Abdullah Al Ishtiaq is a Ph.D. student at Pennsylvania State University. His primary research interest is in the security of wireless networks and natural language processing. His recent work involves analyzing protocol specifications for security issues and detecting vulnerabilities and noncompliance in 4G/5G and BLE devices.
Research Interests
Systems Security, Wireless Communication Protocol Security, Natural Language Processing
Department of Computer Science and Engineering
School of EECS
The Pennsylvania State University
W362 Westgate Bldg, University Park, PA 16802
E-mail: abdullah_DOT_ishtiaq_AT_psu_DOT_edu
Phone: 814-996-8334
Recent News
- [December’24]: Serving on the artifact evaluation committee of the 34th USENIX Security Symposium 2025.
- [August’24]: “State Machine Mutation-based Testing Framework for Wireless Communication Protocols” has been accepted to CCS’24.
- [August’24]: 5GBaseChecker received distinguished paper award at the 33rd USENIX Security Symposium, 2024.
- [July’24]: Samsung awarded $2,800 for reporting several moderate severity vulnerabilities in BLE devices.
- [June’24]: Started summer internship at AT&T Services, Inc.
- [June’24]: Acknowledged in Samsung Product Security Update for several vulnerabilities in 5G baseband implementations.
- [April’24]: Google awarded $3,000 for reporting vulnerabilities in 4G devices.
- [June’24]: Samsung awarded $5,700 for reporting high severity vulnerabilities in 5G devices.
- [May’24]: “Cracking the 5G Fortress: Peering Into 5G’s Vulnerability Abyss” has been accepted to be presented at the Blackhat USA 2024.
- [April’24]: Acknowledged in Unisoc Product Security Acknowledgements for vulnerabilities in 5G baseband implementations.
- [April’24]: Google awarded $3,000 for reporting vulnerabilities in 4G devices.
- [March’24]: Acknowledged in Unisoc Product Security Acknowledgements for vulnerabilities in 5G baseband implementations.
- [March’24]: “Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G Basebands” has been accepted to USENIX Security’24.
-
[February’24]: Google awarded $14,250 for reporting high severity vulnerabilities in 5G devices.
- [October’23]: “Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specifications” has been accepted to USENIX Security’24.
- [May’23]: Inducted in GSMA Mobile Security Research Acknowledgements for identifying security issues in 5G networks.
-
[February’23]: Google awarded $10,000 for reporting high-severity vulnerabilities in Bluetooth Low Energy (BLE) implementations in Android.
- [December’22]: “BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations” has been accepted to 2023 IEEE Symposium on Security and Privacy (SP).
- [December’22]: Acknowledged in Qualcomm Security Bulletin for reporting a vulnerability in 4G baseband implementations.
- [September’22]: Acknowledged in Qualcomm Security Bulletin for reporting a vulnerability in 4G baseband implementations.
- [April’22]: Google awarded $5,000 for for reporting a high severity vulnerability in 4G devices.
- [April’22]: Acknowledged in Qualcomm Security Bulletin for reporting a vulnerability in 4G baseband implementations.
-
[January’22]: Acknowledged in MediaTek Product Security Acknowledgements for reporting a high severity vulnerability in 4G baseband implementations.
- [November’21]: Samsung rewarded $700 for reporting high and moderate severity vulnerabilities in Samsung 4G devices.
- [August’21]: “Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices” has been accepted to CCS’21.
- [August’21]: Acknowledged in Samsung Mobile Security Updates for reporting high and moderate severity vulnerabilities in Samsung 4G devices.
- [August’21]: Inducted in GSMA Mobile Security Research Acknowledgements for identifying security issues 4G devices.