Mathy Vanhoef
Prof. @KU_Leuven | Research in Network & Software Security | Known for WPA2 KRACK attack, Dragonblood, and FragAttacks | Open to consultancy | Ex-Postdoc NYU
- Reposted by Mathy Vanhoef[This post could not be retrieved]
- Reposted by Mathy VanhoefThe US government is considering punishing American scientists who worked with Chinese researchers *years ago, retroactively*.
- I've found AI tools to be quite useful too look for related work. And apparently so do others, searching Google Scholar for "utm_source=chatgpt.com" gives 13,900+ hits ;) scholar.google.com/scholar?star...
- Russia is blocking mobile phones being brought back into the country from abroad for 24 hours, in an attempt to mitigate drone attacks. Seems like this can probably be bypassed using relay "worm hole" attacks, though it adds some complexity. novayagazeta.eu/articles/202...
- Reposted by Mathy Vanhoefwoo! $10 MM USD in grants from ICANN... amazing. And great grantees here! "ICANN Announces First Cohort of Grant Program Recipients" www.icann.org/en/announcem...
- Reposted by Mathy VanhoefLast chance to (self-) nominate for USENIX Security'26 Artifact Evaluation Committee! You should expect a low load of ~1 artifact for functionality/reproducibility assessments per cycle (max 3 for the whole year). Please support Open Science and fill the form by Oct 17: forms.gle/WoYRX4govNY1... 🚀
- Reposted by Mathy VanhoefI have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: mjg59.dreamwidth.org/73317.html
- Reposted by Mathy VanhoefThe West has a blindspot when it comes to alternative CPU designs. We’re so entrenched in the usual x86, ARM, RISC-V world, that most people have no idea what’s happening over in China. LoongArch is a fully independent ISA that’s sorta MIPS…sorta RISC-V…and sorta x87!
- At USENIX Security? Then check out: Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u... Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u... Big thanks to all co-authors!!
- Reposted by Mathy VanhoefI'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!
- Reposted by Mathy VanhoefBreaking: NSF is suspending roughly 300 grants with UCLA, following a DOJ finding on Tuesday that the university violated Title VI by "creating a hostile educational environment for Jewish and Israeli students."
- Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tun... Paper: papers.mathyvanhoef.com/usenix2025-t...
- Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
- Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..
- Reposted by Mathy VanhoefAlso in Poland. It was used by Russia in 2023 to stop about 20 trains.
- Reposted by Mathy VanhoefReminder that the MSCA postdoctoral program exists. If you have a PhD and want to work in a European lab, you have until September to apply. Just contact them now. ec.europa.eu/info/funding...
- Reposted by Mathy VanhoefFinally got round to listen to this marvel of an episode on BSSID vulnerabilities. Very informative and quite shocking. Give it a listen.
- Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi arstechnica.com/tech-policy/... ==> Possibly no 6GHz for Wi-Fi 7
- Reminder to apply to be part of the artifact evaluation committee of NDSS'26! And share with your colleagues :) We'll likely close this form around the end of next week.
- All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F... You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!
- Reposted by Mathy VanhoefLee Jae-myung, the South Korean politician who climbed the fence of the parliament to get inside and vote against martial law, has been elected president. Pretty cooool
- All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F... You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!
- Reposted by Mathy VanhoefCalling researchers: EU #grantconsultancy 🚨 Have you worked with private grant consultants for EU research funding (Horizon, EIC, etc.)—Have you had positive or negative experiences? 📩 Share your story: kaspernollet@gmail.com / thordeyaert@hotmail.be (@thordeyaert.bsky.social) 🔁 RT appreciated!
- Reposted by Mathy VanhoefHaven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!
- New version of the IEEE 802.11 standard that underpins Wi-Fi was has been released. A total of 5969 pages! The number of pages clearly keeps increasing. That includes more features to defend networks, but also more features to potentially abuse 👀
- Reposted by Mathy VanhoefIn two weeks, @vanhoefm.bsky.social , professor at DistriNet at KU Leuven, takes the stage for our next #DistinguishedLecture. He will present current strategies to strengthen Wi-Fi #security based on recent attacks on networks and previously detected design flaws. All information: buff.ly/gslCMCB
- Reposted by Mathy VanhoefFebruary 2025 Android Security Bulletin includes a heap buffer overflow in a Linux kernel USB peripheral driver (CVE-2024-53104) marked exploited in the wild. It's likely one of the USB bugs exploited by forensic data extraction tools. We block them using these. source.android.com/docs/securit...
- Reposted by Mathy VanhoefDoes the culture you grow up in shape the way you see the world? In a new Psych Review paper, @chazfirestone.bsky.social & I tackle this centuries-old question using the Müller-Lyer illusion as a case study. Come think through one of history's mysteries with us🧵(1/13):
- Reposted by Mathy VanhoefThe PC is Dead: It’s Time to Make Computing Personal Again
- After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet. These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.
- We investigated the owners of some of these vulnerable tunneling servers. This revealed that notable domains, such as Facebook’s content delivery network (CDN) and Tencent’s cloud services were affected. The home routers of some national ISPs were also affected.
- For more info and a demol video, see the article by @simonmigliano.bsky.social at top10vpn.com/research/tun... IT admins can request access to our code to test servers (code is not yet public to prevent abuse): github.com/vanhoefm/tun... Academic paper: papers.mathyvanhoef.com/usenix2025-t...
- Reposted by Mathy Vanhoefmitmproxy 11.1 is out! 🥳 We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings. More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
- Reposted by Mathy VanhoefUsing Play Integrity API is an incredibly anti-privacy and anti-security practice despite being wrongly portrayed as a security feature. The notification will include a link for leaving a rating and review for the app via sandboxed Play Store to make it very convenient for people to send complaints.
- Reposted by Mathy Vanhoef[This post could not be retrieved]
- Reposted by Mathy Vanhoef
- Reposted by Mathy VanhoefWe updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org
- Reposted by Mathy VanhoefI don’t normally get worked up about the naming threat actors thing. But the Volt & Salt Typhoon is a disaster as it’s so hard for non-specialists to tell them apart: - Salt is Snowden style espionage by China against US - Volt is a direct 🇨🇳 military threat to degrade western infrastructure 1/2
- Reposted by Mathy VanhoefResearchers unveiled an attack that completely undermines security assurances AMD makes to customers using one of its most expensive microprocessor product lines in the cloud. BadRAM takes minutes to bypass SEV-SNP protections that warn when the VM is compromised arstechnica.com/information-...
- Wow, an adversary first compromised a neighbor of the target, and then attacked the target over Wi-Fi (with stolen password). This is the first observed case of the #AntennaForHire attack that AirEye hypothesized. Any Wi-Fi attack is now a remote attack! www.volexity.com/blog/2024/11...
- Reposted by Mathy VanhoefJust a reminder that the CFP closes in a few days. If you've got something to submit... www.shmoocon.org/call-for-pap...
- Reposted by Mathy VanhoefA different way to look at offense and defense with @hacks4pancakes.com at RSA. 🦄🥞 youtu.be/WKF2nnKo4yQ?...
- Reposted by Mathy VanhoefOur thread at bsky.app/profile/grap... was posted to spread awareness about the auto-reboot feature we've been advocating for inclusion across platforms now that iOS 18.1 shipped it at the end of October. We also wanted to address confusion based on weird police theories about it.
- Reposted by Mathy VanhoefUnath RCE in Citrix Virtual Apps and Desktops (XEN) labs.watchtowr.com/visionaries-...
- Reposted by Mathy VanhoefThe US higher education system has been a massive source of soft power for the United States. If we have the best and brightest from around the world come here to study, one of two things happen. 1) They stay, and we win the brain drain. 2) They go home, and bring democratic values with them.
- Reposted by Mathy Vanhoeffolder gotchas (in the terminal) wizardzines.com/comics/folde...
- Reposted by Mathy VanhoefThis awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!
- Reposted by Mathy VanhoefThe Dutch Electoral Council (Kiesraad) had development/deployment infrastructure credentials inside the installer of their voting calculation software OSV2020. Disclosure timeline: fun and fast! 😅 www.zerocopter.com/blog-en/the-...
- New #TunnelCrack flaw can break a large majority of VPNs: we can trick a VPN into leaking traffic outside the protected VPN tunnel. Our tests indicate that this is a widespread design issue. For a demo, more details, and the USENIX Security paper, see tunnelcrack.mathyvanhoef.com
- 300+ scientists from 32 countries have signed an open letter criticizing the EU proposal for regulation to detect Child Sexual Abuse Material docs.google.com/document/d/13Aeex72… TL;DR ineffective; risk for function creep/abuse; violates human rights
- Reposted by Mathy VanhoefCase in point: there's an active Mastodon security exploit. Getting the fix rolled out everywhere (including heavily customized servers) is very difficult. And if someone does get remote code execution on all instances, the attacker can do *permanent* graph damage that backup restorations won't fix
- Reposted by Mathy VanhoefSo... we're excited to launch: Moderator Mayhem (which we've spent the last few months building, in partnership with Engine). A browser-based mobile content moderation simulator game: moderatormayhem.engine.is
- I always knew some VPN companies were shady. But seeing how they treat vulnerability disclosures makes some of them look even worse. At least there are some that treat the reports properly though and that do live up to their reputation. To be continued...
- Reposted by Mathy VanhoefMetaverse is dead and VCs and tech press can't wait to hype the next thing. This is not a place of honor. No lessons have been learned here.
