Skip to main content

About me / Services


Ruben Santamarta is a European independent security researcher with over 20 years of experience in the industry.

He has found and published dozens of vulnerabilities in a variety of targets, such as: desktop software and mobile apps, e-voting platforms, operating systems, Industrial Control Systems, SCADA software, IoT devices, RF controllers, satellite terminals, maritime
equipment, solar inverters, avionics, or radiation monitoring systems.

Ruben has presented multiple times at international security conferences, such as Black Hat USA.

His main areas of expertise are reverse engineering, source code analysis, and cyber-physical systems (nuclear, power grid, solar inverters, etc.)

The best way to reach out for work, research, or media inquiries is via LinkedIn. Please send a connection request, outlining the purpose of it in the message. Connection requests without a message may not be considered. 

https://www.linkedin.com/in/rubensantamarta/ 

This page contains a curated selection of publications, media appearances, and conferences from the past 12 years.

Publications




Reversemode / A New Cyber-Physical Angle in Spain's Blackout.

2025

https://www.reversemode.com/2025/06/a-new-cyber-physical-angle-in-spains.html

Reversemode / What Really Happened in Chernobyl During the Beginning of the Russian Invasion?

2024

https://www.reversemode.com/2024/01/what-really-happened-in-chernobyl.html

Reversemode / Reversing 'France Identité': the new French digital ID

2023

https://www.reversemode.com/2023/10/reversing-france-identite-new-french.html

NSA / Protecting VSAT communications 

2022

https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2910409/nsa-issues-recommendations-to-protect-vsat-communications/

 (Reference to my SATCOM  research in the advisory)

Reversemode / VIASAT incident: from speculation to technical details.

2022

https://www.reversemode.com/2022/03/viasat-incident-from-speculation-to.html

Reversemode / De-Anonymization attacks against Proton Services

2022

https://www.reversemode.com/2022/06/de-anonymization-attacks-against-proton.html

Reversemode / Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1,  2 and  3

2022/2024

https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html

https://www.reversemode.com/2022/05/finding-vulnerabilities-in-swiss-posts.html

https://www.reversemode.com/2024/01/finding-vulnerabilities-in-swiss-posts.html

IOActive / Reverse Engineering of DAL-A Certified Avionics: Collins’ Pro Line Fusion—AFD-3700

2022

https://ioactive.com/reverse-engineering-certified-avionics-collins-pro-line-fusion/

IOActive Blog / A Practical Approach To Attacking IoT Embedded Designs (I) and (II)

2021

https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot.html

https://ioactive.com/a-practical-approach-to-attacking-iot-embedded-designs-2/

IOActive Blog / No buffers harmed: Rooting Sierra Wireless AirLink devices through logic bugs

2020

https://labs.ioactive.com/2020/09/no-buffers-harmed-rooting-sierra.html

IOActive Blog / Breaking Electronic Baggage Tags - Lufthansa vs British Airways

2020

https://labs.ioactive.com/2020/09/breaking-electronic-baggage-tags.html

IOActive Blog / Warcodes II - The Desko Case

2020

https://labs.ioactive.com/2020/12/warcodes-ii-desko-case.html

CISA / Mirion Technologies Telemetry Enabled Devices

2017

https://www.cisa.gov/news-events/ics-advisories/icsa-17-208-02

IOActive Blog / In Flight Hacking System

2016

https://ioactive.com/identify-backdoors-in-firmware-by-using-automatic-string-analysis/

IOActive Blog / Identify Backdoors in Firmware By Using Automatic String Analysis

2013

https://ioactive.com/identify-backdoors-in-firmware-by-using-automatic-string-analysis/

IOActive Blog / Inside Flame: You Say Shell32, I Say MSSECMGR

2012

https://ioactive.com/inside-flame-you-say-shell32-i-say-mssecmgr/

CISA / Schneider Electric Quantum Ethernet Module Credentials

2011

https://www.cisa.gov/news-events/ics-alerts/ics-alert-11-346-01



Media

France24 / États-Unis : quand la lutte antimigrants s'arme de logiciels espions

2025

https://www.france24.com/fr/%C3%A9co-tech/20250903-ice-paragon-logiciel-espion-spyware-immigration-tech-trump-pegasus-graphite

Zetter Zeroday / Anatomy of a Nuclear Scare

2025

https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/

Wired / The Mystery of Chernobyl’s Post-Invasion Radiation Spikes

2023

https://www.wired.com/story/chernobyl-radiation-spike-mystery

Bloomberg / The Satellite Hack Everyone Is Finally Talking About

2023

https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/

Wired / A Mysterious Satellite Hack Has Victims Far Beyond Ukraine

2022

https://www.wired.co.uk/article/viasat-internet-hack-ukraine-russia

The Guardian / Hacked satellite systems could launch microwave-like attacks, expert warns

2018

https://www.theguardian.com/technology/news-blog/2018/aug/09/satellite-system-hacking-attacks-ships-planes-military

Forbes / This Guy Hacked Hundreds Of Planes From The Ground

2018

https://www.forbes.com/sites/thomasbrewster/2018/08/09/this-guy-hacked-hundreds-of-planes-from-the-ground/#6d752bab46f2

Wired / Hacker Warns Radioactivity Sensors Can Be Spoofed Or Disabled

2017

https://www.wired.com/story/radioactivity-sensor-hacks/


Reuters / Hacker says to show passenger jets at risk of cyber attack

2014

https://www.reuters.com/article/idUSKBN0G40WQ/

Reuters / 'Irrational' hackers are growing U.S. security fear

2013

https://www.reuters.com/article/cybersecurity-usa-infrastructure-idCNL2N0DY1LA20130522/

Washington Post / In cyberattacks, hacking humans is highly effective way to access systems

2012

https://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html



Conferences

BlackHat USA / Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication

2023

https://www.blackhat.com/us-23/briefings/schedule/#seeing-through-the-invisible-radiation-spikes-detected-in-chernobyl-during-the-russian-invasion-show-possible-evidence-of-fabrication-32941

BlackHat USA / Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

2019

https://www.blackhat.com/us-19/briefings/schedule/index.html#arm-ida-and-cross-check-reversing-the-boeing-s-core-network-15716

BlackHat USA / Last Call For SATCOM Security

2018

https://www.blackhat.com/us-18/briefings/schedule/index.html#last-call-for-satcom-security-11192

BlackHat USA / Go Nuclear: Breaking Radiation Monitoring Devices

2017

https://www.blackhat.com/us-17/briefings.html#go-nuclear-breaking-radiation-monitoring-devices

BlackHat USA / SATCOM Terminals: Hacking by Air, Sea and Land

2014

https://www.blackhat.com/us-14/briefings.html#satcom-terminals-hacking-by-air-sea-and-land

BlackHat USA / Here Be Backdoors: A Journey into the secrets of Industrial Firmware

2012

https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Santamarta






Popular posts from this blog

What Really Happened in Chernobyl During the Beginning of the Russian Invasion?

This blog post contains the web version of my research paper: " Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication ", which was unveiled at BlackHat USA 2023 . It is intended to ease the indexing and dissemination of the information collected during this research.  In a few days, I'll be in Brussels presenting this research.  The original paper (PDF) can be downloaded here . Additional references: https://www.wired.com/story/chernobyl-radiation-spike-mystery/  (Kim Zetter) https://www.zetter-zeroday.com/p/radiation-spikes-at-chernobyl-a-mystery  (Kim Zetter) https://medium.com/war-notes/chornobyl-3-92216d21b223  (Olegh Bondarenko) INDEX Foreword Executive summary Introduction 1. Physical      1986      Resuspension      Transport      Humidity      Traffic 2. Cyber    ...
Read more

De-Anonymization attacks against Proton services

  In November 2021 YesWeHack invited me to participate in a private bug bounty program organized by  Bug Bounty Switzerland on behalf of Proton AG.  The scope of the program was quite interesting and heterogeneous, as it covered most of the applications and services offered by Proton, such as ProtonMail and ProtonVPN. As a result, multiple technologies and codebases were in scope, ranging from typescript, in the open-source part of Protonmail, to .NET/Swift used by ProtonVPN apps for Windows and macOS respectively. Proton is well-known for its privacy-driven services offer, so they are based on Switzerland where the legislation seems to match Proton's requirements to provide that kind of services: thus maximizing the privacy of their communications, minimizing the amount of data they log from their users while keeping a law-abiding status.  It wouldn't be realistic to think of Proton users as an homogenous group; you may be using Proton because you're genuinely w...
Read more

Finding vulnerabilities in Swiss Post's e-voting system: part 3

Exactly two years ago I brought my blog back to life, after many years of hiatus, with " Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 ". That was the first of a series of blog posts covering that system. During these two years I've been periodically assessing the security posture of this e-voting solution, as part of their Bug Bounty program , which I personally recommend.   Since the first time I reviewed their codebase a lot of things have changed, for good, as many areas have been dramatically improved. To be honest, from a security perspective the codebase back then was kind of a mess.   When the first Swiss Post e-voting platform was published, back in 2019, it faced some public scrutiny, mostly from the academic community.  As a result, some significant issues were uncovered , so eventually Swiss Post decided to suspend the deployment of the system. That first version had been developed by Scytl , Spanish company specializ...
Read more

Beware of Java's String.getBytes

Sometimes there are subtle bugs whose origin can be found in some quirks from the underlying language used to build the software. This blog post describes one of those cases in order to let both fellow security researchers and developers, who didn't know about it, become aware of this potential vulnerable pattern. In fact, I'm pretty sure that similar bugs to the one herein described likely affect a bunch of products/codebases out there. In previous posts , I've already described some bugs in the Swiss Post's future E-voting system. While reading their  Crypto-Primitives specification , which among other things describes the custom Hashing algorithm Swiss Post implemented, I noticed something potentially interesting. Basically, there are 4 different types that are supported: byte arrays, strings, integers and vectors. Before being hashed, strings are converted to a byte array via the ' StringToByteArray ' algorithm. However, by comparing ' StringToByteArray...
Read more

Finding vulnerabilities in Swiss Post's future e-voting system - Part 2

Earlier this year I published the Part I of this series of blog posts on vulnerabilities in Swiss Post's future e-voting system. That publication comprehensively explains the context, methodology and attack surface for the Swiss Post e-voting system, so it is highly recommended to go through it before reading this post, if you're really interested in getting the whole picture. This second round of bugs (reported during December '21 and January '22 ) includes multiple cryptographic vulnerabilities and a deserialization issue.   For me, the most interesting issue is ' #YWH-PGM2323-65 ', not only because it would have prevented ballot boxes from being decrypted during the tally phase, but also due to the potential design weaknesses that I'm coming across as a result of its analysis.  Let's briefly discuss the reported issues before going into detail: ID Title Reward (€) Attack Surface Areas* CVSS #YWH-PGM2323-53 Multiple unchecked length values during Saf...
Read more