Benjamin Kunz Mejri

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Benjamin Kunz Mejri

Benjamin Kunz Mejri (born 6 May 1983) is a German IT security specialist and penetration tester. His areas of research include vulnerabilities in computer systems, bug bounties, the security of e-payment payment services and privacy protection. Mejri is known for uncovering new vulnerabilities and making them transparent to the public.

Life[edit]

Kunz Mejri grew up in the city of Kassel in Hessen. From 2003 to 2005 he was at the Fachoberschule Kassel in the field of business informatics. In 2005, at the Cebit in Hannover, he published for the first time a report about a Secure Sockets Layer zero-day vulnerability in the Mozilla Firefox Browser Engine with the company F-Secure. Mejri has been head of research at the Vulnerability Lab since 2008 and became managing director of Evolution Security GmbH in Kassel-Wilhelmshöhe in 2014.

Research[edit]

Evolution Security[edit]

Kunz Mejri started Evolution Security in 2010 with the developer Pim Campers from the Netherlands. The company is known for manual security checks and the detection of back doors in operating systems, hardware or software. In 2014, the company changed its legal form and officially became a limited liability company with its registered office in the Technology Centre in Kassel-Wilhelmshöhe.

Vulnerability Laboratory[edit]

In february 2005, Kunz Mejri opened his own laboratory to record security vulnerabilities. The public vulnerability laboratory [1] has over 1,000 active researchers from around the world and lists over 2,000 specially reported vulnerabilities with the technical details. In addition, the lab also has documents, videos and analyses from the IT security sector relating to security vulnerabilities. Vulnerability Laboratory is the first internationally registered vulnerability portal for independent researchers in the field of IT security.

Securityanalysis of Skype (VoIP)[edit]

In 2011 Kunz Mejri published one of the first reports on vulnerabilities in Skype-software and architecture at the Hack in the Box conference in Kuala Lumpur, Malaysia. The release took place in cooperation with Skype. In the presentation, Kunz Mejri explained his own found vulnerabilities to other researchers.

Airport-Security München, Köln/Bonn & Düsseldorf[edit]

In 2012, Kunz Mejri reported several critical security gaps in the infrastructure of German airports. The vulnerabilities allowed the SQL database entries of the airports Düsseldorf, Cologne/Bonn and Munich to be read out. This also affected related airlines such as Lufthansa and Air Berlin. After the publication of two security vulnerabilities in the airport service pages, the digital security architecture of the affected companies changed permanently.[2]

Microsoft- & Skype-Account-System[edit]

In 2012, Kunz Mejri released four critical vulnerabilities in Microsoft via Skype that allowed access to any Hotmail - Live - Xbox - Skype account without permission. His analysis with security article flowed into the production of the new account systems and improved the infrastructure of Microsoft's logins sustainably.[3][4]

In February 2013, Mejri reported a critical vulnerability in the validation of Microsoft's official Sharepoint Cloud Web-application.[5] At the beginning of September 2013, Symantec Security Company and SANS Institute investigated the newly detected vulnerability in Sharepoint.[6] In the same year, Mejri submitted 16 confirmed vulnerabilities in Office 365 cloud software to the Microsoft Security Response Center. By the end of 2013, all reported vulnerabilities were closed by Microsoft's development and security department.

At the end of July 2017, Mejri in cooperation with the Microsoft Security Response Center released a critical vulnerability in Skype. A buffer overflow during the Remote Desktop Protocol (RDP) clipboard transmission allowed the vulnerability to be exploited remotely by attackers. Skype Windows software versions 7.2,7.35 & 7.36 were affected.[7]

Barracuda-Networks-Infrastructure[edit]

In 2013, Kunz Mejri also published more than 40 vulnerabilities in the Barracuda Networks firewall and other products.[8] All security gaps were reliably closed by the manufacturer during the course of the year. The submitted documents were processed by the company's development team and Dave Farrow for future processes. From 2013 to 2014, Kunz Mejri thus had a lasting impact on the security of the Barracuda Network product series.

Apple iOS Passcode[edit]

In 2014, Kunz Mejri published a novel vulnerability in iOS V6 for the first time, which allowed to bypass the passcode security feature. The vulnerability was found in the emergency call feature and allowed access to the device without entering a PIN. Shortly after that, in the same year, Mejri developed an exploit that put iOS devices of version V6. x into a so-called "black screen mode", thus allowing access to the internal memory. After the vulnerability was published, the number of emergency calls increased by 17% due to the abusive exploitation of the vulnerability in the international arena. The vulnerability was closed by Apple a month after its release. [9]

In 2015, Mejri introduced in a public video how to lever out the latest Sim-Lock of an iOS V7. x device to use the device without permission. Approximately 14 days after the release of the vulnerability, the Apple Product Security Team has also fixed it with a new release. [10]

In March 2016, Mejri released another vulnerability in Siri by Apple. Siri made it possible by another, not limited function, without passcode or fingerprint to overcome the device lock without permission. Apple released a hotfix on the same day that redirected Siri's API calls to temporarily close the security issue. From August to September 2016, Mejri reported and published 4 different vulnerabilities from the rights extension for iPads & iPhones with iOS V9. x. [11]

From August to September 2016, Mejri reported and published 4 different vulnerabilities from the rights extension for iPads & iPhones with iOS V9. x.

In November 2016, Mejri released several critical vulnerabilities in iOS V10.1.1.1, the first vulnerability reported in November 2016 was in the messaging feature of blocked iPad/iPhone devices. Due to an error in connection with the "voice-over" function, local attackers could permanently bypass the passcode security function to access sensitive device data. The second vulnerability from the release in December 2016 allowed attackers to override the activated anti-theft protection of iOS devices. The vulnerability could be exploited by a locally caused buffer overflow in connection with an application crash. [12] [13]

NASA-Mission Orion[edit]

On December 4,2014, Kunz Mejri published a vulnerability in the boarding passport application of the Orion - mission of the American space agency NASA. The vulnerability was reported to the US Department of Defense CERT team on November 25,2014. The boarding pass information of the application was later written with electron beam lithography on a silicone microchip prototype, which was launched aboard the space shuttle on December 4. One of the researcher's test exploit payloads was not deleted by NASA and transferred to the isolated microchip. After the launch of the rocket, Mejris Exploit Payload spent four hours and 24 minutes in two elliptical orbits around the Earth with an apogee (high point) of 5800 kilometres. NASA's investigation with an eleven-man team confirmed that one of the payloads stored in the boarding pass was accidentally written on the silicone microchip. But since the microchip was isolated, there was no danger for the technology or the spacecraft itself. NASA provided Mejri with a specially prepared image for a few days, with a joke entry of Mejri in the NASA No Fly list.[14]

PayPal Inc & J.P. Morgan[edit]

From 2011 to 2016 Kunz Mejri was working on improving security in PayPal, J.P. Morgan and eBay Inc. from 2011 to 2016. By 2016, Kunz Mejri has published over 120 vulnerabilities in the PayPal web infrastructure. He was the first German to successfully participate in the official Bug Bounty Program of PayPal. In 2013, the security researcher reported several SQL injection vulnerabilities in PayPal's BillSafe service provider. In 2014, Kunz Mejri found a vulnerability in the mobile API from the PayPal iOS app that allowed him to access any PayPal account.[15]

Wincor Nixdorf – Sparkassen Automated Teller Machines & SB-Terminals[edit]

In 2015, Kunz Mejri published a security vulnerability as a reportage in self-service terminals and ATMs of Wincor Nixdorf. The ATMs were used by the Sparkasse throughout Germany. With the help of a key combination, Mejri was able to make an update console of the administrator visible, which gave insight into sensitive data. Wincor Nixdorf has permanently remedied the vulnerability. The security update was introduced and tested by the Sparkasse as a pilot program in Hesse. After the first audit, the security update was introduced throughout Germany to prevent attacks against the ATMs in question.[16][17]

BMW ConnectedDrive[edit]

In January 2016, Kunz Mejri published two vulnerabilities in the BMW ConnectedDrive applications for mobile phones.[18] Apps for Apple's iOS and Google's Android were affected. The first vulnerability allows the browser to read cookie information when logging in and resetting user passwords. The vulnerability allowed to bypass the login function by manipulating the `Token` parameter. The second reported vulnerability was classified as critical by BMW and allowed attackers unauthorized access to the info-tainment system of affected BMW vehicles. [19] The vulnerability could be exploited by a faulty security check of the VIN (Vehicle Identification Number) in the service portal. In September, both vulnerabilities were remedied by the BMW security department as part of a security audit.

Wickr Inc[edit]

In January 2017, for the first time in the official Bug Bounty programme, the company Wickr (Embedded Immediate Intelligence Service) awarded Kunz Mejri a higher prize for research in the field of IT security.[20] As Wickr Inc. was unable to answer his initial research findings with vulnerabilities from 2014, some of the information he provided was published in 2016.[21] Wickr Inc Vice President of Engineering Christopher Howell responded with an internal audit.[22] Following the audit, Howell rewarded the security researcher for identifying and documenting vulnerabilities.[23] From 2014 to 2016, Kunz Mejri's research results influenced the internal development processes of the Wickr Inc software application.

Who am I – Filmcharacter[edit]

In 2014, a large part of Kunz Mejri's history as a computer hacker of the German scene was published in a Hollywood film titled Who Am I – Kein System ist sicher. The main character "Benjamin" was played by Tom Schilling, known in Germany as an actor. In 2015, the film won six awards, including the International Film Award as "Best International Film" and the Bambi Award. The film Who Am I was taken over by Sony Entertainment (Warner Studios) in mid 2015 with all rights and will be released again internationally in a US remake in 2016. The film was released as exam component for the 10th grade of the Goetheschule for final work. [24]

Internet Security Conference - ISC 2017[edit]

In September 2017, Mejri gave a keynote address at the official Internet Security Conference 2017 in Beijing China by Qihoo 360 on vulnerability research, system security, security development and bug bounty programs. The speech was broadcast internationally live on television and radio.[25]

External links[edit]

References[edit]

  1. ^ https://www.vulnerability-lab.com/
  2. ^ Dusseldorf airport closes security holes
  3. ^ Skype Zero-Day Vulnerability Allowed Hackers to Change the Password of Any Account
  4. ^ Hotmail Hacking for 20 US dollars
  5. ^ "Vulnerability". Archived from the original on 2015-11-01. Retrieved 2016-08-01.
  6. ^ CVE ID 2013 -3179 Microsoft
  7. ^ http://www.zdnet.com/article/zero-day-skype-flaw-causes-crashes-remote-code-execution/
  8. ^ Security Bulletin - BNSEC-00703 Message Archiver Vulnerability.
  9. ^ http://news.softpedia.com/news/Experts-Identify-Two-iOS-6-1-Password-Lock-Bypass-Vulnerabilities-Video-330189.shtml
  10. ^ https://www.grahamcluley.com/bypass-passcode-lock-screen-ios-8-9/
  11. ^ -and-later / 116624 / passcode bypass bugs Trouble iOS 9.1 and later
  12. ^ https://www.computerworld.com/article/3041302/security/4-new-ways-to-bypass-passcode-lock-screen-on-iphones-ipads-running-ios-9.html
  13. ^ https://nakedsecurity.sophos.com/2016/12/02/new-ios-lockscreen-bypass-renders-activation-lock-useless/
  14. ^ [1]
  15. ^ Flaw in PayPal Authentication Process Allows Access to Blocked Accounts
  16. ^ Savings, Security, and ATM: The hacker with the current map - Handelsblatt.com
  17. ^ Command line access: Vulnerability in ATMs of the Sparkasse Bank
  18. ^ [2]
  19. ^ http://www.securityweek.com/zero-day-flaw-affects-bmws-connecteddrive-web-portal
  20. ^ [3]
  21. ^ [4]
  22. ^ [5][permanent dead link]
  23. ^ [6]
  24. ^ https://www.goethe.de/resources/files/pdf131/whoami-didaktisierungb1b2goetheinstitutfrankreich.pdf
  25. ^ http://isc.360.cn/2017/en/index.html