Roee Hay

X-Force Application Security Research Team Leader, IBM Security

Roee leads the X-Force Application Security Research Team at IBM. He has vast knowledge and experience in network and mobile security. Roee holds a B.Sc. degree from Technion, Israel Institute of Technology.

Software Vulnerabilities January 5, 2017

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes

4 min read - X-Force researchers disclosed several Android vulnerabilities that could enable cybercriminals to use custom boot modes to take over Nexus 6 and 6P modems.

Endpoint September 1, 2016

Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB

3 min read - The IBM X-Force Application Security Research Team discovered a previously undocumented vulnerability in older versions of Nexus 5X's Android images.

Software Vulnerabilities July 7, 2016

Remote Code Execution in Xiaomi MIUI Analytics

3 min read - The IBM X-Force AppSec Research Team has discovered a remote code execution (RCE) vulnerability in MIUI, the flavor of Android developed by Xiaomi.

Software Vulnerabilities August 10, 2015

One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status

9 min read - IBM researchers recently revealed details about an Android serialization vulnerability, including recommendations for protecting mobile devices.

Software Vulnerabilities March 11, 2015

DroppedIn: Remotely Exploitable Vulnerability in the Dropbox SDK for Android

8 min read - IBM X-Force has discovered a vulnerability in Dropbox SDK for Android that lets attackers connect mobile apps to Dropbox accounts that they control.

Software Vulnerabilities February 28, 2015

IBM Application Security on Cloud Saves the Day

2 min read - With AppScan Mobile Analyzer, IBM found vulnerabilities in the Apache Cordova framework for mobile apps that enabled a remote drive-by exploitation attack.

Software Vulnerabilities August 5, 2014

Apache Cordova Vulnerability Discovered: 10% of Android Banking Apps Potentially Vulnerable

8 min read - The IBM Security X-Force Research team has uncovered a serious vulnerability that affects many Android applications built on the Apache Cordova platform.

Software Vulnerabilities June 23, 2014

Android KeyStore Stack Buffer Overflow: To Keep Things Simple, Buffers Are Always Larger Than Needed

3 min read - Nine months ago, IBM discovered a classic stack-based buffer overflow in the Android KeyStore service; the vulnerability was recently disclosed publicly.

Application Security March 26, 2014

New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles

8 min read - We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to leak sensitive information pertaining to the user profile. We developed attacks that first try to determine the random Firefox profile directory name…

Application Security December 10, 2013

A New Vulnerability in the Android Framework: Fragment Injection

6 min read - We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App…

Software Vulnerabilities August 13, 2013

Subverting BIND's SRTT Algorithm: Derandomizing NS Selection

5 min read - New vulnerability found in BIND, the most popular DNS server. Exploiting this vulnerability allows to reduce the amount of effort required for an off-path (blind) DNS cache poisoning attack. This blog post describes the vulnerability in a less formal fashion.

Application Security April 17, 2013

Practical mobile app security scanning tips

< 1 min read - Looking to do dynamic security testing of your mobile apps? Look no further! In this hands-on article, learn how to use IBM Security AppScan Standard with mobile user agents, as well as emulators and actual devices for Android and iOS.…

Failed to load data

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.

Subscribe today

Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

Cybersecurity News By Topic By Industry Exclusive Series X-Force Podcast Events Contact About Us

Security Intelligence

{{title}}

{{title}}

{{title}}

{{title}}

Topics

Roee Hay

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes

Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB

Remote Code Execution in Xiaomi MIUI Analytics

One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status

DroppedIn: Remotely Exploitable Vulnerability in the Dropbox SDK for Android

IBM Application Security on Cloud Saves the Day

Apache Cordova Vulnerability Discovered: 10% of Android Banking Apps Potentially Vulnerable

Android KeyStore Stack Buffer Overflow: To Keep Things Simple, Buffers Are Always Larger Than Needed

New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles

A New Vulnerability in the Android Framework: Fragment Injection

Subverting BIND's SRTT Algorithm: Derandomizing NS Selection

Practical mobile app security scanning tips

{{{title}}}

Topic updates