Biography:Benjamin Kunz Mejri
Benjamin Kunz Mejri (born 6 May 1983) is a German IT security specialist and penetration tester. His areas of research include vulnerabilities in computer systems, bug bounties, the security of e-payment payment services and privacy protection. Mejri is known for uncovering new zero-day vulnerabilities and making them transparent to the public.
Life
Kunz Mejri grew up in the city of Kassel in Hessen. From 2003 to 2005 he was at the Fachoberschule Kassel in the field of business informatics. In 2005, at the Cebit in Hannover, he published for the first time a report about a Secure Sockets Layer zero-day vulnerability in the Mozilla Firefox Browser Engine with the company F-Secure. Mejri has been head of research at the Vulnerability Lab since 2008 and became managing director of Evolution Security GmbH in Kassel-Wilhelmshöhe in 2014. T to in 2022
Research
Evolution Security
Kunz Mejri started Evolution Security in 2010 with the developer Pim Campers from the Netherlands. The company is known for manual security checks and the detection of back doors in operating systems, hardware or software. In 2014, the company changed its legal form and officially became a limited liability company with its registered office in the Technology Centre in Kassel-Wilhelmshöhe.
Vulnerability Laboratory
In 2005 Kunz Mejri opened the first laboratory as a portal for researchers to record bug bounty vulnerabilities.[1] The public vulnerability laboratory has over 1,000 active researchers from around the world and lists over 2,000 specially reported vulnerabilities with technical details. In addition, the laboratory has documents, videos and analyses from the field of IT security relating to security vulnerabilities. Vulnerability Laboratory is the first internationally registered vulnerability portal for independent IT security researchers.
Securityanalysis of Skype (VoIP)
In 2011 Kunz Mejri published one of the first reports on vulnerabilities in Skype-software and architecture at the Hack in the Box conference in Kuala Lumpur, Malaysia. The release took place in cooperation with Skype. In the presentation, Kunz Mejri explained his own found vulnerabilities to other researchers.
Airport security
In 2012, Kunz Mejri reported several critical security gaps in the infrastructure of German airports. The vulnerabilities allowed the SQL database entries of the airports Düsseldorf, Köln/Bonn and München to be read out. This also affected related airlines such as Lufthansa and Air Berlin. After the publication of two security vulnerabilities in the airport service pages, the digital security architecture of the affected companies changed permanently.[1]
Microsoft- & Skype-Account-System
In 2012, Kunz Mejri released four critical vulnerabilities in Microsoft via Skype that allowed access to any Hotmail - Live - Xbox - Skype account without permission. His analysis with security article flowed into the production of the new account systems and improved the infrastructure of Microsoft's logins sustainably.[2][3]
In February 2013, Mejri reported a critical vulnerability in the validation of Microsoft's official SharePoint Cloud Web-application.[4] At the beginning of September 2013, Symantec Security Company and SANS Institute investigated the newly detected vulnerability in SharePoint.[5] In the same year, Mejri submitted 16 confirmed vulnerabilities in Office 365 cloud software to the Microsoft Security Response Center. By the end of 2013, all reported vulnerabilities were closed by Microsoft's development and security department.
At the end of July 2017, Mejri in cooperation with the Microsoft Security Response Center released a critical vulnerability in Skype. A buffer overflow during the Remote Desktop Protocol (RDP) clipboard transmission allowed the vulnerability to be exploited remotely by attackers. Skype Windows software versions 7.2,7.35 & 7.36 were affected.[6]
Barracuda-Networks-Infrastructure
In 2013, Kunz Mejri also published more than 40 vulnerabilities in the Barracuda Networks firewall and other products.[7] All security gaps were reliably closed by the manufacturer during the course of the year. The submitted documents were processed by the company's development team and Dave Farrow for future processes. From 2013 to 2014, Kunz Mejri thus had a lasting impact on the security of the Barracuda Network product series.
Apple iOS Passcode
In 2014, Kunz Mejri released for the first time a new vulnerability in iOS V6 that allowed to bypass the passcode security feature. The vulnerability was found in the emergency call feature and allowed access to the device without entering a pin. Shortly thereafter, in the same year, Mejri developed an exploit that put V6.x iOS devices into a so-called "black screen mode", allowing access to the internal memory. After the vulnerability was released, the number of emergency calls increased by 17% due to the abusive exploitation of the vulnerability in the international arena. The vulnerability was closed by Apple one month after the release.[8]
In 2015, Mejri then presented in a public video how to bypass the latest Sim-Lock of an iOS-V7.x device to use it without permission. Approximately 14 days after the release of the vulnerability, the Apple Product Security Team also fixed it with a new release.[9]
In March 2016, Mejri released another vulnerability in Apple's Siri. Siri allowed to overcome the device lock without permission, without passcode or fingerprint. On the same day, Apple released a hotfix that redirected Siri's API calls to temporarily close the security issue.
From August to September 2016, Mejri reported and released 4 different vulnerabilities in the area of rights extension for iPads & iPhones with iOS V9.x.[10]
In November 2016, Mejri released several critical vulnerabilities in iOS V10.1.1. The first vulnerability reported in November 2016 was the ability to send messages from blocked iPad/iPhone devices. Due to an error in connection with the voice-over function, local attackers were able to permanently bypass the passcode security function in order to access sensitive device data. The second vulnerability, released in December 2016, allowed attackers to bypass the anti-theft feature on iOS devices. The vulnerability could be exploited by a locally caused buffer overflow in conjunction with an application crash.[11][12]
NASA-Mission Orion
On December 4, 2014, Kunz Mejri published a vulnerability in the boarding passport application of the Orion - mission of the American space agency NASA. The vulnerability was reported to the US Department of Defense CERT team on November 25, 2014. The boarding pass information of the application was later written with electron beam lithography on a silicone microchip prototype, which was launched aboard the space shuttle on December 4. One of the researcher's test exploit payloads was not deleted by NASA and transferred to the isolated microchip. After the launch of the rocket, Mejris Exploit Payload spent four hours and 24 minutes in two elliptical orbits around the Earth with an apogee (high point) of 5800 kilometres. NASA's investigation with an eleven-man team confirmed that one of the payloads stored in the boarding pass was accidentally written on the silicone microchip. But since the microchip was isolated, there was no danger for the technology or the spacecraft itself. NASA provided Mejri with a specially prepared image for a few days, with a joke entry of Mejri in the NASA No Fly list.[13]
Telestar-Digital Web Radios (IoT)
On October 9, 2019, Kunz Mejri published a security vulnerability in IoT web radios from Telestar-Digital GmbH. Attackers were able to eavesdrop on any victims from the outside, as well as modify and manipulate the end device. The vulnerability affected several million end devices and was considered critical because the same firmware was also offered to other companies in Europe and Asia by French service providers. The vulnerability was also officially known as Telnet Backdoor and was publicly assessed by Kaspersky as well as Eugene Kaspersky himself in a review.[14][15][16]
PayPal Inc & J.P. Morgan
From 2011 to 2016 Kunz Mejri was working on improving security in PayPal, J.P. Morgan and eBay Inc. from 2011 to 2016. By 2016, Kunz Mejri has published over 120 vulnerabilities in the PayPal web infrastructure. He was the first German to successfully participate in the official Bug Bounty Program of PayPal. In 2013, the security researcher reported several SQL injection vulnerabilities in PayPal's BillSafe service provider. In 2014, Kunz Mejri found a vulnerability in the mobile API from the PayPal iOS app that allowed him to access any PayPal account.[17]
Wincor Nixdorf – Sparkassen Bank ATM & SB Terminals
In 2015, Kunz Mejri published a security vulnerability as a reportage in self-service terminals and ATMs of Wincor Nixdorf. The ATMs were used by the Sparkassen throughout Germany. With the help of a key combination, Mejri was able to make an update console of the administrator visible, which gave insight into sensitive data. Wincor Nixdorf has permanently remedied the vulnerability. The security update was introduced and tested by the Sparkasse as a pilot program in Hesse. After the first audit, the security update was introduced throughout Germany to prevent attacks against the ATMs in question.[18][19]
BMW ConnectedDrive
In January 2016, Kunz Mejri published two vulnerabilities in the BMW ConnectedDrive applications for mobile phones.[20] Apps for Apple's iOS and Google's Android were affected. The first vulnerability allows the browser to read cookie information when logging in and resetting user passwords. The vulnerability allowed to bypass the login function by manipulating the `Token` parameter. The second reported vulnerability was classified as critical by BMW and allowed attackers unauthorized access to the info-tainment system of affected BMW vehicles.[21] The vulnerability could be exploited by a faulty security check of the VIN (Vehicle Identification Number) in the service portal. In September, both vulnerabilities were remedied by the BMW security department as part of a security audit.
Wickr Inc
In January 2017, for the first time in the official Bug Bounty programme, the company Wickr (Embedded Immediate Intelligence Service) awarded Kunz Mejri a higher prize for research in the field of IT security.[22] As Wickr Inc. was unable to answer his initial research findings with vulnerabilities from 2014, some of the information he provided was published in 2016.[23] Wickr Inc Vice President of Engineering Christopher Howell responded with an internal audit.[24] Following the audit, Howell rewarded the security researcher for identifying and documenting vulnerabilities.[25] From 2014 to 2016, Kunz Mejri's research results influenced the internal development processes of the Wickr Inc software application. 2014
Travia
In 2014, a large part of Kunz Mejri's history as a computer hacker of the German scene was published in a Hollywood film titled Who Am I – Kein System ist sicher. The main character "Benjamin" was played by Tom Schilling, known in Germany as an actor. In 2015, the film won six awards, including the International Film Award as "Best International Film" and the Bambi Award. The film Who Am I was taken over by Sony Entertainment (Warner Studios) in mid 2015 with all rights and will be released again internationally in a US remake in 2016. The film was released as exam component for the 10th grade of the Goetheschule for final work.[26]
In May 2017, Kunz Mejri was invited by the German Armed Forces Command Cyber & Information Space (CIR) to the official 3rd Cyber Awareness Event at the Training Centre of the German Armed Forces in Mannheim as key speaker.
In September 2017 Kunz Mejri followed with the first German presentation as key speaker on vulnerability research, system security, security development and bug bounty programs at the Internet Security Conference in Beijing China. His presentation was broadcast locally in China and internationally by WorldNewsToday on TV.[27]
In September 2018, Kunz Mejri was interviewed by the ZDF Tageschau on TV on the subject of "Hospitals in the sights of hackers" as part of a public Internet podcast broadcast by Hessischer Rundfunk (HR).[28]
In June 2019, ZDF (Planet E & ZDF Wiso) and 3Sat publicly broadcast a documentary with Kunz Mejri on the topics "Blackout - Attack on our electricity grid" and "Cyber attack on the electricity grid" on TV.[29][30]
External links
- Cross Site Scripting – Dokumentation, Analyse & Techniken (PDF-Datei)
- Computerviren – Arten, Verfahren, Technik & Geschichte (PDF-Datei)
- Mobile Application Security – Main Issues & Vulnerabilities (PDF-Datei)
References
- ↑ Dusseldorf airport closes security holes
- ↑ Skype Zero-Day Vulnerability Allowed Hackers to Change the Password of Any Account
- ↑ Hotmail Hacking for 20 US dollars
- ↑ "Vulnerability". http://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/4113.DP-Slide.PNG.
- ↑ CVE ID 2013 -3179 Microsoft
- ↑ "Zero-day Skype flaw causes crashes, remote code execution". http://www.zdnet.com/article/zero-day-skype-flaw-causes-crashes-remote-code-execution/.
- ↑ Security Bulletin - BNSEC-00703 Message Archiver Vulnerability.
- ↑ "Experts Identify iOS 6.1 Password Lock Bypass Vulnerability – Video (Updated)". 18 February 2013. http://news.softpedia.com/news/Experts-Identify-Two-iOS-6-1-Password-Lock-Bypass-Vulnerabilities-Video-330189.shtml.
- ↑ "How to break the passcode lock screen on iOS 8 and 9 – but would anyone bother?". 5 February 2016. https://www.grahamcluley.com/bypass-passcode-lock-screen-ios-8-9/.
- ↑ -and-later / 116624 / passcode bypass bugs Trouble iOS 9.1 and later
- ↑ "How to bypass passcode lock screens on iPhones and iPads using iOS 12". 18 September 2018. https://www.computerworld.com/article/3041302/security/4-new-ways-to-bypass-passcode-lock-screen-on-iphones-ipads-running-ios-9.html.
- ↑ "New iOS lockscreen bypass renders Activation Lock useless". 2 December 2016. https://nakedsecurity.sophos.com/2016/12/02/new-ios-lockscreen-bypass-renders-activation-lock-useless/.
- ↑ "Orion hacker sends stowaway into SPAAAAACE". https://www.theregister.co.uk/2014/12/08/orion_nasa_hack/.
- ↑ "Million+ IoT Radios Open to Hijack via Telnet Backdoor" (in en). https://threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/.
- ↑ "NVD - CVE-2019-13473". https://nvd.nist.gov/vuln/detail/CVE-2019-13473.
- ↑ "NVD - CVE-2019-13474". https://nvd.nist.gov/vuln/detail/CVE-2019-13474.
- ↑ Flaw in PayPal Authentication Process Allows Access to Blocked Accounts
- ↑ Savings, Security, and ATM: The hacker with the current map - Handelsblatt.com
- ↑ Command line access: Vulnerability in ATMs of the Sparkasse Bank
- ↑ "BMWS ConnectedDrive ist löchrig". https://www.heise.de/security/meldung/BMWs-ConnectedDrive-ist-loechrig-3262756.html.
- ↑ http://www.securityweek.com/zero-day-flaw-affects-bmws-connecteddrive-web-portal [bare URL]
- ↑ "Security". https://wickr.com/security.
- ↑ "Wickr Inc - when honesty disappears behind the VCP Mountain | Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research". https://www.vulnerability-db.com/?q=articles/2016/10/27/wickr-inc-when-honesty-disappears-behind-vcp-mountain.
- ↑ https://www.wickr.com/about-us/blog/2016/11/01/to-peace-love-and-managing-a-bug-bounty [yes|permanent dead link|dead link}}]
- ↑ http://www.securityweek.com/researchers-claim-wickr-patched-flaws-didnt-pay-rewards [bare URL]
- ↑ "Programmation culturelle pour les élèves: Semaine des langues :" Liberté mon amour " - Goethe-Institut Frankreich". https://www.goethe.de/resources/files/pdf131/whoami-didaktisierungb1b2goetheinstitutfrankreich.pdf.
- ↑ "Isc 2017". http://isc.360.cn/2017/en/index.html.
- ↑ "Cyberangriff". https://www.tagesschau.de/wirtschaft/kliniken-hacker-101.html.
- ↑ "Blackout - Angriff auf unser Stromnetz". https://www.zdf.de/dokumentation/planet-e/planet-e-blackout---angriff-auf-unser-stromnetz-100.html.
- ↑ "Cyberangriff aufs Stromnetz". https://www.3sat.de/gesellschaft/makro/wirtschaftsdokumentation-cyberangriff-aufs-stromnetz-100.html.