French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others. Not completely schizophrenic. Not related to USANetwork.


CVE-2019-14516 -

CVE-2019-14367 -

CVE-2019-14366 -

CVE-2019-14365 -

CVE-2019-12087 -

CVE-2019-11341 -

CVE-2019-11340 -

CVE-2019-6447 -

CVE-2018-20555 -

Press appearances

The Black Hat cybersecurity conference app has a cybersecurity problem (Mashable) -

Escroquerie: un site vendait de fausses vidéos de dédicaces d’influenceurs (BFMTV) -

Is FaceApp an evil plot by 'the Russians' to steal your data? Not quite (The Guardian) -

What's the deal with FaceApp? The data-hungry Russian photo editor (Wired) -

FaceApp Lets You ‘Age’ a Photo by Decades. Does It Also Violate Your Privacy? (The New York Times) -

FaceApp went viral with age-defying photos. Now Democratic leaders are warning campaigns to delete the Russian-created app ‘immediately’ (The Washington Post) -

Photo editor FaceApp goes viral again, prompting security concerns (nbcnews) -

FaceApp: Is The Russian Face-Aging App A Danger To Your Privacy? (Forbes) -

AI photo editor FaceApp goes viral again on iOS, raises questions about photo library access (Techcrunch) -

Nord Pas-de-Calais : la fuite des résultats du bac aurait été provoquée par une faille vieille de 12 ans (France 3) -

Baccalauréat 2019: la fuite des résultats provoquée par une faille vieille de 12 ans (BFMTV) -

Китайская полиция извлекает данные со смартфонов обычных жителей страны ( -

中國公安強行安裝監控App 手機用戶強烈不滿 (Liberty Times Net) -

Chinese police use app to spy on citizens (Financial Times) -

A Conversation with Elliot Alderson (Threader) -

Bug in French government’s WhatsApp replacement let anyone join Élysée chats (Ars Technica) -

Security flaw in French government messaging app exposed confidential conversations (Techcrunch) -

Un chercheur découvre une faille de sécurité sur Tchap, la messagerie sécurisée réservée aux services de l'Etat (franceinfo) -

French Government's 'Secure' WhatsApp Replacement Hacked In Just 90 Minutes (Forbes) -

Comment une nébuleuse LREM instrumentalise les réseaux sociaux (Mediapart) -

Major Aadhaar data leak plugged: French security researcher (The Hindu) -

Pro-Trump app threatens expert for finding flaw in code (Fox News) -

'Yelp for conservatives' MAGA app leaks users data (ZDNet) -

A French security expert reveals how trolls backing the BJP and Congress fuelled #BoycottSurfExcel (Quartz) -

Twitter Test Reveals BJP’s Troll Army Pushed #BoycottSurfExcel (The Quint) -

An Indian oil company left the biometric ID numbers of 6.7 million customers accessible on Google (Vice News) -

India’s state gas company leaks millions of Aadhaar numbers (Techcrunch) -

Aadhaar Leak On Indane Website Exposed Details of Millions Of Customers (HuffPost India) -

Indian state government leaks thousands of Aadhaar numbers (Techcrunch) -

Une application populaire auprès des «gilets jaunes» victime d'une faille de sécurité (Le Figaro) -

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts (Techcrunch) -

ES File Explorer : un célèbre explorateur de fichiers pour Android met en péril le contenu du smartphone (Numerama) -

ES File Explorer Flaws Put 100 Million Users' Data at Risk, Fix Promised (BleepingComputer) -

Researcher shows how popular app ES File Explorer exposes Android device data (Techcrunch) -

Researchers downplay role of fake news and bots in France’s Yellow Vest protests (VentureBeat) -

The co-opting of French unrest to spread disinformation (Wired) -

Gilets jaunes : soupçons d’ingérence en réseaux (Libération) -

« Gilets jaunes » : soupçons de manipulation sur les réseaux sociaux (Le Monde) -

Donald Daters, a dating app for Trump supporters, leaked its users’ data (Techcrunch) -

'Donald Daters' the New Dating App for Trump Supporters Leaked Its Users' Data on Launch Day (Time) -

A strange phone number crept into Indian contact lists, and no one knew why (The Verge) -

Hacker Steals Customers' Text Messages from Android Spyware Company (Motherboard) -

Terri, Regina, Pearl : d’où viennent ces « bots » pornographiques qui envahissent Twitter ? (Le Monde) -

TRAI chief shares Aadhaar number on Twitter with a dare, personal details leaked (India Today) -

India PM Modi app sparks social media furore (BBC News) -

Baba Ramdev: India guru's 'WhatsApp killer' app mocked over flaws (BBC News) -

Protection des données : «Ce n’est pas en arrêtant les chercheurs que l’on va sécuriser les sites» (Libération) -

Security researcher reported vulnerability on India Post server (Medianama) -

French tech wizard hacked BSNL database of 47,000 staff (The Times of India) -

Sécurité : la série noire des smartphones Wiko continue (01net) -

Elliot 'fs0c131y' Alderson reveals: Everyone is spying (AndroidPit) -

OnePlus Phones Were Shipped With a Hidden Backdoor (Motherboard) -

OnePlus phones have an unfortunate backdoor built in (Wired) -

TV appearances

Polémique sur "FaceApp": "Il faut juste se poser la question: suis-je prêt à échanger ma vie privée contre ce service?" (RMC) -

JT 20h - Un coup de vieux à risques (25') (France 2) -

Interview d’Elliot Alderson (France 3 Occitanie) -

FaceApp and privacy - Interview of Elliot Alderson on CBCNews (CBCNews) -

FaceApp: Are security concerns around viral app founded? (euronews) -

India: Fake News and Agitprop (Al Jazeera) -

Elliot Alderson on Aadhaar leaks, Is your Aadhaar data safe? (Mirror Now) -

Un lanceur d'alerte français traque les sites et applications abusifs (RT France) -

Rencontre avec le hacker français qui fait trembler l’Inde (Quotidien) -

Blog posts

Nothing is safe in a hacker conference: not even the coffee machine -

MFSocket: A Chinese surveillance tool -

How to brick all Samsung phones -

Tchap: The super (not) secure app of the French government -

Indane leaked Aadhaar numbers: 6,700,000 Aadhaar numbers -

How I became a member of the Illuminati on Twitter -

Reverse Engineering of the Anubis Malware — Part 1 -

How I “found” the database of the Donald Daters App -


History of the worst Android app ever: mAadhaar (AppSec Village Defcon 27) -

Can I hack your Android app, please? (GDG Toulouse s03e07) -

Votre vie privée contre des services? (TEDx Centrale Lyon 2019) -

Interview with Robert Baptiste aka Elliot Alderson by Antriksh Shah (NullCon Goa 2019) -


Cybersecurity researcher "Elliot Alderson" on fighting the good fight online (Packt) -

Episode 124: The Twitter Accounts Pushing French Protests (Security Ledger) -

GitHub -

Twitter -

Keybase -

Medium -

Youtube -


PayPal -

Bitcoin - 3BToAehWHeyGcHDtQLFL3YMUbnWTcLzjzX