Kudelski Security’s Principal Engineer to Speak on Hunting for Signal Vulnerabilities at INFILTRATE 2017
Noted Principal Research Engineer and Independent Security Researcher to Conduct Joint
Presentation and Demos on Vulnerabilities of Popular Secure Messaging and Voice App
CHESEAUX-SUR-LAUSANNE, Switzerland and PHOENIX, April 5 , 2017 – Kudelski Security, the
cybersecurity division within the Kudelski Group(SIX:KUD.S) and trusted innovator for the world’s most
security-conscious organizations, today announced its Principal Research Engineer, Jean-Philippe
Aumasson, will speak at INFILTRATE 2017, a conference focused entirely on offensive security issues.
Aumasson will join independent Security Researcher, Markus Vervier, in a presentation titled “Hunting for
Vulnerabilities in Signal,” slated to take place Friday, April 7 at Fontainebleau Hotel in Miami.
What: The presentation will focus on Signal, one of the most trusted secure messaging and secure
voice applications. While the app employs strong cryptography and has solid system architecture,
vulnerabilities have been discovered in its code base (later addressed by Open Whisper System,
which maintains Signal).
Aumasson and Vervier will detail vulnerabilities discovered in the Signal Android client, the
underlying Java libsigna library, as well as an example usage of the C libsignal library. Demos will
illustrate how these can be used to crash Signal remotely, bypass the MAC authentication for
certain attached files, as well as to trigger memory corruption bugs. Also to be discussed is the
general architecture of Signal, its attack surface, tools for analysis, along with the general threat
model for secure mobile communication apps.
More information about the session may be found here.
Who: Aumasson is principal research engineer at Kudelski Security in Switzerland. He designed the
popular cryptographic functions BLAKE2 and SipHash. Aumasson also initiated the Crypto
Coding Standard and Password Hashing Competition that developed the Argon2 algorithm. He
has been a speaker at Black Hat, DEFCON, RSA, CCC, SyScan and Troopers on topics such as
applied cryptography, quantum computing and platform security. He is the author of “The Hash
Function BLAKE” and is currently writing a second book on cryptography due out later this year.
Vervier is a highly regarded independent security researcher based in Germany. During the past
15 years he has gained professional experience in offensive IT security as a penetration tester
and security consultant. He actively conducts security research and is responsible for the
discovery of high profile vulnerabilities such as libotr heap overwrite.
When: 4:00 pm ET, Friday, April 7, 2017
Where: Fontainebleau Hotel, Miami
Media and analysts interested in meeting with Aumasson or Kudelski executives at the show should
contact [email protected].
About Kudelski Security
Kudelski Security is the premier advisor and cybersecurity innovator for today’s most security-conscious
organizations. Our long-term approach to client partnerships enables us to continuously evaluate their
security posture to recommend solutions that reduce business risk, maintain compliance and increase
overall security effectiveness. With clients that include Fortune 500 enterprises and government
organizations in Europe and across the United States, we address the most complex environments
through an unparalleled set of solution capabilities including consulting, technology, managed security
services and custom innovation. For more information, visit www.kudelskisecurity.com.
Media Contact:
John Van Blaricum
Vice President, Global Marketing
Kudelski Security
1.650.966.4320
[email protected]