Security Analysis and Responsible Disclosure
The group is quite active in performing security and privacy analysis of widely deployed and adopted systems. Through the responsible disclosure of any vulnerabilities discovered to the vendors and maintainers of the analysed systems and working with them to deploy countermeasures before the publication of such vulnerabilities, the group has had a considerable impact in increasing the security and privacy of billions of users worldwide.
Examples of such analyses include vulnerabilities we discovered in 2020 in the top 5 password managers (LastPass, Keeper, 1Password, RoboForm, Dashlane) used by 10m+ personal and 20m+ enterprise users worldwide (see paper at IFIP SEC 2020), attacks we found in 2015 on Bitcoin's Payment Protocol used by 100k+ merchants worldwide (see papers at FC 2016, FC 2018, and CoSe 2021), and vulnerabilities we identified in 2015 in major mobile browsers (Chrome, Firefox, Opera, and Safari) used by billions of users worldwide (see paper in JISA 2016).
Contact us
Dr Siamak Shahandashti
Cyber Security and Privacy Research Group lead
Contact us
Dr Siamak Shahandashti
Cyber Security and Privacy Research Group lead