Jonghyuk Song
Security Researcher
Director of Vehicle Threat Research Laboratory at AUTOCRYPT
Email: jhsong@autocrypt.io, jonghyk.song@gmail.com
Blog: https://www.linkedin.com/in/jonghyuksong/
Experience
- Mar. 2021 ~ present: Director of Vehicle Threat Research Laboratory, AUTOCRYPT
- Sep. 2015 ~ Feb. 2021: Security team, SAMSUNG Research
Education
- Sep. 2008 ~ Aug. 2015: Ph.D. in Computer Science & Engineering, POSTECH, Korea
- Mar. 2004 ~ Aug. 2008: B.S. in Computer Science & Engineering, POSTECH, Korea
Advisor: Prof. Jong Kim
Publications
[Google scholar]
Conference
-
CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks
Jonghyuk Song, Sangho Lee, and Jong Kim
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (ACM CCS 2015), Denver, CO, USA, October 12-16, 2015. (128/646=19.8%)
-
Detection of Heap-Spraying Attacks Using String Trace Graph
Jaehyeok Song, Jonghyuk Song, Jong Kim
The 15th International Workshop on Information Security Applications 15th International Workshop (WISA 2014), Jeju Island, Korea, August 25-27, 2014.
-
I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata
Jonghyuk Song, Sangho Lee, and Jong Kim
22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil, May 13-17, 2013 (125/831=15.0%)
-
Spam Filtering in Twitter using Sender-Receiver Relationship
Jonghyuk Song, Sangho Lee, and Jong Kim
14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, USA September 20-21, 2011. (20/87=23.0%)
Journal
-
Inference Attack on Browsing History of Twitter Users using Public Click Analytics and Twitter Metadata
Jonghyuk Song, Sangho Lee, and Jong Kim
IEEE Transactions on Dependable and Secure Computing (TDSC), 2014 (SCIE)
Talks
-
UDSonCAN Attacks: Discovering Safety-Critical Risks by Fuzzing [link]
Seunghee Han, Soohwan Oh, Jonghyuk Song
DEFCON32, Car Hacking Village, LasVegas, Aug. 9-11, 2024
-
Automotive USB Fuzzing: How to Fuzzing USB in Vehicles to Discover the Real-World Vulnerabilities [link]
Euntae Jang, Donghyeon Jeong, Jonghyuk Song
DEFCON31, Car Hacking Village, LasVegas, Aug. 10-13, 2023
-
Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing [link]
Jonghyuk Song, Soohwan Oh, Woongjo Choi
DEFCON30, LasVegas, Aug. 11-13, 2022
-
SMART BLACK BOX FUZZING OF UDS CAN [link]
Soohwan Oh, Jonghyuk Song, Jeongho Yang
DEFCON30, Car Hacking Village, LasVegas, Aug. 11-13, 2022
-
STEVE: Security Testing Framework for EV Charging Environments
Jonghyuk Song, Jaejo Lee, Hyunwoong Kim, Jaeson Yoo, Kiho Joo
International Electric Vehicle Symposium & Exhibition (EVS35), Oslo, June 13-15, 2022
-
자동차 보안성 검증기술 소개(Introduction to Verification for Autumotive Security)
Jonghyuk Song
IoTcube Conference 2021, Seoul, Aug 18-19, 2021
-
Breaking Pseudo-Random Number Generator in Ethereum Smart Contracts
Jonghyuk Song
Codegate 2019, Seoul, March 27, 2019
-
Breaking Pseudo-Random Number Generator in Ethereum Smart Contracts [link]
Jonghyuk Song
Codeblue 2018, Tokyo, November 1-2, 2018
-
이더리움 스마트 컨트랙트에서 발생하는 취약점 소개 (Introduction to Ethereum smart contract vulnerabilities)
Jonghyuk Song
KimchiCon2018, Seoul, September 14-15, 2018
Honors & Awards
The 4th place at DEFCON 31, Car Hacking Village CTF, Las Vegas, USA, Aug, 2023 (AUTOCRYPT)
The 5th place at DEFCON 30, Car Hacking Village CTF, Las Vegas, USA, Aug, 2022 (AUTOCRYPT)
1st place at Cyber Security Challenge Competition - Car Hacking, Ministry of Science and ICT, South Korea · Nov 2021 (AUTOCRYPT)
The 11th place at DEFCON 25 CTF, Las Vegas, USA, Aug, 2017 (hacking4danbi)
The 8th place at DEFCON 19 CTF, Las Vegas, USA, Aug, 2011 (PLUS)
Silver prize at KISA (Korea Information Security Agency) Hacking Defense Contest, Jul, 2011
[link]
The 3rd place at DEFCON 17 CTF, Las Vegas, USA, Aug, 2009 (PLUS)
The 2nd place at Wowhacker Corea Hacking Challenge, 2007
Winner of POSTECH-KAIST Hacking Contest, Science War, 2007
The 1st place at Wowhacker Corea Hacking Challenge, 2006
Special prize at KISA (Korea Information Security Agency) Hacking Defense Contest, 2006
Winner of POSTECH-KAIST Hacking Contest, Science War, 2006
The 9th place at HUST (Hongik University Security Team) Hacking Festival, 2006
Winner of POSTECH-KAIST Hacking Contest, Science War, 2005
Reported Vulnerabilities
CVE-2018-14715:
Vulnerability of Cryptogs smart contract (Ethereum game)
CVE-2018-13877:
Vulnerability of MegaCryptoPolis smart contract (Ethereum game)
CVE-2018-12975:
Vulnerability of Cryptosaga smart contract (Ethereum game)
CVE-2018-12885:
Vulnerability of MyCryptoChamp smart contract (Ethereum game)
CVE-2018-12454:
Vulnerability of 1000 Guess smart contract (Ethereum game)
CVE-2018-12056:
Vulnerability of All For One smart contract (Ethereum game)
CVE-2018-11411:
Vulnerability of DimonCoin(FUD) smart contract (Ethereum ERC20 token)
CVE-2018-10944:
Vulnerability of ROC(aka Rasputin Online Coin) smart contract (Ethereum ERC20 token)
CVE-2018-10666:
Vulnerability of IDEX Membership(IDXM) smart contract (Ethereum ERC20 token)
CVE-2018-10468:
Vulnerability of UselessEthereumToken(UET) smart contract (Ethereum ERC20 token)
16-664(KISA): Wifi-Router, Remote command execution in a daemon
16-639(KISA): Wifi-Router, Remote command execution in a daemon
16-514(KISA): Wifi-Router, Command execution in a web server daemon
16-513(KISA): Wifi-Router, Command injection in a WPS configuration page
16-510(KISA): Wifi-Router, Command injection in a firmware update page
16-498(KISA): Wifi-Router, Command execution using a hidden web shell
*KISA = Korea Internet Security Agency
I'm in the Hall of Fame 2017, KISA S/W vulnerability reporters [link]
Media Coverage
Inside the world of the people keeping “smart” transportation safe
[link]
POSTECH Times Interview, April. 11, 2012
[link]
Dailysecu news Interview for DEFCON CTF 2011, Aug, 18, 2011 (team PLUS)
[link]
Boannews Interview for DEFCON CTF 2009, Aug. 11, 2009 (team PLUS)
[link]
Ahnlab Interview for PLUS, Jan. 2007
[link]
PCLove Interview for POSTECH-KAIST hacking war, Nov. 2005
[link1]
[link2]