Hey there! I'm Yanick Fratantonio, an Assistant Professor in the S3 group at EURECOM. My research focus is mobile systems security and privacy. I work to make users safer by detecting and preventing malware and flaws in apps and mobile operating systems before attackers have a chance to exploit them. Recent projects I was involved with include Cloak & Dagger (Android UI attacks), ultrasound cross-device tracking, and Drammer. I received my PhD from UC Santa Barbara. I am also a Shellphish hacker, NOPS academic advisor, and a 100% premium-quality Italian.

Contact Information

E-Mail
yanick (dot) fratantonio (at) eurecom (dot) fr
Resume
PDF (please email me for full version)
Google Scholar
Public profile
Twitter
@reyammer
Public Key
PGP key
Social Links

Research Interests

My research field is systems security and privacy. With a main focus on mobile devices, I work on new techniques to uncover and tackle new classes of vulnerabilites and malware. My research has highlighted flaws in many aspects of mobile devices, including bootloaders, hardware memory modules, cryptography, dynamic code loading, authentication, fingerprint API, and more recently on mobile Graphical User Interfaces. I also worked on the detection of malicious logic bombs, native code components, and privacy aspects, such as data leaks and emerging ultrasound-based cross-device tracking mechanisms. I'm also interested in other low-level aspects of system security, such as binary analysis.

Hacking

I am a big fan of Capture The Flag (CTF) competitions — that's how I and many friends got into security. I'm a core member of the Shellphish hacking team with which I played many competitions and organized many editions of the UCSB iCTF. I'm now also involved with the NOPS team, the EURECOM's hacking team, with which we organize weekly hackmeetings. I also like to write hacking tools (few years back I wrote ShellNoob, a shellcode writing toolkit, now part of Kali Linux!). If you live in the area, you like hacking, and you may be interested in joining the team, get in touch!

Recent News

  • Jan. 2018, I will serve on a number of program committees, including ICDCS, DIMVA, USENIX's WOOT, ESSoS, EuroSec, and MALIoT.
  • Oct. 2017, Our paper on the (mis)use of the fingerprint Android API has been accepted to NDSS'18.
  • Sept. 2017, I joined EURECOM as Assistant Professor!
  • Aug. 2017, Our paper on account hijack vulnerabilities in mobile apps was accepted at ACSAC'17.
  • July 2017, I will serve on the program committee for the IEEE International Conference on Distributed Computing Systems (ICDCS 2018) security track.
  • May 2017, Cloak & Dagger hits the news!
  • May 2017, Cloak & Dagger wins Distinguished Practical Paper Award at IEEE S&P!
  • May 2017, Our Cloak & Dagger work goes public at cloak-and-dagger.org
  • May 2017, Our paper on the security of mobile bootloaders got accepted at USENIX Security!
  • Apr. 2017, Our Cloak & Dagger work on Android UI attacks was accepted at BH USA 2017!
  • Mar. 2017, I am extremely happy to announce that, starting from September 2017, I will join EURECOM as an Assistant Professor!
  • Feb. 2017, My paper "Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop" got accepted at IEEE S&P 2017!
  • Oct. 2016, Our paper on the privacy and security of the ultrasound ecosystem got accepted at PETS'17!
  • Oct. 2016, Our works on Drammer and Ultrasound tracking are in the news!
  • Oct. 2016, Our paper on a new technique to perform privacy leak detection got accepted at NDSS'17!
See all news here.

Professional Highlights and Awards

  • I joined EURECOM as Assistant Professor.
  • I earned my PhD from UC Santa Barbara.
  • Our work "Cloak & Dagger" on Android UI attacks won the Distinguished Practical Paper Award at IEEE S&P 2017.
  • Our work "Drammer" on rowhammer attacks on mobile devices won the Pwnie Award for Best Privilege Escalation Bug 2017 and the CSAW Applied Research Best Paper Award 2017.
  • I have received the "2015 Outstanding Student Award" from the Computer Science deptartment at UC Santa Barbara.'
  • My work has appeared in many major security (IEEE S&P, USENIX Security, ACM CCS, NDSS, PETS, Black Hat) and software engineering (ICSE, FSE) venues.
  • My research has been covered by many international press venues, such as SlashDot, WIRED, Ars Technica, etc. See press coverage.

© 2018 Yanick Fratantonio