Gabriel Salles-Loustau, a Ph.D. student in the 4N6 Research Group of Prof. Saman Zonouz in the Electrical and Computer Engineering Department at Rutgers University, received a $10K award from the Google Vulnerability Reward Program (VRP). During his collaborative Ph.D. research between 4N6 and AT&T Research Labs (Dr. Kaustubh Joshi), Gabriel detected a serious security vulnerability in Google's Android ecosystem that would allow malicious parties without any initial access to perform unauthorized code injection/execution (remote permanent device exploitation) on smartphones and tablets running the current and several past versions of Android. Following his discovery, Gabriel developed a re-playable exploit scenario and reported it to Google Android security team.
Google has put Gabriel’s name along with his affiliated lab and Rutgers Electrical and Computer Engineering (ECE) on the Google Application Security Hall of Fame (https://www.google.com/about/appsecurity/hall-of-fame/reward/).
Gabriel’s Ph.D. research focus is on Security and Privacy with emphasis on Smartphone and Embedded Systems Security for end-user privacy. His recent work, so-called Swirls, as part of his AT&T Research summer internship, is on privacy-preserving smartphone security solutions and facilitates Bring-Your-Own-Device (BYOD) policies, Enterprise Multi-Level Security (MLS) administration, and geographic/temporal policy enforcement. Swirls is about 30K lines of code and is currently fully functional on Android-enabled handheld platforms.