Mohamed Abdelbasset Elnouby (Arabic: محمد عبد الباسط النوبي) is an Egyptian programmer and information security specialist, and one of the most famous white hat Arabic hackers.[1][2][3]

Mohamed Elnouby
محمد عبد الباسط
Born
Mohamed A.baset Elnouby

(1988-01-01) January 1, 1988 (age 36)
Qena, Egypt
CitizenshipEgypt
Known forInformation Security Analyst and Freelance Programmer
Notable workListed in the halls of fame of the 22 top sites
AwardsSee below

His start point was in 2013 when he penetrated and discovered a vulnerability on Facebook.[4][5] He also discovered many vulnerabilities on many websites like: Google, Yahoo, Amazon, Adobe and others. He has been honored for that effort plus adding his name to the add value and the hall of fame list of the white hat security experts on more than 20 global websites.[6][7][8]

He become project leader in OWASP in 2016,[9] he was the Chief Technology Officer in Google business community in upper Egypt.[10] As white hat hacker, he also helped many known companies to fix many vulnerabilities in their systems.[11]

Early life

edit

He was born in 1988 in Esna, Qena, upper Egypt. He is graduated from the faculty of the tourism and hotels Elmenia university. He started working on the programming and computer networks field since 1999 and worked for many organizations like S3Geeks. He cooperated with some volunteering works like the Arabization of the famous social media website twitter and he also worked as the general moderator for the Arabic version for Foursquare app and a freelance programmer and the Chief Technonogy Officer in Google business community in upper Egypt.[12]

 
2012

In 2014, he joined OWASP Cairo Chapter as an online coordinator, then he become a leader in OWASP for project (QRLJacking) upon he was discovering QRLJacking the new Social Engineering attack vector.[9][13]

Notable works

edit

Samsung vulnerability 2014

edit

In October 2014, there were media reports about Hackers can use the Samsung "Find My Mobile" feature to attack phones and Mohamed Elnouby discovered that,[14] this feature allows users to remotely lock or wipe their phones if they're misplaced or stolen, If Find My Mobile is turned on, hackers can remotely lock the device and change its unlock code, rendering it useless.[15][16][17]

According to the National Cyber Security Division, which is part of the U.S. Department of Homeland Security: the hackers can exploit a flaw in Samsung's Find My Mobile system to execute denial-of-service attacks.[15]

When lock-code data comes in over a network, Samsung mobile devices do not validate the source, according to the U.S. government's National Vulnerability Database. This makes Samsung phones more susceptible to this kind of remote attack.[18]

Samsung said it is looking into the situation.[15][19]

United Nations data leak

edit

In 25 Sep 2018, The United Nations has been hit with two damning data leak allegations, The researchers uncover a pair of flaws that had left a number of its records, and those of its employees, accessible to hackers online.[20]

The security researcher Kushagra Pathak found that the UN had left an unsecured set of Trello, Jira and Google Docs projects exposed to the internet. Pathak who has specialized in uncovering vulnerable Trello boards and web apps said the exposed information included account credentials and internal communications and documents used by UN staff to plan projects.[20]

The second exposure was uncovered by researcher Mohamed Elnouby of Seekurity and resulted in the exposure of "thousands" of résumés submitted by job applicants, The breach was discovered by security researcher Mohamed Baset, from the penetration testing firm Seekurity. The researcher found a path disclosure vulnerability and an information disclosure vulnerability on the UN website that contained resumes of job applicants since 2016.[21]

Elnouby found that applicants seeking a job at the UN had uploaded their resumes through an improperly configured web application. If exploited, the bugs could have allowed attackers to gain access to the directory index that documented the job applications by conducting Man-in-the-Middle (MiTM) attacks.[22][23]

Awards

edit

He was nominated for Arab CISO Of The Year Award (final shortlist) in Arab Security Conference 2019.[24][25]

References

edit
  1. ^ Wei, Wang (27 October 2014). "Samsung 'Find My Mobile' Flaw Allows Hacker to Remotely Lock Your Device". The Hacker News.
  2. ^ Cook, James (29 October 2014). "Hackers Use 'Find My Mobile' To Wipe Any Samsung Phone - Business Insider". Business Insider.
  3. ^ داود, دجى. "كيف أنقذ الهاكر المصري محمد عبدالباسط طيران "الاتحاد"؟". alaraby (in Arabic). Retrieved 2019-10-24.
  4. ^ حوار - إيمان بسطاوي. ""صعيدي جيكس".. من قرصان للمواقع إلى قائمة الشرف بـ"فيس بوك"".
  5. ^ ""الفيسبوك" يكرم مبرمجًا مصريًا لاكتشافه ثغرات في الموقع.. وتضعه في قائمة "الخبراء الأمنيين"". بوابة الأهرام.
  6. ^ Cimpanu, Catalin (4 August 2015). "WordPress 4.2.4 Fixes Three XSS Vulnerabilities and One Potential SQL Injection". softpedia.
  7. ^ سيد, محمد. "حوار مع المبرمج محمد عبد الباسط الذي كافأته فيسبوك لإبلاغه عن ثغرات أمنية". صدى التقنية.
  8. ^ البوابة العربية للأخبار التقنية. "هاكرز أخلاقيون عرب: مكافآت "فيس بوك" عادلة". الإمارات اليوم.
  9. ^ a b "Projects/QRLJacking - OWASP". www.owasp.org. Retrieved 2019-10-24.
  10. ^ "للمرة الخامسة.. شاب من الأقصر يكتشف ثغرة بالفيس بوك وينال إشادة ومكافأة الموقع العالمى.. عبد الباسط النوبى ينجح فى تعديل المنشورات الخاصة على صفحة مارك زوكربيرج.. ويدخل قائمة الخبراء الأمنيين للموقع". اليوم السابع. 2014-03-08. Retrieved 2019-10-24.
  11. ^ "خبير أمن معلوماتي يكشف ثغرات بأنظمة "اتصالات مصر" تهدد المستخدمين". www.aljazeera.net (in Arabic). Retrieved 2019-10-24.
  12. ^ Baianat (2019-03-24). "حوار خاص مع محمد عبد الباسط النوبي - الخبير العالمى فى الأمن السيبراني". حميدة سعيد (in Arabic). Retrieved 2019-10-24.
  13. ^ Duc, Hiep Nguyen (2016-11-14). "'Security-phobia is a good and healthy thing' - Interview with Mohamed A. Baset, creator of QRLJacking". Hakin9 - IT Security Magazine. Retrieved 2019-10-24.
  14. ^ Storm, Darlene (2014-10-27). "Zero-day in Samsung 'Find My Mobile' service allows attacker to remotely lock phone". Computerworld. Retrieved 2019-10-24.
  15. ^ a b c Santus, Rex. "Hackers can use the Samsung Find My Mobile feature to attack phones". Mashable. Retrieved 2019-10-24.
  16. ^ "Exploit lets remote attackers lock your Samsung phone". Engadget. Retrieved 2019-10-24.
  17. ^ Schmoll-Trautmann, Anja (2014-10-28). "Samsungs Ortungsdienst "Find My Mobile": Lücke erlaubt Gerätezugriff[Update]". CNET.de (in German). Retrieved 2019-10-24.
  18. ^ Pagliery, Jose (2015-06-17). "600 million Samsung Galaxy phones exposed to hackers". CNNMoney. Retrieved 2019-10-24.
  19. ^ "Security flaw could turn Samsung's Find My Mobile feature against you". Digital Trends - Foxnews. 2015-03-24. Retrieved 2019-10-24.
  20. ^ a b Nichols, Shaun. "While the UN laughed at Trump, hackers chortled at the UN's lousy web application security". www.theregister.co.uk. Retrieved 2019-10-24.
  21. ^ "Hackers infectan sitios de gobierno pasados en abandono". Vanguardia (in Spanish). Retrieved 2019-10-24.
  22. ^ "SAAS". Quicksilk. Retrieved 2019-10-24.
  23. ^ "United Nation WordPress site publicly exposes thousands of resumes | Cyware Hacker News". cyware.com. Retrieved 2019-10-24.
  24. ^ "Arab CISO of the year award 2019 - Arab Security Conference 2019".
  25. ^ "Third Arab Security Conference to kick off in Cairo on 22, 23 September". Daily News Egypt. 2019-09-12. Retrieved 2019-10-24.

Further reading

edit
edit