Jonghyuk Song

Security Researcher
Samsung Research, Samsung Electronics

Email: jonghyk.song@gmail.com // jhyuk.song@samsung.com
Blog: https://medium.com/@jonghyk.song
I do pentest on Samsung products, such as smart TV, smart refrigerator, network routers, web services and so on.

Education

Publications

[Google scholar]

Conference

Journal

Talks

Honors & Awards

  • The 11th place at DEFCON 25 CTF, Las Vegas, USA, Aug, 2017 (hacking4danbi)
  • The 8th place at DEFCON 19 CTF, Las Vegas, USA, Aug, 2011 (PLUS)
  • Silver prize at KISA (Korea Information Security Agency) Hacking Defense Contest, Jul, 2011 [link]
  • The 3rd place at DEFCON 17 CTF, Las Vegas, USA, Aug, 2009 (PLUS)
  • The 2nd place at Wowhacker Corea Hacking Challenge, 2007
  • Winner of POSTECH-KAIST Hacking Contest, Science War, 2007
  • The 1st place at Wowhacker Corea Hacking Challenge, 2006
  • Special prize at KISA (Korea Information Security Agency) Hacking Defense Contest, 2006
  • Winner of POSTECH-KAIST Hacking Contest, Science War, 2006
  • The 9th place at HUST (Hongik University Security Team) Hacking Festival, 2006
  • Winner of POSTECH-KAIST Hacking Contest, Science War, 2005
  • Reported Vulnerabilities

  • CVE-2018-14715: Vulnerability of Cryptogs smart contract (Ethereum game)
  • CVE-2018-13877: Vulnerability of MegaCryptoPolis smart contract (Ethereum game)
  • CVE-2018-12975: Vulnerability of Cryptosaga smart contract (Ethereum game)
  • CVE-2018-12885: Vulnerability of MyCryptoChamp smart contract (Ethereum game)
  • CVE-2018-12454: Vulnerability of 1000 Guess smart contract (Ethereum game)
  • CVE-2018-12056: Vulnerability of All For One smart contract (Ethereum game)
  • CVE-2018-11411: Vulnerability of DimonCoin(FUD) smart contract (Ethereum ERC20 token)
  • CVE-2018-10944: Vulnerability of ROC(aka Rasputin Online Coin) smart contract (Ethereum ERC20 token)
  • CVE-2018-10666: Vulnerability of IDEX Membership(IDXM) smart contract (Ethereum ERC20 token)
  • CVE-2018-10468: Vulnerability of UselessEthereumToken(UET) smart contract (Ethereum ERC20 token)
  • 16-664(KISA): Wifi-Router, Remote command execution in a daemon
  • 16-639(KISA): Wifi-Router, Remote command execution in a daemon
  • 16-514(KISA): Wifi-Router, Command execution in a web server daemon
  • 16-513(KISA): Wifi-Router, Command injection in a WPS configuration page
  • 16-510(KISA): Wifi-Router, Command injection in a firmware update page
  • 16-498(KISA): Wifi-Router, Command execution using a hidden web shell
  • *KISA = Korea Internet Security Agency
    I'm in the Hall of Fame 2017, KISA S/W vulnerability reporters [link]

    Media Coverage

  • POSTECH Times Interview, April. 11, 2012 [link]
  • Dailysecu news Interview for DEFCON CTF 2011, Aug, 18, 2011 (team PLUS) [link]
  • Boannews Interview for DEFCON CTF 2009, Aug. 11, 2009 (team PLUS) [link]
  • Ahnlab Interview for PLUS, Jan. 2007 [link]
  • PCLove Inverview for POSTECH-KAIST hacking war, Nov. 2005 [link1] [link2]


  • Thanks to e0en