Jump to content

Benjamin Kunz Mejri

From Wikipedia, the free encyclopedia
Benjamin Kunz Mejri

Benjamin Kunz Mejri (born 6 May 1983) is a German IT security specialist and penetration tester. His areas of research include vulnerabilities in computer systems, bug bounties, the security of e-payment payment services and privacy protection. Mejri is known for uncovering new zero-day vulnerabilities and making them transparent to the public.

Life

[edit]

Kunz Mejri grew up in the city of Kassel in Hessen. From 2003 to 2005 he was at the Fachoberschule Kassel in the field of business informatics. In 2005, at the Cebit in Hannover, he published for the first time a report about a Secure Sockets Layer zero-day vulnerability in the Mozilla Firefox Browser Engine with the company F-Secure. Mejri has been head of research at the Vulnerability Lab since 2008 and became managing director of Evolution Security GmbH in Kassel-Wilhelmshöhe in 2014. T to in 2022

Research

[edit]

Evolution Security

[edit]

Kunz Mejri started Evolution Security in 2010 with the developer Pim Campers from the Netherlands. The company is known for manual security checks and the detection of back doors in operating systems, hardware or software. In 2014, the company changed its legal form and officially became a limited liability company with its registered office in the Technology Centre in Kassel-Wilhelmshöhe.

Vulnerability Laboratory

[edit]

In 2005 Kunz Mejri opened the first laboratory as a portal for researchers to record bug bounty vulnerabilities.[1] The public vulnerability laboratory has over 1,000 active researchers from around the world and lists over 2,000 specially reported vulnerabilities with technical details. In addition, the laboratory has documents, videos and analyses from the field of IT security relating to security vulnerabilities. Vulnerability Laboratory is the first internationally registered vulnerability portal for independent IT security researchers.

Securityanalysis of Skype (VoIP)

[edit]

In 2011 Kunz Mejri published one of the first reports on vulnerabilities in Skype-software and architecture at the Hack in the Box conference in Kuala Lumpur, Malaysia. The release took place in cooperation with Skype. In the presentation, Kunz Mejri explained his own found vulnerabilities to other researchers.

Airport security

[edit]

In 2012, Kunz Mejri reported several critical security gaps in the infrastructure of German airports. The vulnerabilities allowed the SQL database entries of the airports Düsseldorf, Köln/Bonn and München to be read out. This also affected related airlines such as Lufthansa and Air Berlin. After the publication of two security vulnerabilities in the airport service pages, the digital security architecture of the affected companies changed permanently.[1]

Microsoft- & Skype-Account-System

[edit]

In 2012, Kunz Mejri released four critical vulnerabilities in Microsoft via Skype that allowed access to any Hotmail - Live - Xbox - Skype account without permission. His analysis with security article flowed into the production of the new account systems and improved the infrastructure of Microsoft's logins sustainably.[2][3]

In February 2013, Mejri reported a critical vulnerability in the validation of Microsoft's official SharePoint Cloud Web-application.[4] At the beginning of September 2013, Symantec Security Company and SANS Institute investigated the newly detected vulnerability in SharePoint.[5] In the same year, Mejri submitted 16 confirmed vulnerabilities in Office 365 cloud software to the Microsoft Security Response Center. By the end of 2013, all reported vulnerabilities were closed by Microsoft's development and security department.

At the end of July 2017, Mejri in cooperation with the Microsoft Security Response Center released a critical vulnerability in Skype. A buffer overflow during the Remote Desktop Protocol (RDP) clipboard transmission allowed the vulnerability to be exploited remotely by attackers. Skype Windows software versions 7.2,7.35 & 7.36 were affected.[6]

Barracuda-Networks-Infrastructure

[edit]

In 2013, Kunz Mejri also published more than 40 vulnerabilities in the Barracuda Networks firewall and other products.[7] All security gaps were reliably closed by the manufacturer during the course of the year. The submitted documents were processed by the company's development team and Dave Farrow for future processes. From 2013 to 2014, Kunz Mejri thus had a lasting impact on the security of the Barracuda Network product series.

Apple iOS Passcode

[edit]

In 2014, Kunz Mejri released for the first time a new vulnerability in iOS V6 that allowed to bypass the passcode security feature. The vulnerability was found in the emergency call feature and allowed access to the device without entering a pin. Shortly thereafter, in the same year, Mejri developed an exploit that put V6.x iOS devices into a so-called "black screen mode", allowing access to the internal memory. After the vulnerability was released, the number of emergency calls increased by 17% due to the abusive exploitation of the vulnerability in the international arena. The vulnerability was closed by Apple one month after the release.[8]

In 2015, Mejri then presented in a public video how to bypass the latest Sim-Lock of an iOS-V7.x device to use it without permission. Approximately 14 days after the release of the vulnerability, the Apple Product Security Team also fixed it with a new release.[9]

In March 2016, Mejri released another vulnerability in Apple's Siri. Siri allowed to overcome the device lock without permission, without passcode or fingerprint. On the same day, Apple released a hotfix that redirected Siri's API calls to temporarily close the security issue.

From August to September 2016, Mejri reported and released 4 different vulnerabilities in the area of rights extension for iPads & iPhones with iOS V9.x.[10]

In November 2016, Mejri released several critical vulnerabilities in iOS V10.1.1. The first vulnerability reported in November 2016 was the ability to send messages from blocked iPad/iPhone devices. Due to an error in connection with the voice-over function, local attackers were able to permanently bypass the passcode security function in order to access sensitive device data. The second vulnerability, released in December 2016, allowed attackers to bypass the anti-theft feature on iOS devices. The vulnerability could be exploited by a locally caused buffer overflow in conjunction with an application crash.[11][12]

NASA-Mission Orion

[edit]

On December 4, 2014, Kunz Mejri published a vulnerability in the boarding passport application of the Orion - mission of the American space agency NASA. The vulnerability was reported to the US Department of Defense CERT team on November 25, 2014. The boarding pass information of the application was later written with electron beam lithography on a silicone microchip prototype, which was launched aboard the space shuttle on December 4. One of the researcher's test exploit payloads was not deleted by NASA and transferred to the isolated microchip. After the launch of the rocket, Mejris Exploit Payload spent four hours and 24 minutes in two elliptical orbits around the Earth with an apogee (high point) of 5800 kilometres. NASA's investigation with an eleven-man team confirmed that one of the payloads stored in the boarding pass was accidentally written on the silicone microchip. But since the microchip was isolated, there was no danger for the technology or the spacecraft itself. NASA provided Mejri with a specially prepared image for a few days, with a joke entry of Mejri in the NASA No Fly list.[13]

Telestar-Digital Web Radios (IoT)

[edit]

On October 9, 2019, Kunz Mejri published a security vulnerability in IoT web radios from Telestar-Digital GmbH. Attackers were able to eavesdrop on any victims from the outside, as well as modify and manipulate the end device. The vulnerability affected several million end devices and was considered critical because the same firmware was also offered to other companies in Europe and Asia by French service providers. The vulnerability was also officially known as Telnet Backdoor and was publicly assessed by Kaspersky as well as Eugene Kaspersky himself in a review.[14][15][16]

PayPal Inc & J.P. Morgan

[edit]

From 2011 to 2016 Kunz Mejri was working on improving security in PayPal, J.P. Morgan and eBay Inc. from 2011 to 2016. By 2016, Kunz Mejri has published over 120 vulnerabilities in the PayPal web infrastructure. He was the first German to successfully participate in the official Bug Bounty Program of PayPal. In 2013, the security researcher reported several SQL injection vulnerabilities in PayPal's BillSafe service provider. In 2014, Kunz Mejri found a vulnerability in the mobile API from the PayPal iOS app that allowed him to access any PayPal account.[17]

Wincor Nixdorf – Sparkassen Bank ATM & SB Terminals

[edit]

In 2015, Kunz Mejri published a security vulnerability as a reportage in self-service terminals and ATMs of Wincor Nixdorf. The ATMs were used by the Sparkassen throughout Germany. With the help of a key combination, Mejri was able to make an update console of the administrator visible, which gave insight into sensitive data. Wincor Nixdorf has permanently remedied the vulnerability. The security update was introduced and tested by the Sparkasse as a pilot program in Hesse. After the first audit, the security update was introduced throughout Germany to prevent attacks against the ATMs in question.[18][19]

BMW ConnectedDrive

[edit]

In January 2016, Kunz Mejri published two vulnerabilities in the BMW ConnectedDrive applications for mobile phones.[20] Apps for Apple's iOS and Google's Android were affected. The first vulnerability allows the browser to read cookie information when logging in and resetting user passwords. The vulnerability allowed to bypass the login function by manipulating the `Token` parameter. The second reported vulnerability was classified as critical by BMW and allowed attackers unauthorized access to the info-tainment system of affected BMW vehicles.[21] The vulnerability could be exploited by a faulty security check of the VIN (Vehicle Identification Number) in the service portal. In September, both vulnerabilities were remedied by the BMW security department as part of a security audit.

Wickr Inc

[edit]

In January 2017, for the first time in the official Bug Bounty programme, the company Wickr (Embedded Immediate Intelligence Service) awarded Kunz Mejri a higher prize for research in the field of IT security.[22] As Wickr Inc. was unable to answer his initial research findings with vulnerabilities from 2014, some of the information he provided was published in 2016.[23] Wickr Inc Vice President of Engineering Christopher Howell responded with an internal audit.[24] Following the audit, Howell rewarded the security researcher for identifying and documenting vulnerabilities.[25] From 2014 to 2016, Kunz Mejri's research results influenced the internal development processes of the Wickr Inc software application. 2014

[edit]

References

[edit]
  1. ^ Dusseldorf airport closes security holes
  2. ^ Skype Zero-Day Vulnerability Allowed Hackers to Change the Password of Any Account
  3. ^ Hotmail Hacking for 20 US dollars
  4. ^ "Vulnerability". Archived from the original on 2015-11-01. Retrieved 2016-08-01.
  5. ^ CVE ID 2013 -3179 Microsoft
  6. ^ "Zero-day Skype flaw causes crashes, remote code execution". ZDNet.
  7. ^ Security Bulletin - BNSEC-00703 Message Archiver Vulnerability Archived 2016-05-08 at the Wayback Machine.
  8. ^ "Experts Identify iOS 6.1 Password Lock Bypass Vulnerability – Video (Updated)". 18 February 2013.
  9. ^ "How to break the passcode lock screen on iOS 8 and 9 – but would anyone bother?". 5 February 2016.
  10. ^ -and-later / 116624 / passcode bypass bugs Trouble iOS 9.1 and later
  11. ^ "How to bypass passcode lock screens on iPhones and iPads using iOS 12". 18 September 2018.
  12. ^ "New iOS lockscreen bypass renders Activation Lock useless". 2 December 2016.
  13. ^ "Orion hacker sends stowaway into SPAAAAACE". The Register.
  14. ^ "Million+ IoT Radios Open to Hijack via Telnet Backdoor". 9 September 2019.
  15. ^ "NVD - CVE-2019-13473".
  16. ^ "NVD - CVE-2019-13474".
  17. ^ Flaw in PayPal Authentication Process Allows Access to Blocked Accounts
  18. ^ Savings, Security, and ATM: The hacker with the current map - Handelsblatt.com
  19. ^ Command line access: Vulnerability in ATMs of the Sparkasse Bank
  20. ^ "BMWS ConnectedDrive ist löchrig". 9 July 2016.
  21. ^ "Zero-Day Flaw Affects BMW's ConnectedDrive Web Portal". 8 July 2016.
  22. ^ "Security".
  23. ^ "Wickr Inc - when honesty disappears behind the VCP Mountain | Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research".
  24. ^ https://www.wickr.com/about-us/blog/2016/11/01/to-peace-love-and-managing-a-bug-bounty [permanent dead link]
  25. ^ "Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards". 31 October 2016.