Why nominated: Erez Yalon’s he has put his talents and tools he had previously developed as an independent security researcher to work at Checkmarx to help find vulnerabilities at wide range of websites. This includes Tinder where he found security flaws could have allowed an attacker to monitor a user’s interaction with the app and for discovering the widely publicized vulnerabilities in Alexa that would have allowed an attacker to use the device to spy on unsuspecting consumers.
Profile: The past year has seen Yalon lead his team through a series of investigations on devices and services that uncovered a number of vulnerabilities that could have impacted millions of people. This included potential issues with industrial control systems through what it called NFCdrip, basically a way sensitive data could be exfiltrated from airgapped systems through Near Field Communication technology as the team demonstrated that NFC transmitters on Android phones could be used to access sensitive data at distances much greater than the previously thought. Yalon’s team also looked at the AEG Smart Scale and found the Bluetooth-enabled smart scale to determine if it could be exploited by hackers; Lenovo’s Smart Watch which the team found to have several flaws that would allow an attacker to: pinpoint users’ locations, engage in sniffing, execute man- in- the-middle attacks, take over user accounts, initiate a Bluetooth pairing with unwilling users, spoof calls to the watch, and set alarms; and found vulnerabilities in the Garmin and TomTom GPS apps
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.