Erez Yalon
Head of Security Research
Checkmarx

Why nominated: Erez Yalon’s he has put his talents and tools he had previously developed as an independent security researcher to work at Checkmarx to help find vulnerabilities at wide range of websites. This includes Tinder where he found security flaws could have allowed an attacker to monitor a user’s interaction with the app and for discovering the widely publicized vulnerabilities in Alexa that would have allowed an attacker to use the device to spy on unsuspecting consumers.

Profile: The past year has seen Yalon lead his team through a series of investigations on devices and services that uncovered a number of vulnerabilities that could have impacted millions of people. This included potential issues with industrial control systems through what it called NFCdrip, basically a way sensitive data could be exfiltrated from airgapped systems through Near Field Communication technology as the team demonstrated that NFC transmitters on Android phones could be used to access sensitive data at distances much greater than the previously thought. Yalon’s team also looked at the AEG Smart Scale and found the Bluetooth-enabled smart scale to determine if it could be exploited by hackers; Lenovo’s Smart Watch which the team found to have several flaws that would allow an attacker to: pinpoint users’ locations, engage in sniffing, execute man- in- the-middle attacks, take over user accounts, initiate a Bluetooth pairing with unwilling users, spoof calls to the watch, and set alarms; and found vulnerabilities in the Garmin and TomTom GPS apps

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.