Kudelski Security's Principal Engineer to Speak on Hunting for Signal Vulnerabilities at INFILTRATE 2017

CHESEAUX-SUR-LAUSANNE, Switzerland and PHOENIX, April  5th , 2017Kudelski Security, the cybersecurity division within the Kudelski Group(SIX:KUD.S) and trusted innovator for the world’s most security-conscious organizations, today announced its Principal Research Engineer, Jean-Philippe Aumasson, will speak at INFILTRATE 2017, a conference focused entirely on offensive security issues. Aumasson will join independent Security Researcher, Markus Vervier, in a presentation titled “Hunting for Vulnerabilities in Signal,” slated to take place Friday, April 7 at Fontainebleau Hotel in Miami.  


What: The presentation will focus on Signal, one of the most trusted secure messaging and secure voice applications. While the app employs strong cryptography and has solid system architecture, vulnerabilities have been discovered in its code base (later addressed by Open Whisper System, which maintains Signal)

Aumasson and Vervier will detail vulnerabilities discovered in the Signal Android client, the underlying Java libsigna library, as well as an example usage of the C libsignal library. Demos will illustrate how these can be used to crash Signal remotely, bypass the MAC authentication for certain attached files, as well as to trigger memory corruption bugs. Also to be discussed is the general architecture of Signal, its attack surface, tools for analysis, along with the general threat model for secure mobile communication apps.

More information about the session may be found here.


Who:   Aumasson is principal research engineer at Kudelski Security in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash. Aumasson also initiated the Crypto Coding Standard and Password Hashing Competition that developed the Argon2 algorithm. He has been a speaker at Black Hat, DEFCON, RSA, CCC, SyScan and Troopers on topics such as applied cryptography, quantum computing and platform security. He is the author of “The Hash Function BLAKE” and is currently writing a second book on cryptography due out later this year.

Vervier is a highly regarded independent security researcher based in Germany. During the past 15 years he has gained professional experience in offensive IT security as a penetration tester and security consultant. He actively conducts security research and is responsible for the discovery of high profile vulnerabilities such as libotr heap overwrite.


When:  4:00 pm ET, Friday, April 7, 2017


Where:  Fontainebleau Hotel, Miami


          Media and analysts interested in meeting with Aumasson or Kudelski executives at the show should contact [email protected].





About Kudelski Security

Kudelski Security is the premier advisor and cybersecurity innovator for today’s most security-conscious organizations. Our long-term approach to client partnerships enables us to continuously evaluate their security posture to recommend solutions that reduce business risk, maintain compliance and increase overall security effectiveness. With clients that include Fortune 500 enterprises and government organizations in Europe and across the United States, we address the most complex environments through an unparalleled set of solution capabilities including consulting, technology, managed security services and custom innovation. For more information, visit www.kudelskisecurity.com.


Media Contact:

John Van Blaricum

Vice President, Global Marketing

Kudelski Security


[email protected]