Jump to content

英文维基 | 中文维基 | 日文维基 | 草榴社区

Draft:Dhiraj Mishra (Security Researcher)

From Wikipedia, the free encyclopedia

Dhiraj Mishra is an Indian security researcher and white hat hacker known for discovering significant vulnerabilities in major messaging platforms and his contributions to cybersecurity research.[1] He has presented his security research at prominent cybersecurity conferences including Black Hat USA and BruCon.[2][3] He gained international recognition for identifying critical privacy and security issues in Telegram[4] and his research on malware detection techniques.[5] His discoveries have helped improve privacy features in widely-used messaging applications, particularly focusing on data persistence and deletion vulnerabilities.[6]

Notable Security Research

[edit]

SUPRA Smart TV Vulnerability (2019)

[edit]

In 2019, Mishra discovered a significant vulnerability in SUPRA Smart Cloud TV systems that allowed attackers on the same Wi-Fi network to hijack TV sets and broadcast unauthorized content, including potentially malicious emergency broadcast messages.[7]

Telegram Vulnerabilities

[edit]

MacOS Self-Destructing Messages (2021)

[edit]

In February 2021, Mishra discovered a significant vulnerability in Telegram's macOS client where self-destructing messages were not being properly deleted from the system.[8] The bug affected both sent and received conversations that were meant to be automatically deleted, compromising user privacy expectations.[9] Telegram acknowledged and subsequently fixed the vulnerability.[10]

Unsent Media Persistence (2019)

[edit]

In September 2019, Mishra identified another privacy concern in Telegram where "unsent" photos and videos remained stored on recipients' devices despite being deleted by the sender.[11] This discovery highlighted important implications for user privacy and data persistence in messaging applications.[12]

SVG Smuggling Research

[edit]

In March 2024, Mishra advanced the field of malware detection by developing a new variant of SVG smuggling technique.[13] His research revealed how this technique was being exploited in emerging malware campaigns, contributing to the cybersecurity community's understanding of contemporary threats.

Speaking Engagements

[edit]

Mishra has presented security research at major international cybersecurity conferences:

Recognition and Awards

[edit]
  • Received €3,000 reward from Telegram for identifying privacy vulnerabilities (2021)[16]

See also

[edit]

References

[edit]
  1. ^ "Indian cybersecurity researcher rewarded by Telegram", www.uniindia.com, 13 February 2021
  2. ^ "Deep Dive into Fuzzing", Black Hat USA, 2022
  3. ^ "Deep Dive into Fuzzing", BruCon, 2021
  4. ^ Doffman, Zak (13 February 2021), "Why You Should Never Quit WhatsApp For Telegram", www.forbes.com
  5. ^ Cofense (13 March 2024), "SVG Files Abused in Emerging Campaigns", cofense.com
  6. ^ Whittaker, Zack (9 September 2019), "Telegram fixes bug that failed to delete 'unsent' photos and videos", techcrunch.com
  7. ^ Spring, Tom (3 June 2019), "Smart TV Flaws Open Door to Rogue Broadcasts", Threatpost
  8. ^ Doffman, Zak (13 February 2021), "Why You Should Never Quit WhatsApp For Telegram", www.forbes.com
  9. ^ Abrams, Lawrence (15 February 2021), "Telegram privacy feature failed to delete self-destructing video files", www.bleepingcomputer.com
  10. ^ "Telegrams "selbstzerstörende Nachrichten" löschten keine Videos", www.derstandard.at, 14 February 2021
  11. ^ Whittaker, Zack (9 September 2019), "Telegram fixes bug that failed to delete 'unsent' photos and videos", techcrunch.com
  12. ^ Mehta, Ivan (10 September 2019), "Telegram fixed a bug that stored images on recipients' phones even after you 'unsent' them", thenextweb.com
  13. ^ Cofense (13 March 2024), "SVG Files Abused in Emerging Campaigns", cofense.com
  14. ^ "Deep Dive into Fuzzing", Black Hat USA, 2022
  15. ^ "Deep Dive into Fuzzing", BruCon, 2021
  16. ^ Tikhaya, Zlata (13 February 2021), "Un analyste reçoit une récompense de 3.000 euros pour avoir signalé un bug de Telegram", www.fr.sputniknews.com.com
[edit]