BIO

Dr. Andrei Costin is a PhD graduate from EURECOM where he successfully defended his thesis on "Large Scale Security Analysis of Embedded Devices' Firmware." He is also a Computer Science graduate of the Politehnica University of Bucharest where he did his thesis work in Biometrics and Image Processing. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and also was a senior developer at a specialized firm programming various GSM/UMTS/GPS sub-systems.

He is the author of the MiFare Classic Universal toolKit (MFCUK), the first (and still only) publicly available FOSS card-only key cracking tool for the MiFare Classic RFID card family. He is also known as the "mister printer guy" for his "Hacking MFPs" and "Hacking PostScript" series of hacks & talks at various international conferences. Lately, he was spotted security-harassing airplanes with ADS-B hacks (though no planes were harmed during the experiments) and remotely hacking fireworks/demolition/pyrotechnic systems (though no fireworks show was spoiled and no buildings were demolished). He is passionate about security in a holistic fashion.

At present, Andrei is mostly busy developing cutting edge security research for embedded systems as part of his FIRMWARE.RE project.

PUBLICATIONS

2017

Lua code: security overview and practical approaches to static analysis
Andrei Costin
LangSec Workshop, Security and Privacy Workshops (SPW) (co-located with S&P), 2017 IEEE (acceptance rate: %)
Towards Automated Classification of Firmware Images and Identification of Embedded Devices
Andrei Costin, Apostolis Zarras, Aurelien Francillon
32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), Rome, Italy (acceptance rate: 19.3%)

2016

Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations
Andrei Costin
TrustED'16: International Workshop on Trustworthy Embedded Devices Proceedings, Vienna, Austria (acceptance rate: 50.0%)
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Andrei Costin, Apostolis Zarras, Aurélien Francillon
11th ACM Asia Conference on Computer and Communications Security (AsiaCCS), Xidian, China (acceptance rate: 20.9%)

2015

Large Scale Security Analysis of Embedded Devices' Firmware
Andrei Costin
PhD Thesis, EURECOM/TelecomParisTech, Publicly defended: 23rd September 2015
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Andrei Costin, Apostolis Zarras, Aurélien Francillon
Pre-print arXiv:1511.03609 in Computer Science > Cryptography and Security (non-refereed)
All your cluster-grids are belong to us: Monitoring the (in)security of infrastructure monitoring systems
Andrei Costin
Proceedings of the 1st Workshop on Security and Privacy in the Cloud (SPC) of the 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy (acceptance rate: 27.3%)

2014

A Large Scale Analysis of the Security of Embedded Firmwares
Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti
Proceedings of the 23rd USENIX Security Symposium (USENIX Security), San Diego, USA (acceptance rate: 19.0%)
Short Paper: A Dangerous 'Pyrotechnic Composition': Fireworks, Embedded Wireless and Insecurity-by-Design
Andrei Costin, Aurélien Francillon
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec), Oxford, UK (acceptance rate: 26.0%)
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Aurelien Francillon, Davide Balzarotti
EURASIP Journal on Information Security

2013

The Role of Phone Numbers in Understanding Cyber-Crime Schemes
Andrei Costin, Jelena Isachenkova, Marco Balduzzi, Aurelien Francillon, Davide Balzarotti
Annual Conference on Privacy, Security, and Trust (PST), Terragona, Spain (acceptance rate: 29.0%)
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti, Aurelien Francillon
Proceedings of the International Workshop on Cyber Crime (co-located with S&P), San Francisco, USA
Embedded Devices Security and Firmware Reverse Engineering
Jonas Zaddach, Andrei Costin
BlackHat 2013, Las Vegas, USA

2012

Ghost in the Air (Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices
Andrei Costin, Aurélien Francillon
BlackHat 2012, Las Vegas, USA

ADDRESS

EURECOM
Campus SophiaTech,
450 Route des Chappes, 06410 Biot FRANCE
Office: 370

CONTACT

python -c "print 'andrei.%s%seurecom.%s' % ('costin', '@', 'fr')"
@costinandrei
Google Scholar