About me / Services

Ruben Santamarta is a European independent security researcher with over 20 years of experience in the industry.

He has found and published dozens of vulnerabilities in a variety of targets, such as: desktop software and mobile apps, e-voting platforms, operating systems, Industrial Control Systems, SCADA software, IoT devices, RF controllers, satellite terminals, maritime

equipment, solar inverters, avionics, or radiation monitoring systems.

Ruben has presented multiple times at international security conferences, such as Black Hat USA.

His main areas of expertise are reverse engineering, source code analysis, and cyber-physical systems (nuclear, power grid, solar inverters, etc.)

The best way to reach out for work, research, or media inquiries is via LinkedIn. Please send a connection request, outlining the purpose of it in the message. Connection requests without a message may not be considered.

https://www.linkedin.com/in/rubensantamarta/

This page contains a curated selection of publications, media appearances, and conferences from the past 12 years.

Publications

Reversemode / A New Cyber-Physical Angle in Spain's Blackout.

2025

https://www.reversemode.com/2025/06/a-new-cyber-physical-angle-in-spains.html

Reversemode / What Really Happened in Chernobyl During the Beginning of the Russian Invasion?

2024

https://www.reversemode.com/2024/01/what-really-happened-in-chernobyl.html

Reversemode / Reversing 'France Identité': the new French digital ID

2023

https://www.reversemode.com/2023/10/reversing-france-identite-new-french.html

NSA / Protecting VSAT communications

2022

https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2910409/nsa-issues-recommendations-to-protect-vsat-communications/

(Reference to my SATCOM research in the advisory)

Reversemode / VIASAT incident: from speculation to technical details.

2022

https://www.reversemode.com/2022/03/viasat-incident-from-speculation-to.html

Reversemode / De-Anonymization attacks against Proton Services

2022

https://www.reversemode.com/2022/06/de-anonymization-attacks-against-proton.html

Reversemode / Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1, 2 and 3

2022/2024

https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html

https://www.reversemode.com/2022/05/finding-vulnerabilities-in-swiss-posts.html

https://www.reversemode.com/2024/01/finding-vulnerabilities-in-swiss-posts.html

IOActive / Reverse Engineering of DAL-A Certified Avionics: Collins’ Pro Line Fusion—AFD-3700

2022

https://ioactive.com/reverse-engineering-certified-avionics-collins-pro-line-fusion/

IOActive Blog / A Practical Approach To Attacking IoT Embedded Designs (I) and (II)

2021

https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot.html

https://ioactive.com/a-practical-approach-to-attacking-iot-embedded-designs-2/

IOActive Blog / No buffers harmed: Rooting Sierra Wireless AirLink devices through logic bugs

2020

https://labs.ioactive.com/2020/09/no-buffers-harmed-rooting-sierra.html

IOActive Blog / Breaking Electronic Baggage Tags - Lufthansa vs British Airways

2020

https://labs.ioactive.com/2020/09/breaking-electronic-baggage-tags.html

IOActive Blog / Warcodes II - The Desko Case

2020

https://labs.ioactive.com/2020/12/warcodes-ii-desko-case.html

CISA / Mirion Technologies Telemetry Enabled Devices

2017

https://www.cisa.gov/news-events/ics-advisories/icsa-17-208-02

IOActive Blog / In Flight Hacking System

2016

https://ioactive.com/identify-backdoors-in-firmware-by-using-automatic-string-analysis/

IOActive Blog / Identify Backdoors in Firmware By Using Automatic String Analysis

2013

https://ioactive.com/identify-backdoors-in-firmware-by-using-automatic-string-analysis/

IOActive Blog / Inside Flame: You Say Shell32, I Say MSSECMGR

2012

https://ioactive.com/inside-flame-you-say-shell32-i-say-mssecmgr/

CISA / Schneider Electric Quantum Ethernet Module Credentials

2011

https://www.cisa.gov/news-events/ics-alerts/ics-alert-11-346-01

Media

France24 / États-Unis : quand la lutte antimigrants s'arme de logiciels espions

2025

https://www.france24.com/fr/%C3%A9co-tech/20250903-ice-paragon-logiciel-espion-spyware-immigration-tech-trump-pegasus-graphite

Zetter Zeroday / Anatomy of a Nuclear Scare

2025

https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/

Wired / The Mystery of Chernobyl’s Post-Invasion Radiation Spikes

2023

https://www.wired.com/story/chernobyl-radiation-spike-mystery

Bloomberg / The Satellite Hack Everyone Is Finally Talking About

2023

https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/

Wired / A Mysterious Satellite Hack Has Victims Far Beyond Ukraine

2022

https://www.wired.co.uk/article/viasat-internet-hack-ukraine-russia

The Guardian / Hacked satellite systems could launch microwave-like attacks, expert warns

2018

https://www.theguardian.com/technology/news-blog/2018/aug/09/satellite-system-hacking-attacks-ships-planes-military

Forbes / This Guy Hacked Hundreds Of Planes From The Ground

2018

https://www.forbes.com/sites/thomasbrewster/2018/08/09/this-guy-hacked-hundreds-of-planes-from-the-ground/#6d752bab46f2

Wired / Hacker Warns Radioactivity Sensors Can Be Spoofed Or Disabled

2017

https://www.wired.com/story/radioactivity-sensor-hacks/

Reuters / Hacker says to show passenger jets at risk of cyber attack

2014

https://www.reuters.com/article/idUSKBN0G40WQ/

Reuters / 'Irrational' hackers are growing U.S. security fear

2013

https://www.reuters.com/article/cybersecurity-usa-infrastructure-idCNL2N0DY1LA20130522/

Washington Post / In cyberattacks, hacking humans is highly effective way to access systems

2012

https://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html

Conferences

BlackHat USA / Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication

2023

https://www.blackhat.com/us-23/briefings/schedule/#seeing-through-the-invisible-radiation-spikes-detected-in-chernobyl-during-the-russian-invasion-show-possible-evidence-of-fabrication-32941

BlackHat USA / Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

2019

https://www.blackhat.com/us-19/briefings/schedule/index.html#arm-ida-and-cross-check-reversing-the-boeing-s-core-network-15716

BlackHat USA / Last Call For SATCOM Security

2018

https://www.blackhat.com/us-18/briefings/schedule/index.html#last-call-for-satcom-security-11192

BlackHat USA / Go Nuclear: Breaking Radiation Monitoring Devices

2017

https://www.blackhat.com/us-17/briefings.html#go-nuclear-breaking-radiation-monitoring-devices

BlackHat USA / SATCOM Terminals: Hacking by Air, Sea and Land

2014

https://www.blackhat.com/us-14/briefings.html#satcom-terminals-hacking-by-air-sea-and-land

BlackHat USA / Here Be Backdoors: A Journey into the secrets of Industrial Firmware

2012

https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Santamarta

-------------- Update from 06/10/2023 : following my publication, I’ve been in contact with France Identité CISO and they could provide more information on the measures they have taken in the light of these findings: We would like to thank you for your in-depth technical research work on “France Identite” app that was launched in beta a year ago and for which you were rewarded. As you know, the app is now generally available on iOS and Android through their respective app stores. Your work, alongside French cybersecurity agency (ANSSI) research, made us update and modify deeply the E2EE Secure Channel used between the app and our backend. It is now mostly based on TLS1.3. Those modifications were released only a few weeks after you submitted your work through our private BugBounty program with YesWeHack. That released version also fixes the three other vulnerabilities you submitted. From the beginning of “France Identite” program, it was decided to implicate cybersecurity communi...