Benjamin Kunz Mejri

Benjamin Kunz Mejri (2017)

Benjamin Kunz Mejri (born May 6, 1983 ) is a German IT security specialist and penetration tester . His research areas include security gaps in computer systems, bug bounties , the security of e-payment payment services and the protection of privacy . Mejri is known for discovering new security vulnerabilities and making them public.

Life

Kunz Mejri grew up in the city of Kassel in Hesse . From 2003 to 2005 he attended the technical college in Kassel specializing in business informatics . In 2005, at CeBIT in Hanover, he and the company F-Secure published an article about an SSL zero-day security gap in the Mozilla Firefox browser engine for the first time .

In 2005 Kunz Mejri opened the first laboratory as a portal for researchers to record bug bounty vulnerabilities. The public vulnerability laboratory has over 1,000 active researchers from around the world and lists over 2,000 specially reported security gaps with the technical details. In addition, the laboratory has documents, videos and analyzes from the IT security area with regard to security gaps. Vulnerability Laboratory is the first internationally registered vulnerability portal for independent researchers in the field of IT security.

Kunz Mejri started the company Evolution Security in 2010 with the developer Pim Campers from the Netherlands. The company is known for manual security checks and the detection of backdoors in operating systems, hardware or software. In 2014 the company changed its legal form and officially became a GmbH based in the technology center in Kassel-Wilhelmshöhe .

Published security vulnerabilities

Airport security in Munich, Cologne / Bonn and Düsseldorf

In 2012, Kunz Mejri reported several critical security gaps in the infrastructure of German airports. The security gaps made it possible to read out the SQL database entries from the airports in Düsseldorf , Cologne / Bonn and Munich . Affiliated airlines such as B. the German Lufthansa or Air Berlin . After the publication of two security gaps in airport service pages, the digital security architecture of the companies concerned changed permanently.

Microsoft and Skype account system

In 2012, Kunz Mejri published four critical security holes in Microsoft via Skype that allowed any Hotmail , Live , Xbox and Skype account to be accessed without permission. His analysis with security articles was incorporated into the production of the new account systems and sustainably improved the infrastructure of Microsoft's logins.

In February 2013, Mejri reported a critical security vulnerability in the validation of Microsoft's official SharePoint Cloud web application. At the beginning of September 2013, the security company Symantec and the SANS Institute investigated the newly proven security gap in Sharepoint. In the same year, Mejri submitted 16 confirmed security vulnerabilities in the Office 365 cloud software to the Microsoft Security Response Center. By the end of 2013, all reported security vulnerabilities had been closed by Microsoft's development and security department.

At the end of July 2017, Mejri published a security vulnerability in Skype that was classified as critical in cooperation with the Microsoft Security Response Center. A buffer overflow when transferring the clipboard with the Remote Desktop Protocol (RDP) made it possible for attackers to exploit the security gap from a distance. The Skype Windows software versions 7.2, 7.35 & 7.36 were affected.

Barracuda Networks Infrastructure

In 2013, Kunz Mejri also published over 40 vulnerabilities in the Barracuda Networks firewall and other products. All security gaps were reliably closed by the manufacturer over the course of the year. The documents handed out were processed by the company's development team and Dave Farrow for future processes. From 2013 to 2014 Kunz Mejri had a permanent influence on the security of the Barracuda Networks product series.

Apple iOS passcode

In 2014, Kunz Mejri published a new type of security hole in iOS V6 for the first time, which made it possible to bypass the passcode security function. The vulnerability was found in the emergency call function and allowed access to the device without entering a pin. Shortly thereafter, in the same year, Mejri developed an exploit that put iOS devices of version V6.x into a so-called "black screen mode" and thus allowed access to the internal memory. After the vulnerability was published, the number of emergency calls increased by 17% due to the abusive exploitation of the vulnerability in the international area. The vulnerability was closed by Apple a month after it was released.

In 2015, Mejri then presented in a public video how to break the latest SIM lock on an iOS V7.x device in order to use the device without permission. Approx. 14 days after the security hole was published, the Apple Product Security Team fixed it with a new release.

In March 2016, Mejri published another vulnerability in Apple's Siri . Siri made it possible to break the device lock without a passcode or fingerprint through another, unlimited function. On the same day, Apple released a hotfix that redirected Siri's API calls to temporarily close the security problem.

From August to September 2016, Mejri reported and published 4 different vulnerabilities in the area of rights extension for iPads & iPhones with iOS V9.x.

In November 2016, Mejri published several critical vulnerabilities in iOS V10.1.1. The first reported vulnerability in November 2016 was in the function for messages from locked iPad / iPhone devices. Due to a bug in connection with the voice-over function, local attackers were able to bypass the passcode security function permanently in order to access sensitive device data. The second vulnerability from the release in December 2016 allowed attackers to bypass the activated theft protection of iOS devices. The vulnerability could be exploited by a locally caused buffer overflow in connection with an application crash.

NASA Orion Mission

On December 4, 2014, Kunz Mejri published a security vulnerability in the boarding pass application of the Orion mission of the American space agency NASA . The vulnerability was reported to the Department of Defense's CERT team on November 25, 2014 . The boarding pass information for the application was later written using electron beam lithography on a silicon microchip prototype that took off on board the space shuttle on December 4th. One of the researcher's test exploit payloads was not deleted by NASA and transferred to the isolated microchip. Mejri's exploit payload spent four hours and 24 minutes in two elliptical orbits around the earth with an apogee (peak) of 5800 kilometers after the rocket was launched. An investigation by NASA with a team of eleven confirmed that one of the payloads stored in the boarding pass was accidentally written to the silicon microchip. Since the microchip was isolated, however, there was no danger to the technology or the spacecraft itself. NASA provided Mejri with a specially prepared image for a few days, with a joke entry by Mejri in NASA's no-fly list.

PayPal Inc & JP Morgan

From 2011 to 2016, Kunz Mejri worked on improving security in PayPal as well as JP Morgan and eBay Inc. By 2016, Kunz Mejri published over 120 security vulnerabilities in the PayPal web infrastructure. He was the first German to successfully take part in PayPal's official bug bounty program. In 2013, the security researcher reported several SQL injection vulnerabilities in PayPal's BillSafe service provider. In 2014, Kunz Mejri found a security flaw with the help of the mobile API from the PayPal iOS app that allowed him to access any PayPal account.

Wincor Nixdorf - Sparkasse ATMs and self-service terminals

In 2015, Kunz Mejri published a security vulnerability as a report in self-service terminals and ATMs from Wincor Nixdorf . The ATMs were used by the Sparkasse throughout Germany. With the help of a key combination, Mejri was able to make an update console of the administrator visible, which gave insight into sensitive data. Wincor Nixdorf has permanently fixed the vulnerability.

BMW AG & ConnectedDrive

In January 2016, Kunz Mejri published two security holes in the BMW ConnectedDrive applications for mobile phones. Applications for Apple's iOS and Google's Android were affected. The first security vulnerability allows the browser cookie information to be read out when logging in and resetting user passwords. The vulnerability allowed the login function to be bypassed by manipulating the `token` parameter. The second reported security gap was classified as critical by BMW and allowed attackers to gain unauthorized access to the infotainment system of affected BMW vehicles. The vulnerability could be exploited through a faulty security check of the VIN (Vehicle Identification Number) in the Service Portal. In September, both weaknesses were fixed by the BMW security department as part of a security check.

Wickr Inc

In January 2017, the company Wickr (encrypted instant messaging service) presented Kunz Mejri with a higher price for the first time in the official Bug Bounty program for the research carried out in the field of IT security. As his first research results with vulnerabilities from 2014 could not be answered by Wickr Inc, some of the information was published by him in 2016. Wickr Inc's Vice President of Engineering Christopher Howell responded with an internal review. After the exam, Howell rewarded the security researcher for identifying and documenting the vulnerabilities.

Trivia

In 2014, a large part of Kunz Mejri's story as a computer hacker on the German scene was published in a Hollywood film entitled Who Am I - No System Is Safe . The main character "Benjamin" was played by the actor Tom Schilling . In 2015 the film won six awards, including the international film award for “Best International Film” and the Bambi Award .

In 2017, Mejri gave lectures at the 3rd Cyber Awareness event in the Bundeswehr Education Center in Mannheim and at the Internet Security Conference in Beijing China.

In 2018, 2019 and 2020 Mejri was seen several times on German television in interviews and documentaries with a focus on information security.

Web links

Commons : Benjamin Kunz Mejri - Collection of images, videos and audio files

Cross Site Scripting - Documentation, Analysis & Techniques (PDF file)
Computer Viruses - Types, Processes, Technology & History (PDF file)
Mobile Application Security - Main Issues & Vulnerabilities (PDF file)

Individual evidence

↑ VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Bug Bounty Programs, Vulnerability Coordination and Bug Bounty Platform - HELP PAGE .
^ Dusseldorf airport closes security holes - The H Security: News and Features .
^ Eduard Kovacs: Skype 0-Day Vulnerability Allowed Hackers to Change the Password of Any Account - Video .
↑ heise online: Hotmail hacking for 20 US dollars .
↑ vulnerability ( Memento from 1 November 2015, Internet Archive )
↑ Microsoft Security Bulletin MS13-067 - Critical .
↑ Charlie Osborne: Zero-day Skype flaw causes crashes, remote code execution | ZDNet . In: ZDNet . ( zdnet.com [accessed July 18, 2017]).
↑ John Leyden 27 Jun 2017 at 12:26 tweet_btn (): Make sure your Skype is up to date because FYI there's a nasty hole in it. Retrieved July 18, 2017 .
↑ Critical security hole in Skype . In: computerbild.de . ( computerbild.de [accessed on July 18, 2017]).
↑ Knowledgebase - Answers to the Most Common Questions We Receive | Barracuda Networks .
↑ Passcode Bypass Bugs Trouble iOS 9.1 and Later .
↑ Lee Mathews: Researchers Break Apple's iPhone And iPad Activation Lock . In: Forbes . ( forbes.com [accessed December 20, 2016]).
↑ Security researchers crack activation lock on iPhone and iPad | ZDNet.de . In: ZDNet.de . December 5, 2016 ( zdnet.de [accessed December 20, 2016]).
↑ Darren Pauli 8 Dec 2014 at 8:28 am: Orion hacker sends stowaway into SPAAAAACE .
↑ Ionut Ilascu: Flaw in PayPal Authentication Process Allows Access to Blocked Accounts .
↑ Savings banks, security and ATMs: the hacker with the giro card .
↑ heise online: Command line access: Security gap in the Sparkasse ATMs .
↑ heise online: BMW's ConnectedDrive is full of holes .
↑ Wickr Security | Your conversations and data are private by design .
↑ Wickr Inc - When honesty Disappears behind the VCP Mountain. October 27, 2016, accessed on July 17, 2019 .
↑ Wickr | Bug Bounty Program .
↑ Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards | SecurityWeek.Com .
↑ Hackers' opinions toward cyber security issue. September 14, 2017, accessed July 17, 2019 .
↑ Hospitals targeted by hackers. September 9, 2018, accessed July 17, 2019 .
↑ Cyber attack on the power grid. June 21, 2019, accessed July 17, 2019 .
↑ Blackout - attack on our power grid. June 16, 2019, accessed July 17, 2019 .
↑ Fight cyber crime: Goddess of wisdom "Athene" against hackers. Retrieved January 12, 2020 .
↑ Sabina Wolf: The dangerous business with IT security gaps. In: Das Erste - ARD. Das Erste - ARD, January 22, 2020, accessed on January 23, 2020 .

personal data
SURNAME	Kunz Mejri, Benjamin
BRIEF DESCRIPTION	German IT security expert, software developer
DATE OF BIRTH	around May 6, 1983

[1] VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Bug Bounty Programs, Vulnerability Coordination and Bug Bounty Platform - HELP PAGE .

[2] Dusseldorf airport closes security holes - The H Security: News and Features .

[3] Eduard Kovacs: Skype 0-Day Vulnerability Allowed Hackers to Change the Password of Any Account - Video .

[4] se online: Hotmail hacking for 20 US dollars .

[5] vulnerability ( Memento from 1 November 2015, Internet Archive )

[6] Microsoft Security Bulletin MS13-067 - Critical .

[7] Charlie Osborne: Zero-day Skype flaw causes crashes, remote code execution | ZDNet . In: ZDNet . ( zdnet.com [accessed July 18, 2017]).

[8] John Leyden 27 Jun 2017 at 12:26 tweet_btn (): Make sure your Skype is up to date because FYI there's a nasty hole in it. Retrieved July 18, 2017 .

[9] Critical security hole in Skype . In: computerbild.de . ( computerbild.de [accessed on July 18, 2017]).

[10] Knowledgebase - Answers to the Most Common Questions We Receive | Barracuda Networks .

[11] Passcode Bypass Bugs Trouble iOS 9.1 and Later .

[12] Lee Mathews: Researchers Break Apple's iPhone And iPad Activation Lock . In: Forbes . ( forbes.com [accessed December 20, 2016]).

[13] Security researchers crack activation lock on iPhone and iPad | ZDNet.de . In: ZDNet.de . December 5, 2016 ( zdnet.de [accessed December 20, 2016]).

[14] Darren Pauli 8 Dec 2014 at 8:28 am: Orion hacker sends stowaway into SPAAAAACE .

[15] Ionut Ilascu: Flaw in PayPal Authentication Process Allows Access to Blocked Accounts .

[16] Savings banks, security and ATMs: the hacker with the giro card .

[17] se online: Command line access: Security gap in the Sparkasse ATMs .

[18] se online: BMW's ConnectedDrive is full of holes .

[19] Wickr Security | Your conversations and data are private by design .

[20] Wickr Inc - When honesty Disappears behind the VCP Mountain. October 27, 2016, accessed on July 17, 2019 .

[21] Wickr | Bug Bounty Program .

[22] Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards | SecurityWeek.Com .

[23] Hackers' opinions toward cyber security issue. September 14, 2017, accessed July 17, 2019 .

[24] Hospitals targeted by hackers. September 9, 2018, accessed July 17, 2019 .

[25] Cyber attack on the power grid. June 21, 2019, accessed July 17, 2019 .

[26] Blackout - attack on our power grid. June 16, 2019, accessed July 17, 2019 .

[27] Fight cyber crime: Goddess of wisdom "Athene" against hackers. Retrieved January 12, 2020 .

[28] Sabina Wolf: The dangerous business with IT security gaps. In: Das Erste - ARD. Das Erste - ARD, January 22, 2020, accessed on January 23, 2020 .