French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others. Not completely schizophrenic. Not related to USANetwork.

CVEs

CVE-2018-20555 - https://github.com/fs0c131y/CVE-2018-20555

CVE-2019-6447 - https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

Press appearances

Indian state government leaks thousands of Aadhaar numbers (Techcrunch) - https://techcrunch.com/2019/01/31/aadhaar-data-leak/

Une application populaire auprès des «gilets jaunes» victime d'une faille de sécurité (Le Figaro) - http://www.lefigaro.fr/secteur/high-tech/2019/01/23/32001-20190123ARTFIG00149-une-application-populaire-aupres-des-gilets-jaunes-victime-d-une-faille-de-securite.php

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts (Techcrunch) - https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/

ES File Explorer : un célèbre explorateur de fichiers pour Android met en péril le contenu du smartphone (Numerama) - https://www.numerama.com/tech/456076-es-file-explorer-un-celebre-explorateur-de-fichiers-pour-android-met-en-peril-le-contenu-du-smartphone.html

ES File Explorer Flaws Put 100 Million Users' Data at Risk, Fix Promised (BleepingComputer) - https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/

Researcher shows how popular app ES File Explorer exposes Android device data (Techcrunch) - https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/

Researchers downplay role of fake news and bots in France’s Yellow Vest protests (VentureBeat) - https://venturebeat.com/2018/12/26/researchers-downplay-role-of-fake-news-and-bots-in-frances-yellow-vest-protests/

The co-opting of French unrest to spread disinformation (Wired) - https://www.wired.com/story/co-opting-french-unrest-spread-disinformation/

Gilets jaunes : soupçons d’ingérence en réseaux (Libération) - https://www.liberation.fr/france/2018/12/09/gilets-jaunes-soupcons-d-ingerence-en-reseaux_1697012

« Gilets jaunes » : soupçons de manipulation sur les réseaux sociaux (Le Monde) - https://www.lemonde.fr/pixels/article/2018/12/09/gilets-jaunes-soupcons-de-manipulation-sur-les-reseaux-sociaux_5394890_4408996.html

Donald Daters, a dating app for Trump supporters, leaked its users’ data (Techcrunch) - https://techcrunch.com/2018/10/15/donald-daters-a-dating-app-for-trump-supporters-leaked-its-users-data/

'Donald Daters' the New Dating App for Trump Supporters Leaked Its Users' Data on Launch Day (Time) - http://time.com/5426460/donald-daters-app-leak/

A strange phone number crept into Indian contact lists, and no one knew why (The Verge) - https://www.theverge.com/2018/8/3/17648738/india-phone-number-unknown-privacy-data-contacts-uidai

Hacker Steals Customers' Text Messages from Android Spyware Company (Motherboard) - https://motherboard.vice.com/en_us/article/qvm44m/hacker-steals-text-messages-android-spyware-company-spyhuman

Terri, Regina, Pearl : d’où viennent ces « bots » pornographiques qui envahissent Twitter ? (Le Monde) - https://www.lemonde.fr/pixels/article/2018/02/22/terri-regina-pearl-d-ou-viennent-ces-bots-pornographiques-qui-envahissent-twitter_5260996_4408996.html

TRAI chief shares Aadhaar number on Twitter with a dare, personal details leaked (India Today) - https://www.indiatoday.in/india/story/twitterati-respond-to-trai-chief-s-aadhaar-dare-1299213-2018-07-29

India PM Modi app sparks social media furore (BBC News) - https://www.bbc.com/news/world-asia-india-43538178

Baba Ramdev: India guru's 'WhatsApp killer' app mocked over flaws (BBC News) - https://www.bbc.com/news/world-asia-india-44326816

Protection des données : «Ce n’est pas en arrêtant les chercheurs que l’on va sécuriser les sites» (Libération) - https://www.liberation.fr/planete/2018/03/29/protection-des-donnees-ce-n-est-pas-en-arretant-les-chercheurs-que-l-on-va-securiser-les-sites_1639884

Security researcher reported vulnerability on India Post server (Medianama) - https://www.medianama.com/2018/03/223-security-researcher-reported-vulnerability-on-india-post-server

French tech wizard hacked BSNL database of 47,000 staff (The Times of India) - https://timesofindia.indiatimes.com/city/hyderabad/french-tech-wizard-hacked-bsnl-database-of-47000-staff/articleshow/63164435.cms

Sécurité : la série noire des smartphones Wiko continue (01net) - https://www.01net.com/actualites/securite-la-serie-noire-des-smartphones-wiko-continue-1314593.html

Elliot 'fs0c131y' Alderson reveals: Everyone is spying (AndroidPit) - https://www.androidpit.com/elliot-fs0c131y-alderson-interview

OnePlus Phones Were Shipped With a Hidden Backdoor (Motherboard) - https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode

OnePlus phones have an unfortunate backdoor built in (Wired) - https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/

TV appearances

Un lanceur d'alerte français traque les sites et applications abusifs (RT France) - https://youtu.be/28NJf53apI4

Rencontre avec le hacker français qui fait trembler l’Inde (Quotidien) - https://www.tf1.fr/tmc/quotidien-avec-yann-barthes/videos/rencontre-hacker-francais-fait-trembler-l-inde.html

Blog posts

How I became a member of the Illuminati on Twitter - https://medium.com/@fs0c131y/how-i-became-a-member-of-the-illuminati-on-twitter-aa9e1c4c95de

Reverse Engineering of the Anubis Malware — Part 1 - https://medium.com/@fs0c131y/reverse-engineering-of-the-anubis-malware-part-1-741e12f5a6bd

How I “found” the database of the Donald Daters App - https://medium.com/@fs0c131y/how-i-found-the-database-of-the-donald-daters-app-af88b06e39ad

GitHub - https://github.com/fs0c131y

Twitter - https://twitter.com/fs0c131y

Keybase - https://keybase.io/fs0c131y

Medium - https://medium.com/@fs0c131y

Youtube - https://www.youtube.com/channel/UCeW9xo2vZXPMEtOyRpeoiIw

Donation

PayPal - https://www.paypal.me/fs0c131y

Bitcoin - 3BToAehWHeyGcHDtQLFL3YMUbnWTcLzjzX