Xianbo Wang

Ph.D. Candidate at MobiTeC Lab, The Chinese University of Hong Kong.


I am a security researcher and hacking enthusiast. I was born in Kunming, a city in China known for its eternal spring. Currently, I am pursuing a PhD under the supervision of Prof. Wing Cheong Lau. Before that, I obtained BSc in Mathematics from the same university. My recent research interests are in mobile system and application (in)security, especially about authentication and authorization issues. Some of my works were published in academic conferences like USENIX and NDSS, and some were presented in hacking conferences like Black Hat.

I have been a fan of CTF and bug bounty. From time to time, I wish I could have spent more time on them, be smarter, and be one of those cool kids. Except for not being cool enough, I’m pretty happy with my daily research and life. Finding vulnerabilities is what makes me most excited, and coding is what I usually do when I’m bored.


May 4, 2022 A PHYjacking related vulnerability we reported to Android was patched as CVE-2022-20007.
Dec 14, 2021 Our PHYjacking paper was accepted in NDSS 2022.

selected publications

  1. NDSS
    PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on Android
    Xianbo Wang, Shangcheng Shi, Yikang Chen, and 1 more author
    Proceedings Network and Distributed System Security Symposium, 2022
    Scalable Detection of Promotional Website Defacements in Black Hat {SEO} Campaigns
    Ronghai Yang*, Xianbo Wang*, Cheng Chi, and 4 more authors
    * indicates equal contribution
    In 30th USENIX Security Symposium (USENIX Security 21), 2021
  3. Black Hat
    Make Redirection Evil Again: URL Parser Issues in OAuth
    Xianbo Wang, Shangcheng Shi, Ronghai Yang, and 1 more author
    Black Hat Asia Briefings, 2019