Mohamed Elnouby

Early Life

Mohamed Abdelbasset Elnouby was born in 1988 in Esna, Qena, in upper Egypt. He graduated from the Faculty of Tourism and Hotels at Elmenia University. His interest in programming and computer networks began as early as 1999, and he went on to work for several organizations, including S3Geeks. He also contributed to volunteer initiatives, including the Arabization of Twitter, and served as general moderator for the Arabic version of the Foursquare app.

Career

Elnouby worked as a freelance programmer and held the role of Chief Technology Officer in the Google Business Community in upper Egypt. In 2014, he joined the OWASP Cairo Chapter as an online coordinator. By 2016, he had advanced to become a project leader within OWASP, leading the QRLJacking project — a social engineering attack vector he is credited with discovering. He is also associated with Seekurity, a penetration testing firm through which he has conducted security research.

As a white hat hacker, Elnouby has assisted numerous companies in identifying and remediating vulnerabilities in their systems. His early breakthrough came in 2013 when he discovered a vulnerability on Facebook, an effort that earned him a place on Facebook's white hat security acknowledgment list alongside recognition from more than 20 other global websites.

Notable Work

Samsung Find My Mobile Vulnerability (2014)

In October 2014, Elnouby discovered a significant flaw in Samsung's "Find My Mobile" feature. The vulnerability allowed attackers to remotely lock a device and change its unlock code without the owner's authorization, effectively rendering the phone unusable. The issue stemmed from Samsung mobile devices failing to validate the source of incoming lock-code data over a network, making them susceptible to denial-of-service attacks. The flaw was documented in the U.S. government's National Vulnerability Database and acknowledged by the National Cyber Security Division, part of the U.S. Department of Homeland Security. Samsung acknowledged the report and stated it was investigating the matter.

United Nations Data Leak (2018)

On September 25, 2018, Elnouby, operating through Seekurity, disclosed a pair of vulnerabilities on the United Nations website. He discovered a path disclosure vulnerability and an information disclosure vulnerability that exposed thousands of résumés submitted by job applicants since 2016. The flaws existed within an improperly configured web application used by UN job applicants to upload their documents. If exploited, the vulnerabilities could have allowed attackers to access the directory index of job applications via Man-in-the-Middle attacks. The disclosure was part of a broader set of UN security issues reported that day, which also included a separate exposure of internal Trello, Jira, and Google Docs projects uncovered by another researcher.

Recognition

Elnouby has been acknowledged in the halls of fame of more than 20 global websites for his responsible disclosure work. In 2019, he was nominated for the Arab CISO of the Year Award, reaching the final shortlist at the Arab Security Conference.