Why nominated: Erez Yalon’s he has put his talents and tools he had previously developed as an independent security researcher to work at Checkmarx to help find vulnerabilities at wide range of websites. This includes Tinder where he found security flaws could have allowed an attacker to monitor a user’s interaction with the app and for discovering the widely publicized vulnerabilities in Alexa that would have allowed an attacker to use the device to spy on unsuspecting consumers.
Profile: The past year has seen Yalon lead his team through a series of investigations on devices and services that uncovered a number of vulnerabilities that could have impacted millions of people. This included potential issues with industrial control systems through what it called NFCdrip, basically a way sensitive data could be exfiltrated from airgapped systems through Near Field Communication technology as the team demonstrated that NFC transmitters on Android phones could be used to access sensitive data at distances much greater than the previously thought. Yalon’s team also looked at the AEG Smart Scale and found the Bluetooth-enabled smart scale to determine if it could be exploited by hackers; Lenovo’s Smart Watch which the team found to have several flaws that would allow an attacker to: pinpoint users’ locations, engage in sniffing, execute man- in- the-middle attacks, take over user accounts, initiate a Bluetooth pairing with unwilling users, spoof calls to the watch, and set alarms; and found vulnerabilities in the Garmin and TomTom GPS apps
What colleagues say: “I worked closely with Erez for almost three years at Checkmarx. Erez is one of the most professional, proactive, results driven, people’s person I have ever got to work with. Erez grew a small team of 2 application security experts into managing one of the company’s leading and strongest groups focusing on security research, both inbound and outbound. I’ve personally learned a lot from Erez and I would definitely recommend him and hopefully will get a chance to work with him again.” Boris Kacevich, Product Manager at Microsoft