disclosures

CVE Target Category Impact Install Surface (Android) CVSS Year

Need an Android or IoT surface reviewed?

If you're interested in a FREE consultation on your connected device or app’s security posture and its business implications, don’t hesitate to reach out!
Email Us

© 2025 Actuator Security