Login
Login

Sam Curry

{{short description|American computer security researcher}}

{{For|the Scottish footballer|Sam Currie}}

{{Infobox person

| name = Sam Curry

| image =

| caption = Curry in 2019.

| birth_date = {{Birth date and age|1999|10|17}}

| birth_place = Omaha, Nebraska, U.S.

| nationality = American

| occupation = Hacker, Security researcher

| website = {{URL|https://samcurry.net}}

}}

Sam Curry (born October 17, 1999) is an American ethical hacker, bug bounty hunter, and founder. He is best known for his contributions to web application security through participation in bug bounty programs, most notably [https://thehackernews.com/2022/12/siriusxm-vulnerability-lets-hackers.html finding critical vulnerabilities in 20 different auto manufacturers] including Porsche, Mercedes-Benz, Ferrari, and Toyota. In 2018, Curry began working as a security consultant through his company Palisade{{cite web|url=https://www.foxbusiness.com/technology/teen-makes-six-figures-hacking-google-facebook-legally|title=Teen makes six figures hacking Google, Facebook legally|last1=Ganz|first1=Amy|date=30 July 2018 |publisher=Fox Business|accessdate=24 March 2020}} where he disclosed vulnerability publications for security findings in [https://samcurry.net/hacking-apple/ Apple], [https://samcurry.net/hacking-starbucks/ Starbucks], [https://samcurry.net/analysis-of-cve-2019-14994/ Jira], and [https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/ Tesla].

In 2021, Palisade was acquired by [https://yuga.com/ Yuga Labs] where Curry currently works as a security engineer. In 2023, Curry was [https://techcrunch.com/2023/09/27/sam-curry-chilling-effect-phone-search-airport/?guccounter=1 detained and summoned to testify within a Grand Jury] by the IRS-CI and DHS on wrongful suspicion of running a high-profile phishing website.

Curry has spoken on ethical hacking, web application security, and vulnerability disclosure at conferences including DEFCON,{{cite web|url=https://www.bugcrowd.com/blog/the-talks-that-define-def-con-27/|title=The Talks that Define DEF CON 27|date=5 August 2019 |publisher=Bugcrowd|accessdate=24 March 2020}} Black Hat Briefings,{{cite news|url=https://www.telegraph.co.uk/technology/2019/08/10/inside-black-hat-worlds-biggest-ethical-hacker-conference-las/|title=Inside Black Hat, the world's biggest ethical hacker conference in Las Vegas|last1=Murphy|first1=Margi|newspaper=Telegraph|date=10 August 2019 |accessdate=24 March 2020}} Kernelcon,{{cite web|url=https://kernelcon.org/speakers|title=Kernelcon Speakers|last1=Vidas|first1=Tim|publisher=Kernelcon|accessdate=24 March 2020}} and null.{{Cite web |title=null Dubai Meet 16 March 2023 March Special Meet |url=https://null.community/ |access-date=2023-03-24 |website=null.community}}

Biography

Curry grew up in Omaha, Nebraska and attended Elkhorn High School. He began hacking at the age of 12,{{cite web|url=https://portswigger.net/daily-swig/schools-out-meet-the-teen-hackers-swapping-books-for-bugs|title=School's out: Meet the teen hackers swapping books for bugs|last1=Haworth|first1=Jessica|date=23 April 2019 |publisher=Portswigger|accessdate=24 March 2020}} ethically disclosing vulnerabilities to various vendors over email.{{cite web|url=https://www.marketwatch.com/story/this-18-year-olds-hacking-side-hustle-has-earned-him-100000-and-its-legal-2018-07-23|title=This 18-year-old's hacking side hustle has earned him $100,000—and it's totally legal|last1=Paul|first1=Kari|publisher=MarketWatch|accessdate=24 March 2020}} At University of Nebraska Omaha, Curry worked with students through the cyber security club NULLify.{{cite web|url=https://www.unomaha.edu/college-of-information-science-and-technology/engagement/nullify-ctf.php|title=NULLify Capture The Flag|last1=Denney|first1=Vanessa|date=18 December 2018 |publisher=University of Nebraska Omaha|accessdate=24 March 2020}}{{cite news |title=Globally Used Points.com Loyalty System Hacked for Good |url=https://www.hackread.com/points-com-loyalty-system-hacked-for-good/ |work=www.hackread.com |date=4 August 2023}}

Publications and articles

  • "Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery". vice.com. Retrieved June 2, 2021.{{cite web|last1=Franceschi-Bicchierai|first1=Lorenzo|title=Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant's Surgery|url=https://www.vice.com/en/article/researchers-secure-bug-bounty-payout-to-help-raise-funds-for-infants-surgery/|publisher=vice.com|access-date=2 June 2021}}
  • "Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability" portswigger.net. Retrieved June 2, 2021.{{cite web|last1=Pritchard|first1=Stephen|title=Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability|date=10 May 2021 |url=https://portswigger.net/daily-swig/pega-infinity-hotfix-released-after-researchers-flag-critical-authentication-bypass-vulnerability|publisher=portswigger.net|accessdate=2 June 2021}}
  • "We Hacked Apple for 3 Months: Here’s What We Found". samcurry.net. Retrieved April 9, 2021.{{cite web|last1=Curry|first1=Samuel|title=We Hacked Apple for 3 Months: Here's What We Found|url=https://samcurry.net/hacking-apple/|publisher=samcurry.net|accessdate=3 November 2019}}
  • "Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty". samcurry.net. Retrieved November 3, 2019.{{cite web|last1=Curry|first1=Samuel|title=Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty|date=November 2019 |url=https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/|publisher=samcurry.net|accessdate=3 November 2019}}
  • "Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More". samcurry.net. Retrieved November 26, 2023. {{cite web|last1=Curry|first1=Samuel|title=Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More|date=November 2019 |url=https://samcurry.net/web-hackers-vs-the-auto-industry|publisher=samcurry.net|accessdate=3 November 2019}}
  • "Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform". wired.com. Retrieved March 23, 2024. {{cite web|last1=Newman|first1=Lily|title=Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform|date=August 2023 |url=https://www.wired.com/story/points-travel-rewards-platform-flaws/|publisher=wired.com|accessdate=23 March 2024}}
  • "Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds". wired.com. Retrieved March 23, 2024. {{cite web|last1=Greenberg|first1=Andy|title=Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds|date=March 2024 |url=https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/|publisher=wired.com|accessdate=23 March 2024}}

References

{{Reflist}}

{{Authority control}}

{{DEFAULTSORT:Curry, Sam}}

Category:Hackers

Category:1999 births

Category:Living people

Category:People from Omaha, Nebraska