Don A. Bailey

Don Bailey is a groundbreaking information security researcher whose work in mobile security and the internet of things has attracted the attention of the international press for the past decade. As one of the first researchers engaged in mobile and IoT technology, he has achieved many industry firsts: the first remote hack of a car in 2011, the first A-GPS hack the same year, global subversion of the SS7 infrastructure in 2010 and the first project to successfully use OSINT, among others.

In 2012, his focus on IoT security won his startup a DARPA grant to evaluate the risks of the IoT and develop strategies for mitigating those risks. This research transitioned into a project with the GSMA that led to him writing the GSMA IoT Security Guidelines with the support of major cellular carriers and mobile device manufacturers.

Don continually pushes the limits of information security. In 2014, he uncovered a critical vulnerability in the LZO and LZ4 compression algorithms, one of which had been exploitable for more than two decades. In 2015 and early 2016, he uncovered critical vulnerabilities in the Erlang programming environment.

His extensive history of research dates back many years. In 2004, he designed a rootkit that remains one of the most complex ever seen, and he discussed that achievement at the 2005 Bellua Cyber Security Conference Asia in Jakarta, Indonesia. In 2003, he released the first white paper demonstrating the use of CISC shellcode offsets as a means for augmenting return-to-libc exploits in constrained environments. In 2000, he was the first researcher to release a custom fuzzer for the Linux and BSD platforms.

While his long career as a researcher has given him opportunities as a security analyst, Don's real passion is building and deploying secure systems for consumers. His company, Lab Mouse Security, focuses on assessing IoT implementations and designing platforms to provide developers with drop-in solutions for IoT security. Don hopes to change the face of the IoT by incentivizing architectural security.

The opinions expressed in this blog are those of Don Bailey and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.