Reboot 2016: Threat Seekers
Reboot 2016: Threat Seekers

We honor a dozen digital detectives whose determined investigations warned of risks and led to patched flaws in 2016.

Andrew W. Appel, Princeton University and J. Alex Halderman, University of Michigan. Research conducted by Appel and Halderman was instrumental in informing discussions around the risk of election hacking. Their work was discussed during a Congressional hearing in September and fueled a dispute between state officials and Congress over the security of election systems.

Alexandru Ariciu, ICS security consultant at Applied Risk B.V, helped find flaws in industrial control systems. Specifically, in the MOXA E1242 Ethernet remote I/O series used in factory automation, range from code injection in the web application to weak password policies and implementation.

Researchers at Carnegie Mellon were allegedly behind an attack on the Tor browser which exploited a vulnerability in the browser's software to find the true IP addresses of some users to identify cybercriminals for the Department of Defense. The Tor Project claims CMU was paid $1 million by the FBI to crack the anonymity component of the browser. However, the claims were never substantiated. 

Laura Deaner, chief information security officer at S&P Global. The Dartmouth graduate was named to her current position in June. She is part of the S&P team that in July was awarded two gold Omni Awards for instituting a web-based training initiative to deliver core messages in a measurable and trackable way.

Check Point Software Technologies research team: Senior Security Researcher Adam Donenfeld, Mobile Security Research and Dynamic Analysis Team Leader Avi Bashan and Mobile Solutions Director Pavel Berengoltz

Security researchers from Check Point Software Technologies discovered a set of four vulnerabilities in Qualcomm chipset software drivers, dubbed “QuadRooter,” that affected up to 900 million devices running Android Marshmallow. By themselves, any one of the four flaws could have allowed an attacker to trigger a privilege escalation and gain root access by crafting malware and sending it to a potential victim or delivering it through a malicious app. Upon obtaining root access, bad actors could have taken full control of an affected device, extracting personal and enterprise data or perhaps manipulating the camera and microphone. Beginning in April, Qualcomm began issuing patches, which Android device manufacturers subsequently rolled out to their customers over the ensuing months.

Troy Hunt, creator of the Have I been pwned? breach notification service, has researched and confirmed some of the biggest security breaches of the past year, including Dropbox's breach of 65 million login credentials, the leak of personal data belonging to Red Cross Blood Service blood donors in Australia, and Capgemini's accidental leak of a Michael Page job applicant database. He and security researcher Scott Helme hacked the Nissan Leaf vehicle features using the NissanConnect EV App, prompting the automaker to disable the smartphone app's functionality last February.

For the first time ever, Keen Security Lab researchers were able to crack into Tesla's CAN Bus to achieve remote control of the electric car. The researchers spotted and exploited several vulnerabilities within the vehicle's firmware which allowed them to open the sunroof, turn on the blinkers, move the seat, hack into the center counsel display screen and dashboard display, open doors without a key, control windshield wipers, fold side mirrors, open the trunk, and engage the braking system.

Lookout research team: Staff Security Researchers Max Bazaliy, Andrew Blaich, Kristy Edwards, Michael Flossman and Seth Hardy, and VP of Security Research Mike Murray; The Citizen Lab research team: Senior Fellows Bill Marczak and John Scott-Railton. Researchers from Lookout and The Citizen Lab this past August blew the lid off of a clandestine and sophisticated spyware operation that infected victims by exploiting a trio of Apple iOS vulnerabilities, collectively dubbed Trident, which allowed attackers to essentially jailbreak mobile devices and install surveillance software. The spyware was found to leverage Pegasus – a remote monitoring program developed by the Israeli-based “cyber war” firm NSO Group for exclusive use by governments (including oppressive regimes seeking to silence dissidents and activists, according to The Citizen Lab). On Sept. 1, Apple released security updates for Mac OS X and Desktop Safari to patch the vulnerabilities.

Tavis Ormandy, vulnerability researcher, Google Project Zero. As a researcher for Google's Project Zero security team, Tavis Ormandy has disclosed critical flaws in multiple antivirus suites and many other products. His research over the past year prompted anti-virus firm to patch critical vulnerabilities in Trend Micro (on multiple occasions), Symantec, and Malwarebytes products. He uncovered critical flaws in other products, including Fitbit's internet-connected scale and the password manager LastPass.

Chris Vickery, a security researcher at MacKeeper, found a database with personal information on 154 million American citizens. On contacting the host of the IP address, the purportedly "hacked" database was taken offline within three hours.

As part of a bug bounty program offered by United Airlines, Jordan Wiens, a Florida-based security researcher, was rewarded with a million free air miles after he reported a remote-code execution flaw in the airline's website