French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others. Not completely schizophrenic. Not related to USANetwork.

CVEs

CVE-2019-12087 - https://github.com/fs0c131y/SamsungLocker

CVE-2019-11341 - https://twitter.com/fs0c131y/status/1115889065285562368

CVE-2019-11340 - https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/

CVE-2019-6447 - https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

CVE-2018-20555 - https://github.com/fs0c131y/CVE-2018-20555

Press appearances

A Conversation with Elliot Alderson (Threader) - https://threader.app/the-art-of-threading/a-conversation-with-elliot-alderson

Bug in French government’s WhatsApp replacement let anyone join Élysée chats (Ars Technica) - https://arstechnica.com/information-technology/2019/04/french-governments-secure-chat-app-left-door-open-to-outsiders/

Security flaw in French government messaging app exposed confidential conversations (Techcrunch) - https://techcrunch.com/2019/04/19/security-flaw-in-french-government-messaging-app-exposed-confidential-conversations

Un chercheur découvre une faille de sécurité sur Tchap, la messagerie sécurisée réservée aux services de l'Etat (franceinfo) - https://www.francetvinfo.fr/internet/un-chercheur-decouvre-une-faille-de-securite-sur-tchap-la-messagerie-securisee-du-gouvernement-et-de-l-elysee_3406071.html

French Government's 'Secure' WhatsApp Replacement Hacked In Just 90 Minutes (Forbes) - https://www.forbes.com/sites/daveywinder/2019/04/20/french-governments-secure-whatsapp-replacement-hacked-in-just-90-minutes/

Comment une nébuleuse LREM instrumentalise les réseaux sociaux (Mediapart) - https://www.mediapart.fr/journal/france/090419/comment-une-nebuleuse-lrem-instrumentalise-les-reseaux-sociaux

Major Aadhaar data leak plugged: French security researcher (The Hindu) - https://www.thehindu.com/sci-tech/technology/major-aadhaar-data-leak-plugged-french-security-researcher/article26584981.ece

Pro-Trump app threatens expert for finding flaw in code (Fox News) - https://www.foxnews.com/tech/pro-trump-app-threatens-expert-for-finding-flaw-in-code

'Yelp for conservatives' MAGA app leaks users data (ZDNet) - https://www.zdnet.com/article/yelp-for-conservatives-maga-app-leaks-users-data

A French security expert reveals how trolls backing the BJP and Congress fuelled #BoycottSurfExcel (Quartz) - https://qz.com/india/1572073/did-bjp-congress-trolls-fuel-boycottsurfexcel-on-twitter-india

Twitter Test Reveals BJP’s Troll Army Pushed #BoycottSurfExcel (The Quint) - https://www.thequint.com/elections/social-dangal/twitter-test-reveals-bjps-troll-army-pushed-boycottsurfexcel

An Indian oil company left the biometric ID numbers of 6.7 million customers accessible on Google (Vice News) - https://news.vice.com/en_us/article/kzdgzz/biometric-id-numbers-india-aadhaar

India’s state gas company leaks millions of Aadhaar numbers (Techcrunch) - https://techcrunch.com/2019/02/18/aadhaar-indane-leak/

Aadhaar Leak On Indane Website Exposed Details of Millions Of Customers (HuffPost India) - https://www.huffingtonpost.in/entry/aadhaar-leak-on-indane-website-exposes-details-of-millions-of-customers-report_in_5c6b8761e4b0b9cc78ffb254

Indian state government leaks thousands of Aadhaar numbers (Techcrunch) - https://techcrunch.com/2019/01/31/aadhaar-data-leak/

Une application populaire auprès des «gilets jaunes» victime d'une faille de sécurité (Le Figaro) - http://www.lefigaro.fr/secteur/high-tech/2019/01/23/32001-20190123ARTFIG00149-une-application-populaire-aupres-des-gilets-jaunes-victime-d-une-faille-de-securite.php

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts (Techcrunch) - https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/

ES File Explorer : un célèbre explorateur de fichiers pour Android met en péril le contenu du smartphone (Numerama) - https://www.numerama.com/tech/456076-es-file-explorer-un-celebre-explorateur-de-fichiers-pour-android-met-en-peril-le-contenu-du-smartphone.html

ES File Explorer Flaws Put 100 Million Users' Data at Risk, Fix Promised (BleepingComputer) - https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/

Researcher shows how popular app ES File Explorer exposes Android device data (Techcrunch) - https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/

Researchers downplay role of fake news and bots in France’s Yellow Vest protests (VentureBeat) - https://venturebeat.com/2018/12/26/researchers-downplay-role-of-fake-news-and-bots-in-frances-yellow-vest-protests/

The co-opting of French unrest to spread disinformation (Wired) - https://www.wired.com/story/co-opting-french-unrest-spread-disinformation/

Gilets jaunes : soupçons d’ingérence en réseaux (Libération) - https://www.liberation.fr/france/2018/12/09/gilets-jaunes-soupcons-d-ingerence-en-reseaux_1697012

« Gilets jaunes » : soupçons de manipulation sur les réseaux sociaux (Le Monde) - https://www.lemonde.fr/pixels/article/2018/12/09/gilets-jaunes-soupcons-de-manipulation-sur-les-reseaux-sociaux_5394890_4408996.html

Donald Daters, a dating app for Trump supporters, leaked its users’ data (Techcrunch) - https://techcrunch.com/2018/10/15/donald-daters-a-dating-app-for-trump-supporters-leaked-its-users-data/

'Donald Daters' the New Dating App for Trump Supporters Leaked Its Users' Data on Launch Day (Time) - http://time.com/5426460/donald-daters-app-leak/

A strange phone number crept into Indian contact lists, and no one knew why (The Verge) - https://www.theverge.com/2018/8/3/17648738/india-phone-number-unknown-privacy-data-contacts-uidai

Hacker Steals Customers' Text Messages from Android Spyware Company (Motherboard) - https://motherboard.vice.com/en_us/article/qvm44m/hacker-steals-text-messages-android-spyware-company-spyhuman

Terri, Regina, Pearl : d’où viennent ces « bots » pornographiques qui envahissent Twitter ? (Le Monde) - https://www.lemonde.fr/pixels/article/2018/02/22/terri-regina-pearl-d-ou-viennent-ces-bots-pornographiques-qui-envahissent-twitter_5260996_4408996.html

TRAI chief shares Aadhaar number on Twitter with a dare, personal details leaked (India Today) - https://www.indiatoday.in/india/story/twitterati-respond-to-trai-chief-s-aadhaar-dare-1299213-2018-07-29

India PM Modi app sparks social media furore (BBC News) - https://www.bbc.com/news/world-asia-india-43538178

Baba Ramdev: India guru's 'WhatsApp killer' app mocked over flaws (BBC News) - https://www.bbc.com/news/world-asia-india-44326816

Protection des données : «Ce n’est pas en arrêtant les chercheurs que l’on va sécuriser les sites» (Libération) - https://www.liberation.fr/planete/2018/03/29/protection-des-donnees-ce-n-est-pas-en-arretant-les-chercheurs-que-l-on-va-securiser-les-sites_1639884

Security researcher reported vulnerability on India Post server (Medianama) - https://www.medianama.com/2018/03/223-security-researcher-reported-vulnerability-on-india-post-server

French tech wizard hacked BSNL database of 47,000 staff (The Times of India) - https://timesofindia.indiatimes.com/city/hyderabad/french-tech-wizard-hacked-bsnl-database-of-47000-staff/articleshow/63164435.cms

Sécurité : la série noire des smartphones Wiko continue (01net) - https://www.01net.com/actualites/securite-la-serie-noire-des-smartphones-wiko-continue-1314593.html

Elliot 'fs0c131y' Alderson reveals: Everyone is spying (AndroidPit) - https://www.androidpit.com/elliot-fs0c131y-alderson-interview

OnePlus Phones Were Shipped With a Hidden Backdoor (Motherboard) - https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode

OnePlus phones have an unfortunate backdoor built in (Wired) - https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/

TV appearances

India: Fake News and Agitprop (Al Jazeera) - https://www.aljazeera.com/programmes/peopleandpower/2019/04/india-fake-news-agitprop-190416054316199.html

Elliot Alderson on Aadhaar leaks, Is your Aadhaar data safe? (Mirror Now) - https://youtu.be/82X28ilEZSc

Un lanceur d'alerte français traque les sites et applications abusifs (RT France) - https://youtu.be/28NJf53apI4

Rencontre avec le hacker français qui fait trembler l’Inde (Quotidien) - https://www.tf1.fr/tmc/quotidien-avec-yann-barthes/videos/rencontre-hacker-francais-fait-trembler-l-inde.html

Blog posts

How to brick all Samsung phones - https://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea

Tchap: The super (not) secure app of the French government - https://medium.com/@fs0c131y/tchap-the-super-not-secure-app-of-the-french-government-84b31517d144

Indane leaked Aadhaar numbers: 6,700,000 Aadhaar numbers - https://medium.com/@fs0c131y/indane-leaked-aadhaar-numbers-6-700-000-aadhaar-numbers-3948135239f6

How I became a member of the Illuminati on Twitter - https://medium.com/@fs0c131y/how-i-became-a-member-of-the-illuminati-on-twitter-aa9e1c4c95de

Reverse Engineering of the Anubis Malware — Part 1 - https://medium.com/@fs0c131y/reverse-engineering-of-the-anubis-malware-part-1-741e12f5a6bd

How I “found” the database of the Donald Daters App - https://medium.com/@fs0c131y/how-i-found-the-database-of-the-donald-daters-app-af88b06e39ad

Conferences

Can I hack your Android app, please? (GDG Toulouse s03e07) - https://youtu.be/JyVzp7vQLcc

Votre vie privée contre des services? (TEDx Centrale Lyon 2019) - https://youtu.be/KmVdjGeqWD0

Interview with Robert Baptiste aka Elliot Alderson by Antriksh Shah (NullCon Goa 2019) - https://youtu.be/8qB1PMH0rD8

Podcasts

Episode 124: The Twitter Accounts Pushing French Protests (Security Ledger) - https://securityledger.com/2018/12/episode-124-the-twitter-accounts-pushing-french-protests-and-social-engineering-the-software-supply-chain/

GitHub - https://github.com/fs0c131y

Twitter - https://twitter.com/fs0c131y

Keybase - https://keybase.io/fs0c131y

Medium - https://medium.com/@fs0c131y

Youtube - https://www.youtube.com/channel/UCeW9xo2vZXPMEtOyRpeoiIw

Donation

PayPal - https://www.paypal.me/fs0c131y

Bitcoin - 3BToAehWHeyGcHDtQLFL3YMUbnWTcLzjzX