Security Research

My primary research objective is to understand and improve the security properties of firmware and operating systems. I like to think about complex, interconnected systems, and attempt to understand security vulnerabilities in the context in which they occur.
I think that, rather than focusing on a certain type of vulnerability, mitigation, or technique, security vulnerabilities should be seen as the result of systematic issues. This motivates my research.

Accepted papers

Vulnerability, Where Art Thou? An Investigation of Vulnerability Management in Android Smartphone Chipsets

Authors: Daniel Klischies, Philipp Mackensen, Veelasha Moonsamy To appear at NDSS 2025. Our large-scale study reveals that the smartphone chipset industry heavily depends on independent reseachers to discover vulnerabilities. Discovered vulnerabilities often affect hundreds of different chipset models and thousands of smartphone models, with time-consuming analysis, development and roll-out processes until mitigating patches and updates reach end users. → Read more

Instructions Unclear: Undefined Behaviour in Cellular Network Specifications

Authors: Daniel Klischies, Moritz Schloegel, Tobias Scharnowski, Mikhail Bogodukhov, David Rupprecht, Veelasha Moonsamy Appeared at USENIX Security Symposium 2023. In this paper, we investigate the presence and impact of undefined behavior in cellular network specifications on modems used in smartphones. In doing so, we found multiple gaps in the LTE specifications that lead to insecure implementations resulting in three high-severity CVEs. → Read more

Prior to conducting security reseach I have dabbled in medical informatics and the detection of speech disorders. You can find some papers on this on my Google Scholar page.