Dr.-Ing. (equiv Ph.D.) (Technische Universität Berlin, Germany)
M.Sc. CS (University of California Santa Barbara, USA)
B.Sc. CS (FH-Darmstadt, University of Applied Sciences, Germany)
I'm a engineer and security researcher. My research interest is mostly systems security, for details see here.
I used to be active in the trifinite.group a loose group of Bluetooth security researchers. I played a couple of years non-continuous on the UCSB CTF team shellphish (first in 2006, last time likely '13 or '14).
My personal weblog www.mulliner.org/blog, Google Scholar profile, and my projects on GitHub.
Upcoming events
-
none
Contact
-
EMail: collin
mulliner.orgPGP Key: collin
mulliner.org (my pgp key: local or from
MIT's pgp key server).Index
-
Projects
Publications
Talks and Presentations
In the Media
Professional Activities
Advisories
Trivia
Research Interests
-
Software and systems security
Embedded systems and consumer electronics security
Operating systems security
Offensive security (otherwise you can't do proper defense!)
Automated vulnerability analysis
Network security
Mobile and smartphone security
General product security for software/hardware products that end-up in the customer's hands
Projects
-
-- OS and Software Security
The BINtegrity Project: Practical and Efficient Exploit Mitigation for Embedded Devices
-
bintegrity
-
GEM Miner project
-
CodeFreeze
SMS (Short Message Service) Security Research
-
The official SecT SMS Client Security page.
My private SMS Security Research page.
-
various Bluetooth projects including
tools such as bt_audit (psm_scan + rfcomm_scan) and hid_attack
-
Specific interested in the security of NFC mobile phones. My NFC security projects
Android Security
-
Various Android Security related projects, attack and defense.
-
My iPhone Security Research page
-
See my talk on Symbian OS exploitation. My Symbian OS Security Research page
-
Windows Mobile and MMS security
Smartphone and Mobile Phone Honeypots
-
SecT Smartphone Honeypot project.
-
Probing Mobile Operator Networks
-
Type Allocation Code (TAC) database
GPRS HTTP Header Privacy
-
GPRS HTTP Header Privacy project page.
-
TTDNSD Proxy for full DNS over TOR, now maintained by the tor project
Previous Research Labs
-
SecLab Northeastern University, Boston
Security in Telecommunications (SecT) TU Berlin and Telekom Innovation Laboratories
Secure Mobile Systems Fraunhofer SIT
SecLab UC Santa Barbara
COSEDA project Fraunhofer IGD, group A8
Publications
-
Peer Reviewed Papers
Journal and Magazine Articles
Books / Chapters
Patents
Tech Reports
Posters
Edited Volumes
Peer Reviewed Papers
Conference WorkshopConference
- USBlock: Blocking USB-based Keypress Injection Attacks In the Proceedings of the 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy Bergamo, Italy July 2018 PDF, BibTeX entry
- Trellis: Privilege Separation for Multi-User Applications Made Easy In the Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) Evry, France September 2016 PDF, BibTeX entry, Source(acceptance rate 22/84=26%)
- Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices In the Proceedings of the 9th International Conference on Trust & Trustworthy Computing (TRUST) Vienna, Austria August 2016 PDF, BibTeX entry, Slides, Project Page(acceptance rate x/y=z%)
- UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware In the Proceedings of the 25th USENIX Security Symposium Austin, TX August 2016 PDF, BibTeX entry(acceptance rate 72/463=15.5%)
- CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes In the Proceedings of the 20th Financial Cryptography and Data Security (FC) Barbados February 2016 PDF, BibTeX entry, Slides(acceptance rate 36/139/=25.9%)
- BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications In the Proceedings of the 19th Financial Cryptography and Data Security (FC) Isla Verde, Puerto Rico January 2015 PDF, BibTeX entry, Slides(acceptance rate 33/102=33%)
- VirtualSwindle: An Automated Attack Against In-App Billing on Android In the Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS) Kyoto, Japan June 2014 PDF, BibTeX entry, Slides, Demo Video(acceptance rate 52/260=20%)
- Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces In the Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland) San Jose, CA, USA May 2014 PDF, BibTeX entry, Slides(acceptance rate 44/324=13.6%)
- PatchDroid: Scalable Third-Party Security Patches for Android Devices In the Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC) New Orleans, Louisiana, USA December 2013 PDF, BibTeX entry, Slides, Project Page, Demo Video, Overview Video(acceptance rate 34/171=19.8%)
- SMS-based One-Time Passwords: Attacks and Defense (short paper) In the Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability
Assessment (DIMVA 2013) Berlin, Germany July 2013 PDF, BibTeX entry, Slides, Demo Video(acceptance rate 12/38=31.5%)
- PrivExec: Private Execution as an Operating System Service In the Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland) San Francisco, CA, USA May 2013 PDF, BibTeX entry, Project Page, Demo Video(acceptance rate 38/315=12%)
- Taming Mr Hayes: Mitigating Signaling Based Attacks on Smartphones
In the Proceedings of the IEEE/IFIP 41st International Conference on Dependable Systems Networks (DSN)
Boston, MA, USA 25-28 June 2012 PDF, BibTeX entry, Slides (DSN/DCCS acceptance rate 27/156 = 17.3%)
*William C. Carter Award* - SMS of Death: from analyzing to attacking mobile phones on a large scale In the Proceedings of the 20th USENIX Security Symposium San Francisco, CA, USA 10-12 August 2011 PDF, BibTeX entry, Slides, Demo Video (acceptance rate 35/204=17.2%)
- Rise of the iBots: 0wning a telco network In the Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (Malware) Nancy, France 19-20 October, 2010 PDF, BibTeX entry, Slides
- Privacy Leaks in Mobile Phone Internet Access In the Proceedings of the 14th International Conference on Intelligence in Next Generation Networks (ICIN) Berlin, Germany 11-14 October, 2010 PDF, BibTeX entry, Slides *Best Paper*
- Vulnerability Analysis of MMS User Agents Proceedings of the Annual Computer Security Applications Conference (ACSAC) Miami, Florida December 2006 PDF, BibTeX entry (acceptance rate 32/135=27%)
- Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) Berlin, Germany July 2006 PDF, BibTeX entry, Slides (27% acceptance rate)
Workshop
- Nomadic Honeypots: A Novel Concept for Smartphone Honeypots
In the Proceedings of the Workshop on Mobile Security Technologies (MoST) San Francisco, CA May 2013 PDF, BibTeX entry, Slides(acceptance rate 11/22=50%)
- Read It Twice! A mass-storage-based TOCTTOU attack In the Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT) Bellevue, WA, USA August 2012 PDF, BibTeX entry, Slides(acceptance rate 12/30=40%)
*Best Paper* - Injecting SMS Messages into Smart Phones for Security Analysis In the Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT) Montreal, Canada August 2009 PDF, BibTeX entry, Slides(acceptance rate 9/24=37.5%)
- Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones In the Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES 2009 Fukuoka, Japan March 2009 PDF, BibTeX entry, Slides
Journal and Magazine Articles
- On the misuse of graphical user interface elements to implement security controls it - Information Technology. ISSN (Online) 2196-7032, ISSN (Print) 1611-2776 - March 2017 Article
- Persoenliche Datenspuren bei der mobilen Internetnutzung Datenschutz und Datensicherheit (DuD) Issue 3/2012, pages 180-184 Germany March 2012 Article
- Risiko Smartphone Magazin fuer Computertechnik | c't (Issue 20) Germany September 2010 1, 2
Books / Chapters
- Android Hacker's Handbook
Wiley
USA April, 2014
ISBN: 111860864XAmazon, Official Chinense translation - Mobile Phone Security. The Impact of the Modem.
SVH Verlag
Germany 2012
ISBN: 978-3-8381-3289-1 Amazon - Contribution to Chapter 7. Mobile Malware Attacks and Defense USA November 2008 Amazon
- Chapter 7. Iomega ZIP-Drive Howto Linux HOWTOs: Die besten Loesungen der Linuxgemeinde. (Marco Budde Hrsg.) Germany 1999 Amazon
Patents
- DNS-based device geolocation US 10496993
- Device fingerprinting at a merchant location US 9805370
- Method and Device for Monitoring a Mobile Radio Interface on Mobile Terminals US 20140323095 A1 and European patent
Tech Reports
- Smartphone Secure Development Guidelines European Union Agency for Network and Information Security (ENISA) Greece December 2016 PDF
- SMS-based One-Time Passwords: Attacks and Defense (extended version of paper with same title published at DIMVA 2013) Technical Report: 2014-02 ISSN: 1436-9915 Berlin, Germany July 2013 (released September 2014) PDF
- Fake Emulation Environment to Prevent Malware from Executing Volume 1 of Tiny Transactions on Computer Science Berkeley, CA, USA August 2012 PDF
- Countering SMS Attacks: Filter Recommendations Technical Report: 2011-09 ISSN: 1436-9915 Berlin, Germany April 2011 PDF
- Smartphone Honeypots In Proceedings of the Sixth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING) Technical Report SR-2011-01, GI FG SIDAR Bochum, Germany 21-22 March 2011 PDF, Slides
- Smartphone Botnets In Proceedings of the Fifth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING) Technical Report SR-2010-01, GI FG SIDAR Bonn, Germany 7th July 2010 PDF, Slides
- Blueprinting - Remote Device Identification based on Bluetooth Fingerprinting Techniques 21st Chaos Communication Congress (21c3) Berlin, Germany December 2004 PDF
Posters
- Poster: Towards Detecting DMA Malware 18th ACM Conference on Computer and Communications Security (CCS) Chicago, IL, USA October 17-21 2011Poster abstract PDF (acceptance rate 41/62=66.1%)
- Poster: HoneyDroid - Creating a Smart Phone Honeypot 32nd IEEE Security and Privacy Oakland, CA, USA May 22-25 2011Poster abstract PDF (acceptance rate 18/34=53%)
Edited Volumes
-
Proceedings of the Seventh GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING)
Technical Report SR-2012-01, ISSN 2190-846X Berlin, Germany July 5-6 2012PDF
Conference Talks and Presentations
- Analyzing Firmware with FwAnalyzer Microsoft virtual/remote April 2020project page
- Come Join the CAFSA - Continuous Automated Firmware Security Analysis Black Hat USA Las Vegas, NV August 2019PDF, project page
- Automating Firmware Security with FwAnalyzer Qualcomm Product Security Summit San Diego, CA May 2019PDF, project page
- Detecting Reverse Engineering with Canaries CanSecWest Vancouver, Canada March 2018PDF, project page
- Detecting Reverse Engineering with Canaries Duo Tech Talks Ann Arbor, MI, USA Jan 2018PDF, project page (invited)
- Inside Android's SafetyNet Attestation: Attack and Defense 34c3 Leipzig, Germany Dec 2017PDF, project page
- Inside Android's SafetyNet Attestation Black Hat Europe 2017 London, UK December 2017 PDF, project page
- Inside Android's SafetyNet Attestation GSMA Fraud and Security Architecture Group (FSAG#53) London, UK December 2017 (invited)
- Detecting Reverse Engineering with Canaries SinkholeCon 2 @ Security Scorecard NYC, NY Dec 2017PDF, project page (invited)
- Detecting Reverse Engineering with Canaries COUNTERMEASURE Ottawa, Canada Nov 2017PDF, project page
- Inside Android's SafetyNet Attestation: Attack and Defense ekoparty Buenos Aires, Argentina Sep 2017PDF, project page
- Inside Android's SafetyNet Attestation: What it can and can't do lessons learned from a large scale deployment 44con London, UK Sep 2017PDF, project page
- title GSMA Device Security Group (DSG#52) San Ramon, CA July 2017 (invited)
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces KiwiCon X Wellington, New Zealand Nov 17 2016PDF, project page
- Let's get rid of the code bloat (for security) Ignite Security @ O'Reilly Security New York City, NY October 2016
- IoT Devices and Cellular Networks Dartmouth College Hanover, NH April 2016 (invited)
- Breaking Payloads with Runtime Code Stripping and Image Freezing Black Hat USA Las Vegas, NV, USA August 6 2015PDF, project page
- You ain't executing this! Exploring Windows Security with Runtime Code Stripping and Process Freezing SummerCon NYC, NY, USA July 17 2015PDF, project page (invited)
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces Lockdown 2015 @ UW Madison Madison, WI, USA July 14 2015PDF, project page (invited)
- Practical and Efficient Exploit Mitigation for RISC-based Embedded Devices Qualcomm Mobile Security Summit San Diego, Ca, USA April 2015 PDF, project page
- The Security of Things (panel discussion) Connected Things 2015 - MIT Enterprise Forum Cambridge, MA Feb 26th 2015 (invited)
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces HackPra @ Ruhr-Universitaet Bochum Bochum, Germany November 5 2014PDF, project page (invited)
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces Boston Application Security Conference (BASC) Boston, MA, USA October 18 2014PDF, project page
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces Black Hat USA 2014 Las Vegas, NV, USA August 6 2014PDF, project page
- Securing Hardware and Industrial Devices (panel discussion) Security of Things Forum Cambridge, MA May 7th 2014 (invited)
- Probing Mobile Operator Networks Duo Security Tech Talks Ann Arbor, MI May, 2014PDF, project page (invited)
- PatchDroid: Scalable Third-Party Security Patches for Android Devices Qualcomm Mobile Security Summit San Diego, Ca, USA April 2014 PDF
- PatchDroid: Third Party Security Patches for Android TelSecDay @ Troopers 2014 Heidelberg, Germany March 17th, 2014PDF(invited)
- The Real Deal of Android Device Security: the Third Party CanSecWest 2014 Vancouver, Canada March 12th, 2014PDF
- Modifying Android Apps at Runtime: results, lessons learned,... Kaspersky Security Analyst Summit (SAS) Punta Cana, Dominican Republic February 11th, 2014PDF (invited)
- Android DDI: Dynamic Dalvik Instrumentation 30th Chaos Communcation Congress (30C3) Hamburg, Germany December 29th, 2013PDF
- Android DDI: Dynamic Dalvik Instrumentation of Android Applications and Framework Hack in the Box 2013 Kuala Lumpur, Malaysia October 16th, 2013PDF
- Introduction to Dynamic Dalvik Instrumentation SummerCon 2013 New York City, U.S.A. June 7th, 2013PDF
- Messing With The Android Runtime (Short Talk) SyScan 2013 Singapore April 26th, 2013PDF
- Mobile Security Battle Royale (panel discussion) RSA Conference San Francisco, Ca, USA Feb. 28. 2013
- Probing Mobile Operator Networks CSAW:THREADS @ NY-Poly NYC, USA November 15th, 2012PDF, project page (invited)
- Dynamic Binary Instrumentation on Android RuxCon 2012 Melbourne, Australia October 20-21, 2012PDF (invited)
- Dynamic Binary Instrumentation on Android BreakPoint 2012 Melbourne, Australia October 17-18, 2012PDF (invited)
- Probing Mobile Operator Networks Black Hat USA Las Vegas, NV, USA July 25-26, 2012PDF, project page
- Binary Instrumentation on Android SummerCon 2012 New York City, U.S.A. June 8th, 2012PDF
- Probing Mobile Operator Networks CanSecWest 2012 Vancouver, Canada March 7-9, 2012PDF, project page
- NFC Phone and Service Security Digital Footprint in a Mobile Environment Workshop - at the Joint Research Center of the European Commission Ispra, Italy November 28-19. 2011
(invited) - Hacking your NFC phone and service: the good news and the bad news The 7th Workshop on RFID security and privacy (RFIDsec11) Amherst, MA, USA June 27-28th 2011
(invited) - Smartphone Malware/Trojans LKA NRW Duesseldorf, Germany June 20. 2011
(invited) - Hacking NFC and NDEF NinjaCon / BSides Vienna 2011 Vienna, Austria June 18th 2011PDF, project page
- Random tales of a mobile phone hacker HackPra @ Ruhr-Universitaet Bochum Bochum, Germany June 1. 2011
(invited) - SMS-o-Death: from analyzing to attacking mobile phones on a large scale CanSecWest 2011 Vancouver, Canada March 9-11 2011PDF, project page
- Attacking SMS SISCTI 36 Monterrey, Mexico March 3-5 2011
(invited) - SMS-o-Death: from analyzing to attacking mobile phones on a large scale 27th Chaos Communication Congress (27c3) Berlin, Germany December 27-30 2010
- Angriff aufs Smartphone Cisco-Expo Berlin, Germany December 1-2 2010
(invited) - Privacy Leaks with Mobile Phone Internet Access EPFL Lausanne, Switzerland November 3rd, 2010
(invited) - Consumer Electronics Security Lab CAST Workshop - Embedded Security Darmstadt, Germany August 26th 2010
(invited) - Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Columbia University New York City, New York, USA August 9th, 2010 project page(invited)
- Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Stanford University Palo Alto, CA, USA August 5th, 2010 project page(invited)
- Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones Samsung R&D San Jose, CA, USA August 4th, 2010 project page(invited)
- Random tales from a mobile phone hacker CanSecWest 2010 Vancouver, Canada March 24-26th, 2010 PDF
- Fuzzing the Phone in your Phone 26th Chaos Communication Congress (26c3) Berlin, Germany December 28th 2009 PDF, project page
- Mobile Botnets T-Labs Workshop Berlin, Germany December 14th 2009
- Fuzzing the Phone in your Phone Recurity Labs Security Symposium (RSS) Berlin, Germany October 27th 2009 project page (invited)
- Sicherheit von mobile Devices: Risiken von iPhone, Android & Co TelekomForum Mobilfunktrends 2010 Bonn, Germany September 2009
(invited) - Smart Phone Security from the Attacker's Perspective 5th Annual Mobile Device Management and Security Forum Berlin, Germany September 2009
(invited) - Fuzzing the Phone in your Phone SEC-T Stockholm, Sweden September 2009 project page (invited)
- Fuzzing the Phone in your Phone Black Hat USA 2009 Las Vegas, Nevada, USA July 2009 PDF, project page
- Injecting SMS Messages into Smart Phones for Security Analysis T-Labs Scientific Workshop Berlin, Germany July 2009 project page
- Data leaks through mobile phone web access PH-Neutral 0x7d9 Berlin, Germany May 2009 project page
- Exploiting Symbian Nokia Research Center Helsinki, Finland April 2009 project page(invited)
- Exploiting Symbian 25th Chaos Communication Congress (25c3) Berlin, Germany December 2008 PDF, project page
- Attacking NFC Mobile Phones 25th Chaos Communication Congress (25c3) Berlin, Germany December 2008 PDF, project page
- Exploiting Symbian Black Hat Japan Tokyo, Japan October 9th 2008 PDF, project page
- Data Leaks Through Mobile Phone Web Access PET-Convention 2008.2 Darmstadt, Germany September 30th 2008 project page
- Mobile Sicherheit Intensivseminar Hacking - Angriffe und Abwehrstrategien (Fraunhofer SIT) Darmstadt, Germany September 18th 2008
- The Home InfoPanel MetaRheinMain ChaosDays 111b Darmstadt, Germany September 5-7 2008PDF(not security research related)
- NFC-basierte Handy-Bezahlsysteme CAST Workshop - SmartCards und Bezahlsysteme Darmstadt, Germany July 24th 2008
(invited) - Attacking NFC Mobile Phones EuSecWest London, UK May 2008 PDF, project page
- More Fun with Blue Radio Waves MetaRheinMain ChaosDays 110b Darmstadt, Germany September 14-16 2007PDF
- Advanced Attacks Against PocketPC Phones SyScan Singapore, Singapore July 2007 PDF, project page(invited)
- Advanced Attacks Against PocketPC Phones 23rd Chaos Communication Congress (23c3) Berlin, Germany December 2006 PDF, project page
- Advanced Attacks Against PocketPC Phones DEFCON 14 Las Vegas N.V., U.S.A. August 2006 PDF, project page
- Exploiting PocketPC Graduate Colloquium Department of Computer Science, California State University Channel Islands, USA March 2006 project page(invited)
- Exploiting PocketPC WhatTheHack! The Netherlands July 2005 PDF, project page
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004 and earlier
... one or more public talks (likely on Bluetooth security but no exact memory of it)Thesis
Ph.D. Thesis
- On the Impact of the Cellular Modem on the Security of Mobile Phones Ph.D. Thesis Technische Universität Berlin, Germany December 2011 PDF Advisor: Jean-Pierre Seifert
Master Thesis
- Security of Smart Phones Master's Thesis University of California Santa Barbara, U.S.A. June 2006 PDF Advisor: Giovanni Vigna
Bachelor Thesis
- IPSec Protokoll Implementierung Bachelor Thesis FH-Darmstadt, Germany April 2003 PDF Project at: Fraunhofer IGD
Advisor: Woldemar Fuhrmann
In the Media (selection)
-
2019
Self-driving car service open sources new tool for securing firmware Aug 7 (arstechnica)
2018
Risky Business #484 mentioned my RE-Canary Project (this was a personal project!)
2017
34C3: Schwachstellen in Googles "Sicherheitsnetz" fuer Android Dec 29. 2017 (heise - in german)
A surge of sites and apps are exhausting your CPU to mine cryptocurrency Oct 2017 (ars technica)
The iOS 11 Control Center Misleads Users on Whether Their Bluetooth and Wi-Fi Are on Sep 2017 (gizmodo)
Hackers Could Silently Hack Your Cellphone And Computers Over Bluetooth provided some insights Sep 2017 (vice)
2016
iPhone Bug Can Force Phones to Repeatedly Call 911 10.11.2016 (gizmodo)
Hackers Can Force Your iPhone To Make Calls And Empty Your Wallet 09.11.2016 (Forbes)
App-Schwachstelle: Angreifer koennen iPhone-Anrufe ausloesen 08.11.2016 (heise)
How to wipe your phone (or tablet) for resale 09.21.2016 (The Parallax)
Better Ransomware Detection: Follow the Shouting 08.11.2016
How to FBI-proof your Android (The Parallax) 03.11.2016
2015
Major Flaw In Android Phones Would Let Hackers In With Just A Text 07.27.2015 (interview on NPR)
Researcher says spyware company used his work to build surveillance tools 07.22.2015 (Washington Times)
Researcher angry after finding his code in Hacking Team malware 07.21.2015 (ars technica)
'Freezing' Software Could Kill Malware by Starvation 07.17.2015 (tom's guide)
2014
TOR BEGINS BLACKLISTING EXIT NODES VULNERABLE TO HEARTBLEED 17.4.2014 (ThreatPost)
Zugriff auf SMS-Nachrichten und Tor-Traffic dank Heartbleed 03.17.2014 (heise.de)
GUI VULNERABILITIES EXPOSE INFORMATION DISCLOSURE, PRIVILEGE ESCALATION 03.26.2014 (threatpost)
Beware this big iOS flaw -- and it's not alone 03.17.2014 (CNet)
2013
30C3: Hackersuite fuer Android-Smartphones im Netz 12.30.2013 (Heise)
Northeastern University and Duo Security Collaborate to Fix Critical "Master Key" Android Vulnerabilities 8.16.13 (The Wall Street Journal)
New App ReKey Fixes Android Master Key Vulnerability 8.16.13 (threadpost)
iOS Safer then Android, RSA panel 03.01.2013 (SC Magazin)
2012
29C3: When USB memory sticks lie 12.31.2012 (The H Security)
Scan in Mobilfunknetzen foerdert tausende ungeschuetzte Geraete zu Tage 07.27.2012 (heise)
Your future home is vulnerable to cyberattacks 07.26.2012 (CNN Money)
O2 Says Sorry For Mobile Web Privacy Error 01.26.2012 (SKY News UK) [TV interview]
Britische O2-Handys verrieten Handynummern 01.27.2012 (Spiegel Online)
O2 accused of sending your phone number to every website you visit 01.25.2012 (Wired UK)
2011
Android NFC Bug Could Be First Of Many 06.21.2011 (Threatpost)
How to slay a cellphone with a single text - SMS of Death explained 03.21.2011 (The Register)
CanSecWest: Researchers Show Off Method For Disabling Phones Via SMS 03.09.2011 (threatpost)
Hintertueren und Killer-SMS Hacker knacken Handys und Smartphones 03.11.2011 (Der Spiegel)
Auf Nummer sicher 02.07.2011 (Der Tagesspiegel)
"SMS of Death" Could Crash Many Mobile Phones 01.04.2011 (TechnologyReview)
2010
Simplest Phones Open to 'SMS of Death' 12.28.2010 (Wired)
Viele Handymodelle lassen sich per SMS lahmlegen 12.28.2010 (Handelsblatt)
Missing Hotel Room Key? Try Your Phone 11.08.2010 (McAfee)
Designing Smartphone Botnet Command and Control Infrastructure 11.02.2010 (eWeek)
Smartphone vulnerabilities entice hackers 07.21.2010 (Golden Gate XPress)
Our iPhone SMS talk was mentioned as THE SUBJECT EVERYBODY WAS TALKING ABOUT at Black Hat 2009 (Book: Cyber War by Richard Clarke) April 2010
Researcher: Mobile number leaks common but inappropriate 04.19.2010 (ZDNet)
Is your mobile phone giving out your phone number? 03.26.10 (computerworld.com)
NFC Forum spec adds digital signatures to prevent tag tampering 11.02.2010 (Near Field Communications World)
2009
Alumni-Magazin der Technischen Universitaet Berlin - Mobil zu telefonieren kann gefaehrlich sei (Page 8-9) Dec. 2009
Vorsicht - ansteckend! 09.03.09 (Technology Review)
Researchers attack my iPhone via SMS 07.29.09 (cnet.com)
How To Hijack 'Every iPhone In The World' 07.28.09 (forbs.com)
2008
25c3: NFC-Handy-Anwendungen anfaellig fuer Hackerangriffe 12.30.08 (heise security)
Sicherheitsluecke: iPhone waehlt selbststaendig Abzockemmer 11.20.2008 (Computer Bild)
iPhone telefoniert ferngesteuert 11.20.08 (heise security)
Hackers start poking holes in NFC 05.29.08 (The Register)
Attacks on NFC mobile phones demonstrated 05.28.08 (ZDNet)
2007
New Hacking Tools Bite Bluetooth 01.03.07 (DarkReading)
MMS fuehrt (Schad-)Code aus 01.02.2007 (heise security)
2006
23c3: Neue Hacker-Tools fuer Bluetooth 12.29.06 (heise security)
Defcon: Angriff auf PocketPC-Smartphones mit MMS-Nachrichten 08.07.06 (heise security)
DefCon Delays Can't Stop the Madness 08.05.06 (Washington Post)
Professional Activities
-
Steering Committee:
- USENIX Workshop on Offensive Technologies (WOOT) since 2017.
- (co-chair) 11th USENIX Workshop on Offensive Technologies (WOOT 2017)
- (co-chair) 9th Conference on Availability, Reliability and Security (ARES 2014)
- Workshop on Offensive Technologies (WOOT): 2012, 2013, 2014, 2015, 2016, 2018, 2023
- European Workshop on Systems Security (EuroSec): 2018, 2019, 2020, 2021
- ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec): 2019, 2020
- ACM ASIA Conference on Computer and Communications Security (ASIACCS): 2019
- Annual Computer Security Applications Conference (ACSAC): 2017, 2018, 2019
- Workshop on Language-Theoretic Security (LangSec): 2015, 2016, 2017, 2018
- Reversing and Offensive-oriented Trends Symposium (ROOTS): 2017, 2018
- Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA): 2012, 2017
- Workshop on Mobile Security Technologies (MOST): 2016
- Workshop on Information Security Applications (WISA): 2013, 2014
- Workshop on Trustworthy Embedded Devices (TrustED): 2013, 2014
- Workshop on Data Protection in Mobile and Pervasive Computing (DAPRO), 2014
- Conference on Availability, Reliability and Security (ARES): 2013
- Workshop on Sensor Security (IWSS) at ARES: 2009
- Innovations in Mobile Privacy and Security (IMPS): 2016
- USENIX Security: 2014
- World Wide Web Conference (WWW): 2014
- ACM Symposium on Information, Computer and Communications Security (ASIACCS): 2014
- IEEE Symposium on Security & Privacy (Oakland): 2013
- Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA): 2013
- Symposium on Hardware-Oriented Security and Trust (HOST): 2013
- Symposium on Recent Advances in Intrusion Detection (RAID): 2010
- Annual Computer Security Applications Conference (ACSAC): 2006
- ACM Transactions on Privacy and Security: 2017, 2018
- ACM Transactions on information and System Security: 2017
- International Journal of Information Security: 2012
- Communications of the ACM: 2010
- Review Board Hardwear.io: 2021, 2022
- Committee Member SummerC0n Research Grants: 2019
- Judge NYU CSAW Applied Research Competition: 2017, 2018, 2019
- Publicity Chair: DIMVA 2013
- Co-Organizer (with Patrick Stewin) of SPRING 7, SIDAR Graduierten-Workshop ueber Reaktive Sicherheit, 2012
Program Committee:
External Reviewer Conference:
Reviewer Journal:
Misc:
Students
-
External Member of Senior Honors Thesis Committee at Dartmouth College (2016)
Supervised 2 visiting Ph.D. Students at Northeastern Unversity (2012-2015)
Supervised 3 Master's Thesis at TU-Berlin (2009-2012)
Contributions
- small patch to Android init
- Mobile Near Field Communications (NFC) "Tap 'n Go" - Keep it Secure and Private November, 2011
- BlueZ the Linux Bluetooth stack
Trivia
-
My Erdoes number is 4.
Here is the path: Paul Erdoes (0) -> Noga M. Alon (1) -> Oded Goldreich (2) -> Jean-Pierre Seifert (3) -> me (4)
My Kevin Bacon number is 4.
This is due to being an extra in the German TV show Schwarz greift ein staring Klaus Wennemann who has a distance of 3 to Kevin Bacon.
Erdoes-Bacon number is 8(d) = 4 + 4(d)
updated: March 2023