Ang Cui#Thrangrycat

Cui was formerly a researcher with Columbia University's Intrusion Detection Systems Lab where he worked while pursuing his Ph.D. in computer science at Columbia University.{{Cite web|url=https://www.forbes.com/sites/robertvamosi/2012/12/06/off-hook-voip-phone-security-vulnerability-affects-some-cisco-models/|title=Cisco VoIP Phones Affected By On Hook Security Vulnerability|last=Vamosi|first=Robert|website=Forbes.com|language=en|access-date=2019-03-03}}{{Cite web|url=http://ids.cs.columbia.edu/users/ang.html|title=The Columbia University Intrusion Detection Systems Lab|website=Ids.cs.columbia.edu|access-date=2019-03-03}}{{Cite web|url=http://columbia.academia.edu/AngCui|title=Ang Cui {{!}} Columbia University - Academia.edu|website=Columbia.academia.edu|access-date=2019-03-03}}{{Cite web|url=http://ids.cs.columbia.edu/users/ang.html|title=The Columbia University Intrusion Detection Systems Lab|website=Ids.cs.columbia.edu|access-date=2019-03-03}} His doctoral dissertation, entitled “Embedded System Security: A Software-Based Approach,” focused on scientific inquiries concerning the exploitation and defense of embedded systems.{{Cite thesis|title=Embedded System Security: A Software-based Approach|publisher=Columbia University|date=2015|doi=10.7916/d8ns0tn9|first=Ang|last=Cui}} Cui received his Ph.D. in 2015, and founded Red Balloon Security to commercialize his firmware defense technology now known as Symbiote.{{cite web|url=https://www.dhs.gov/science-and-technology/dhs-st-funded-technology-helps-protect-devices-cyber-attacks|title=DHS S&T Funded Technology Helps Protect Devices from Cyber Attacks|date=3 November 2015|website=Department of Homeland Security|accessdate=27 April 2019}}{{cite web|url=http://nsl.cs.columbia.edu/projects/minestrone/papers/Symbiotes.pdf|title=Defending Embedded Systems with Software Symbiotes|author1=Ang Cui|author2=Salvatore J. Stolfo|website=Nsl.cs.columbia.edu|accessdate=28 April 2019}}

Cui has publicly demonstrated security vulnerabilities in widely used commercial and consumer products, including Cisco{{Cite web|url=https://arstechnica.com/information-technology/2013/01/hack-turns-the-cisco-phone-on-your-desk-into-a-remote-bugging-device/|title=Hack turns the Cisco phone on your desk into a remote bugging device|last=Goodin|first=Dan|date=2013-01-10|website=Ars Technica|language=en-us|access-date=2019-03-03}}{{Cite web|url=https://engineering.columbia.edu/news/seas-computer-scientists-find-vulnerabilities-cisco-voip-phones|title=SEAS Computer Scientists Find Vulnerabilities in Cisco VoIP Phones {{!}} Columbia Engineering|website=Engineering.columbia.edu|access-date=2019-03-03|date=2017-01-31}} and Avaya VoIP phones,{{Cite web|url=https://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html|title=How to hack Avaya phones with a simple text editor|date=2015-04-22|website=Security Affairs|language=en-US|access-date=2019-03-03}}{{Cite web|url=https://www.theregister.co.uk/2015/04/22/text_editor_pops_avaya_phones_forever/|title=Infosec bod's brag: Text editor pops Avaya phones FOREVER|author=Darren Pauli|website=Theregister.co.uk|language=en|access-date=2019-03-03}}{{Cite web|url=https://threatpost.com/avaya-to-patch-zero-days-that-turn-ip-phone-in-radio-transmitters/104506/|title=Avaya to Patch Zero Days That Turn IP Phone into Radio Transmitters|website=Threatpost.com|date=26 February 2014 |language=en|access-date=2019-03-03}} Cisco routers{{Cite journal|last1=Stolfo|first1=Salvatore|last2=Kataria|first2=Jatin|last3=Cui|first3=Ang|date=2011|title=Killing the Myth of Cisco IOS Diversity: Recent Advances in Reliable Shellcode Design|language=en|doi=10.7916/D8TB1H7N}}{{Cite web|url=https://www.businessinsider.com/hackers-can-turn-office-phone-into-remote-listening-device-cybersecurity-hack-cisco-spying-tap-2017-11|title=A cybersecurity expert showed us how hackers can tap into an office phone and listen to everything you're saying|last=Snyder|first=Chris|website=Business Insider|access-date=2019-03-03}} and HP LaserJet printers.{{Cite magazine|url=https://www.wired.com/2011/11/hp-printer-hack/|title=Hackers Can Remotely Set Ablaze HP Printers, Researchers Say|last=Zetter|first=Kim|date=2011-11-29|magazine=Wired|access-date=2019-03-03|issn=1059-1028}}{{Cite web|url=https://arstechnica.com/business/news/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim.ars|title=HP printers can be remotely controlled and set on fire, researchers claim (updated)|last=Brodkin|first=Jon|date=2011-11-29|website=Ars Technica|language=en-us|access-date=2019-03-03}}{{cite web|url=http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf|title=Print Me If You Dare|website=Ids.cs.columbia.edu|accessdate=28 April 2019}}{{Cite web|url=https://www.theverge.com/2011/12/24/2659385/hp-firmware-fix-laserjet-vulnerability|title=HP releases firmware fix for laserjet printer exploit|last=Welch|first=Chris|date=2011-12-24|website=The Verge|access-date=2019-03-03}} He has presented his research at industry events including Black Hat Briefings,{{Cite web|url=https://www.vice.com/en/article/how-to-turn-a-cheap-printer-into-a-stealthy-bugging-device/|title=How To Turn a Cheap Printer Into A Stealthy Bugging Device|last=Franceschi-Bicchierai|first=Lorenzo|date=2015-08-05|website=Motherboard|language=en-US|access-date=2019-03-03}}{{Cite web|url=https://www.blackhat.com/us-15/speakers/Ang-Cui.html|title=Black Hat USA 2015|website=Blackhat.com|access-date=2019-03-03}}{{Cite web|url=https://www.blackhat.com/us-13/speakers/Ang-Cui.html|title=Black Hat USA 2013|website=Blackhat.com|access-date=2019-03-03}}{{Cite web|url=https://www.blackhat.com/html/bh-us-12/speakers/Ang-Cui.html|title=Black Hat USA 2012|website=Blackhat.com|access-date=2019-03-03}} DEF CON conference,{{Cite web|url=https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Cui|title=DEF CON® 24 Hacking Conference - Speakers|website=Defcon.org|access-date=2019-03-03}}{{Cite web|url=https://www.vice.com/en/article/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels/|title=Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels|last=Franceschi-Bicchierai|first=Lorenzo|date=2016-08-06|website=Motherboard|language=en-US|access-date=2019-03-03}} RSA Conference,{{Cite web|url=http://www.rsaconference.com/speakers/ang-cui|title=Ang Cui {{!}} RSA Conference|website=Rsaconference.com|language=en|access-date=2019-03-03}} REcon security conference{{Cite web|url=https://recon.cx/2016/speakers/ang_cui.html|archive-url = https://web.archive.org/web/20190524201851/https://recon.cx/2016/speakers/ang_cui.html|archive-date = 2019-05-24|title = Ang Cui}} and the Auto-ISAC 2018 Summit.{{Cite web|url=https://www.automotiveisac.com/auto-isac-summit/agenda/|title=In the Fast Lane – Auto-ISAC|website=Automotiveisac.com|language=en-US|access-date=2019-03-03}} Cui's security research has earned the 2011 Kaspersky Labs American Cup Winner,{{Cite web|url=http://ids.cs.columbia.edu/content/ang-cui-and-jatin-kataria-win-kaspersky-labs-american-cup.html|title=Ang Cui and Jatin Kataria win Kaspersky Labs American Cup {{!}} The Columbia University Intrusion Detection Systems Lab|website=Ids.cs.columbia.edu|access-date=2019-03-03}} 2012 Symantec Research Labs Graduate Fellowship{{Cite web|url=https://www.symantec.com/about/careers/graduate-fellowship|archive-url=https://web.archive.org/web/20160405083649/https://www.symantec.com/about/careers/graduate-fellowship|url-status=dead|archive-date=April 5, 2016|title=Graduate Fellowship Program|website=Symantec.com|access-date=2019-03-03}} and the 2015 DARPA Riser{{Cite web|url=https://www.darpa.mil/news-events/2015-09-09a|title=DARPA Rising Event Highlights Emerging Leaders in Science and Technology|website=Darpa.mil|access-date=2019-03-03}}

In 2017, the United States Department of Homeland Security cited his company with the “Crossing the Valley of Death” distinction for the development of a commercially available cyber defense system for critical infrastructure facilities, which was produced following a 12-month DHS funded pilot study to evaluate cyber sabotage risks to the building systems of a DHS Biosafety Level 3 facility.{{cite web|url=https://www.isao.org/storage/2018/09/IISC-2018-Douglas-Maughan-Re-inventing-Cybersecurity-R-D.pdf|title=Re-inventing Cybersecurity R&D: How DHS is Innovating to Deliver More Secure Systems|website=Isao.org|accessdate=28 April 2019}}{{cite web|url=https://www.dhs.gov/sites/default/files/publications/R%26D%20Showcase%20and%20Technical%20Workshop.pdf|title=R&D SHOWCASE AND TECHNICAL WORKSHOP 2016|website=Dhs.gov|accessdate=28 April 2019}}{{cite web|url=https://www.nitrd.gov/nitrdgroups/images/c/c9/Douglas_Maughan_CSD_SVIP.pdf|title=Cyber Security Division Overview and Silicon Valley Innovation Program|website=Nitrd.gov|accessdate=28 April 2019}}

In 2020, Cui received the noble title of duke from the Principality of Sealand. Cui's royal title grants him an official territory, or duchy, of one square foot within the micronation,{{cite web |title=Sealand become a duke or duchess |url=https://sealandgov.org/become-a-duke-or-duchess/?gclid=EAIaIQobChMIirWh8In46QIVDYeGCh0Cqw0SEAAYASAAEgITzvD_BwE |website=Principality of Sealand |publisher=Sealand |accessdate=10 June 2020}} which he has named SPACE.{{cite web |title=Ang Cui, Twitter |url=https://twitter.com/angcui/status/1271089701227765760/photo/1 |accessdate=11 June 2020}} As a Duke of the Principality of Sealand, Cui joins the ranks of notable figures who have also received nobility titles from the micronation, including English cricketeer Ben Stokes{{cite web |title=Inside the world's smallest 'country' located just 12 miles off the Essex coast |url=https://www.essexlive.news/news/inside-worlds-smallest-country-located-3153573 |website=Essex Live|date=30 July 2019 }} and musician Ed Sheeran.{{cite news |title=Ed Sheeran becomes a 'baron of Sealand' |work=BBC News |date=23 December 2012 |url=https://www.bbc.com/news/uk-england-20831502 }}

Cui is best known for his role in the development of Symbiote, a host-based firmware defense technology for embedded devices.{{Cite web|url=https://www.cs.columbia.edu/2016/symbiote-technology-created-by-ang-cui-and-salvatore-stolfo-named-one-of-popular-sciences-best-of-whats-new/|title=Symbiote technology created by Ang Cui and Salvatore Stolfo named one of Popular Science's "Best of What's New" {{!}} Department of Computer Science, Columbia University|website=Cs.columbia.edu|access-date=2019-03-03}}

Symbiote is injected into the firmware of a legacy embedded device where it provides intrusion detection functionality.{{cite web|url=http://ids.cs.columbia.edu/sites/default/files/paper_2.pdf|title=Defending Embedded Systems with Software Symbiotes|author1=Ang Cui|author2=Salvatore J. Stolfo|website=Ids.cs.columbia.edu|accessdate=28 April 2019}}{{cite web|url=https://apps.dtic.mil/dtic/tr/fulltext/u2/1005647.pdf|archive-url=https://web.archive.org/web/20200325130613/https://apps.dtic.mil/dtic/tr/fulltext/u2/1005647.pdf|url-status=live|archive-date=March 25, 2020|title=SPARCHS: SYMBIOTIC, POLYMORPHIC, AUTOMATIC, RESILIENT, CLEAN-SLATE, HOST SECURITY|website=Apps.dtic.mil|accessdate=28 April 2019}}{{Cite web|url=https://www.researchgate.net/publication/221427496|title=Defending Embedded Systems with Software Symbiotes|website=ResearchGate|language=en|access-date=2019-03-03}}{{Cite web|url=https://www.sbir.gov/content/symbiote-technology-repair-vulnerable-firmware-0|title=Symbiote Technology to Repair Vulnerable Firmware {{!}} SBIR.gov|website=Sbir.gov|access-date=2019-03-03}} It does so by constantly checking the integrity of static code and data at the firmware level, in order to prevent unauthorized code or commands from executing. Symbiote is operating system agnostic and is compatible with most embedded devices.{{Cite web|url=https://gizmodo.com/meet-the-symbiote-the-ironclad-adaptable-future-of-an-5986960|title=Meet the Symbiote: The Ironclad, Adaptable Future of Antivirus Protection|last=Newman|first=Lily Hay|website=Gizmodo.com|date=26 February 2013 |language=en-US|access-date=2019-03-03}}{{Cite web|url=https://www.scientificamerican.com/article/auto-immune-symbiotes-could-be-deployed-to-thwart-cyber-attacks/|title=Auto-Immune: "Symbiotes" Could Be Deployed to Thwart Cyber Attacks|last=Choi|first=Charles Q.|website=Scientific American|language=en|access-date=2019-03-03}}{{Cite web|url=https://slate.com/technology/2014/03/red-balloon-symbiote-anti-virus-security-software-protects-embedded-devices.html|title=The Internet of Things Needs Anti-Virus Protection|last=Newman|first=Lily Hay|date=2014-03-10|website=Slate Magazine|language=en|access-date=2019-03-03}} Red Balloon Security has already released Symbiote for commercial printer brands like HP{{Cite web|url=https://www.computerworld.com/article/3074902/printer-security-is-your-companys-data-really-safe.html|title=Printer security: Is your company's data really safe?|last=Wood|first=Lamont|date=2016-06-01|website=Computerworld|language=en|access-date=2019-03-03}} and other devices.

On June 21, 2017, Red Balloon Security announced the launch of Symbiote for Automotive Defense, an automotive version of the standard Symbiote technology, at the Escar USA Conference in Detroit.{{Cite web|url=https://www.cnet.com/roadshow/news/car-connected-smart-hackers-cyber-defense-symbiote/|title=This add-on could save millions of cars from hackers|last=Ng|first=Alfred|website=Roadshow|language=en|access-date=2019-03-03}}

In 2016, Popular Science named Symbiote one of the “9 Most Important Security Innovations of the Year.”{{Cite web|url=https://www.popsci.com/9-most-important-security-innovations-year|title=The 9 Most Important Security Innovations Of The Year|website=Popular Science|date=19 October 2016|language=en|access-date=2019-03-03}}

In 2011, Cui was part of a research effort at Columbia University, directed by Professor Salvatore Stolfo, to examine security vulnerabilities in HP LaserJet printers.{{Cite web|url=https://www.nbcnews.com/business/consumer/exclusive-millions-printers-open-devastating-hack-attack-researchers-say-f118851|title=Exclusive: Millions of printers open to devastating hack attack, researchers say|last=Sullivan|first=Bob|date=2011-11-29|website=NBC News|language=en|access-date=2019-03-03}} The project found chers announced significant security flaws in these devices which could allow for a range of remote attacks, including triggering a fire hazard by forcing the printer's fuser to continually heat up.

HP released a firmware update soon after these findings were released. However, team claimed they found 201 vulnerable HP laser jet printers in the U.S. Department of Defense's network and two at HP's headquarters months after the security patch was released. In 2015, HP licensed Cui's Symbiote technology to use as a firmware defense against cyber attacks for its LaserJet Enterprise printers and multifunction printers.{{Cite web|url=https://www.dhs.gov/science-and-technology/dhs-st-funded-technology-helps-protect-devices-cyber-attacks|title=DHS S&T Funded Technology Helps Protect Devices from Cyber Attacks|date=2015-11-03|website=Department of Homeland Security|language=en|access-date=2019-03-03}}

At the 29th Chaos Communication Congress in December 2012, Cui and Stolfo presented the findings of their DARPA funded research study, which exposed a vulnerability in Cisco IP phones (CiscoUnified IP Phone 7900 series) that could allow an attacker to turn them into bugging devices.{{Cite web|url=https://www.computerworld.com/article/2474060/remotely-listen-in-via-hacked-voip-phones--cisco-working-on-eavesdropping-patch.html|title=Remotely listen in via hacked VoIP phones: Cisco working on eavesdropping patch|last=Storm|first=Darlene|date=2013-01-08|website=Computerworld|language=en|access-date=2019-03-03}} The exploit gained root access to the device's firmware, which could enable the interception of phone calls. It would also allow an attacker to remotely activate the phone's microphone in order to eavesdrop on nearby conversations.

At the 2015 Black Hat Briefings cybersecurity conference,{{Cite web|url=https://www.zdnet.com/article/black-hat-2015-cool-talks-hot-threat-intel/|title=Black Hat 2015: Cool talks, hot threat intel|last=Blue|first=Violet|website=ZDNet|language=en|access-date=2019-03-03}} Cui unveiled a firmware exploit called “Funtenna”{{Citation|title=GitHub - funtenna/funtenna_2015: Funtenna P0C code demonstrated at Blackhat 2015.|date=2019-01-07|url=https://github.com/funtenna/funtenna_2015|publisher=funtenna|access-date=2019-03-03}} which manipulates the electronic processes within common devices like printers, phones, and washing machines in order to create radio signals which could secretly transmit data outside of a secure facility.{{Cite news|url=http://www.slate.com/blogs/future_tense/2015/08/05/_funtenna_uses_software_to_make_embedded_devices_broadcast_data_on_radio.html|title=A Printer That Sings Your Data for Hackers to Hear|last=Newman|first=Lily Hay|date=2015-08-05|work=Slate|access-date=2019-03-03|language=en-US|issn=1091-2339}}{{Cite web|url=https://money.cnn.com/2015/08/05/technology/radio-hack/index.html|title=How your washing machine can steal computer files|last=Pagliery|first=Jose|date=2015-08-05|website=CNNMoney|access-date=2019-03-03}}{{Cite web|url=https://www.eweek.com/blogs/security-watch/funtenna-malware-takes-to-the-airwaves-to-steal-data|title=Funtenna Malware Takes to the Airwaves to Steal Data|website=eWEEK|date=6 August 2015|access-date=2019-03-03}} The attack could even work with devices within an air-gapped system.{{Cite web|url=https://arstechnica.com/information-technology/2015/08/funtenna-software-hack-turns-a-laser-printer-into-a-covert-radio/|title="Funtenna" software hack turns a laser printer into a covert radio|last=Gallagher|first=Sean|date=2015-08-06|website=Ars Technica|language=en-us|access-date=2019-03-03}}{{Cite web|url=https://thehackernews.com/2015/08/radio-signal-hacking-computer.html|title=This Antenna Can Remotely Steal Data From Devices using Sound Waves|website=The Hacker News|language=english|access-date=2019-03-03}}

News outlets such as Ars Technica and Motherboard noted Funtenna's potential for turning infected devices into covert spying tools.

At the DEF CON 24 security conference in 2016,{{Cite web|url=https://www.defcon.org/html/defcon-24/dc-24-speakers.html|title=DEF CON® 24 Hacking Conference - Speakers|website=www.defcon.org|access-date=2019-05-24}} Cui, along with his principal scientist Jatin Kataria and security researcher Francois Charbonneau, demonstrated{{Citation|last=DEFCONConference|title=DEF CON 24 - Ang Cui - A Monitor Darkly: Reversing and Exploiting Ubiquitous OSD Controllers|date=2016-11-10|url=https://www.youtube.com/watch?v=zvP2FEfOSsk|access-date=2019-05-24}} previously unknown vulnerabilities in the firmware of widely used computer monitors, which an attacker could exploit to both spy on the user's screen activity and to manipulate what the user sees and engages with on the screen.{{Cite web|url=https://www.vice.com/en/article/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels/|title=Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels|last=Franceschi-Bicchierai|first=Lorenzo|date=2016-08-06|website=Vice|language=en-US|access-date=2019-05-24}}{{Cite web|url=https://www.businessinsider.com/how-hackers-can-compromise-your-computer-monitor-darkly-cybersecurity-ssl-mr-robot-red-balloon-security-2017-11|title=Hackers can gain access to your computer monitor — a cybersecurity expert shows us how easy it is|last=Snyder|first=Chris|website=Business Insider|access-date=2019-05-24}}

Called “Monitor Darkly,” the firmware vulnerability was reported to affect Dell, HP, Samsung and Acer computer monitors.{{Cite web|url=https://www.csoonline.com/article/3104926/hacking-monitors-for-spying-stealing-data-manipulating-what-you-see-on-the-screen.html|title=Hacking computer monitors to spy and steal data|last=Smith|first=Ms|date=2016-08-07|website=CSO Online|language=en|access-date=2019-05-24}}

The vulnerability was specific to the monitors’ on-screen-display (OSD) controllers, which are used to control and adjust viewing options on the screen, such as brightness, contrast or horizontal/vertical positioning.{{Cite web|url=https://whatis.techtarget.com/definition/on-screen-display-OSD|title=What is on-screen display (OSD)? - Definition from WhatIs.com|website=WhatIs.com|language=en|access-date=2019-05-24}} However, as Cui, Kataria and Charbonneau noted in their talk abstract for the 2016 REcon security conference, with the Monitor Darkly exploit, the OSD can also be used to “read the content of the screen, change arbitrary pixel values, and execute arbitrary code supplied through numerous control channels.”{{Cite web|url=https://recon.cx/2016/talks/A-Monitor-Darkly.html|title=A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors|date=June 18, 2016|website=REcon}}

The security news site CSO Online said about the vulnerability, “By exploiting a hacked monitor, they could manipulate the pixels and add a secure-lock icon by a URL. They could make a $0 PayPal account balance appear to be a $1 billion balance. They could change ‘the status-alert light on a power plant's control interface from green to red.’”

The exploit was later used in a Season 3 episode of the Mr. Robot show, in which the FBI uses it to take screenshots of Elliot Alderson’s computer.{{Cite web|url=https://www.geekwire.com/2017/mr-robot-rewind-backdooring-monitor-fbi-surveillance-episode-two/|title='Mr. Robot' Rewind: Backdooring a monitor for FBI surveillance in Episode Two|date=2017-10-20|website=GeekWire|language=en-US|access-date=2019-05-24}}{{Cite web|url=https://www.observeit.com/blog/spoiler-alert-mr-robot-season-3-episode-3/|title=Monitoring Mr. Robot|last=Donovan|first=Kevin|date=2017-10-27|website=ObserveIT|language=en-US|access-date=2019-05-24}}

At the 2017 REcon security conference, Cui and security researcher Rick Housley demonstrated{{Cite web|url=https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-BADFET.pdf|title=Defeating Secure Boot with EMFI|website=REcon}} a new method for hacking processors through the use of an electromagnetic pulse, or EMP.{{Cite journal|last1=Housley|first1=Rick|last2=Cui|first2=Ang|date=2017|title={BADFET}: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection|url=https://www.usenix.org/conference/woot17/workshop-program/presentation/cui|language=en}}

Known as electromagnetic fault injection (EMFI), this class of attacks has been investigated before, but Cui and Housley’s new technique, known as “BadFET," is adapted to exploit modern computers and embedded devices, by impacting multiple components within these devices at the same time.{{Cite magazine|url=https://www.wired.com/story/electromagnetic-pulse-hack/|title=A Diabolical Way of Hacking a Chip With a Wave of Your Hand|last=Newman|first=Lily Hay|date=2017-06-21|magazine=Wired|access-date=2019-05-24|issn=1059-1028}} By using a 300 volt EMP pulse from 3 millimeters away, the BadFET attack bypasses the Secure Boot protection that keeps processors from running untrusted code.

Cui and Housley also introduced an open source EMFI platform that makes BadFET available to other security researchers, for further analysis, testing and development.

On May 13, 2019, Cui and his research team (composed of Jatin Kataria, Richard Housley and James Chambers){{cite web |last1=Kirk |first1=Jeremy |title=Cisco's 'Thrangrycat' Router Flaw Tough to Neuter |url=https://www.bankinfosecurity.com/ciscos-thrangrycat-router-flaw-tricky-to-fix-a-12479 |website=BankInfoSecurity |publisher=ISMG Network |accessdate=14 May 2019}} jointly announced with Cisco{{cite web |title=Cisco Secure Boot Hardware Tampering Vulnerability |url=https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot |website=Cisco Security Center |publisher=Cisco |accessdate=13 May 2019}} a critical vulnerability in Cisco's secure boot process{{cite web |last1=Thomson |first1=Iain |title=It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw |url=https://www.theregister.co.uk/2019/05/13/cisco_thrangrycat_vulnerability/ |website=The Register |accessdate=13 May 2019}} identified as CVE-2019-1649,{{cite web |title=CVE-2019-1649 Detail |url=https://nvd.nist.gov/vuln/detail/CVE-2019-1649 |website=National Vulnerability Database |publisher=NIST |accessdate=13 May 2019}}{{cite web |title=CVE-2019-1649 |url=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1649 |website=Common Vulnerabilities and Exposures |publisher=MITRE |accessdate=24 May 2019}} and referred to as “Thrangrycat”{{cite web |last1=Doctorow |first1=Cory |title=Thangrycat: a deadly Cisco vulnerability named after an emoji |date=22 May 2019 |url=https://boingboing.net/2019/05/22/introspection-engines.html |publisher=Boing Boing |accessdate=22 May 2019}} by Red Balloon Security.

The vulnerability affects a key hardware security component developed by Cisco known as the Trust Anchor module (TAm).{{cite web |last1=Barth |first1=Bradley |title='Thrangrycat' flaw in millions of Cisco devices could enable 'Secure Boot' bypass |url=https://www.scmagazine.com/home/security-news/thrangrycat-flaw-in-millions-of-cisco-devices-could-enable-secure-boot-bypass/ |website=SC Magazine |date=14 May 2019 |publisher=SC Media |accessdate=14 May 2019}} The vulnerability is considered significant, as TAm underpins the secure boot process in numerous Cisco devices, including routers and switches.{{cite web |last1=Kumar |first1=Mohit |title=Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor |url=https://thehackernews.com/2019/05/cisco-secure-boot-bypass.html |website=The Hacker News |accessdate=14 May 2019}} As WIRED Magazine explained in its reporting on the Thrangrycat vulnerability: "Known as the Trust Anchor, this Cisco security feature has been implemented in almost all of the company’s enterprise devices since 2013. The fact that the researchers have demonstrated a way to bypass it in one device indicates that it may be possible, with device-specific modifications, to defeat the Trust Anchor on hundreds of millions of Cisco units around the world. That includes everything from enterprise routers to network switches to firewalls.”{{cite magazine |last1=Newman |first1=Lily Hay |title=A Cisco Router Bug Has Massive Global Implications |url=https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/ |magazine=WIRED |publisher=Conde Nast |accessdate=13 May 2019}}

Cisco describes the TAm as a “proprietary, tamper-resistant chip”{{cite web |title=Cisco Trustworthy Technologies Data Sheet |url=https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf |website=Cisco |accessdate=24 May 2019}} that is “found in many Cisco products” and “helps verify that Cisco hardware is authentic.”{{cite web |title=Cisco Secure Boot and Trust Anchor Module Differentiation Solution Overview |url=https://www.cisco.com/c/en/us/products/collateral/security/cloud-access-security/secure-boot-trust.html |website=Cisco |accessdate=24 May 2019}}

The vulnerability could enable an attacker to modify the firmware of this module to gain persistent access on a network and carry out many different types of malicious activity, including data theft, importing malware and physical destruction of equipment.{{cite news |last1=Cimpanu |first1=Catalin |title=Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear |url=https://www.zdnet.com/article/thrangrycat-flaw-lets-attackers-plant-persistent-backdoors-on-cisco-gear/ |work=ZDNet |accessdate=13 May 2019}}{{cite web |last1=Robuck |first1=Mike |title=Red Balloon Security finds critical design flaw in Cisco routers, switches and firewalls |date=14 May 2019 |url=https://www.fiercetelecom.com/telecom/red-balloon-security-finds-bug-cisco-routers-switches-and-firewalls |publisher=FierceTelecom |accessdate=14 May 2019}}

The New York Times called Thrangrycat “super alarming,”{{cite news |last1=Warzel |first1=Charlie |title=The Internet Security Apocalypse You Probably Missed |url=https://www.nytimes.com/2019/05/21/opinion/internet-security.html |work=The New York Times |date=21 May 2019 |accessdate=21 May 2019}} with WIRED Magazine warning it has “massive global implications.”

Thrangrycat is believed to be the first security vulnerability to be named with emoji symbols.{{cite web |last1=Thomson |first1=Iain |title=It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw |url=https://www.theregister.co.uk/2019/05/13/cisco_thrangrycat_vulnerability/ |website=The Register |accessdate=13 May 2019}}

{{Reflist}}

{{DEFAULTSORT:Cui, Ang}}

Category:Living people

Category:American computer scientists

Category:Place of birth missing (living people)

Category:Columbia University alumni

Category:Columbia University faculty

Category:American technology company founders

Category:1983 births