Eunkyu Lee

Eunkyu Lee

Ph.D @ KAIST | Security Researcher

Publications

  1. RTCON: Context-Adaptive Function-Level Fuzzing for RTOS Kernels
    • Eunkyu Lee, Junyoung Park, Insu Yun (NDSS ‘26)
  2. DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
    • CheolJun Park, Sangwook Bae, BeomSeok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, and Yongdae Kim USENIX Conference on Security Symposium (USENIX Security ’22)
  3. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane
    • Hongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim IEEE Symposium on Security and Privacy (IEEE S&P ’19)
  4. Pay As You Want: Bypassing Charging System in Operational Cellular Networks
    • Hyunwook Hong, Hongil Kim, Byeongdo Hong, Dongkwan Kim, Hyunwoo Choi, Eunkyu Lee and Yongdae Kim World Conference on Information Security Applications (WISA ’16)

Education

  • KAIST, Ph.D. of Electrical Engineering, Advisor: Insu Yun (Aug 2023 -)
  • KAIST, Master of Electrical Engineering, Advisor: Yongdae Kim (March 2017 - Feb 2019)
  • KAIST, Bachelor of Electrical Engineering, Advisor: Yongdae Kim (March 2013 - Feb 2017)

Experience

  • Security Researcher, Ministry of National Defense, Republic of Korea (Feb 2019 - Aug 2023)

Skills

  • Embedded System Security: Vulnerability detection in various systems with x86/64, ARM and MIPS architecture. Analyzing firmware and RTOS kernels based on static and dynamic analysis (skilled in rehosting/emulation using QEMU).
  • LLM Security: Vulnerability detection using an autonomous agentic system. Interested in building an agentic system.
  • Mobile Network Security: Finding vulnerabilities in cellular modems implemented by commercial manufacturers such as Samsung and Qualcomm, mainly focusing on LTE downlink protocols including RRC(Radio Resource Control) and NAS(Non Access Stratum). Implementing an LTE downlink protocol testing tool that dynamically probes a device through wireless messages which are crafted by SDR(Software Defined Radio).

Reported Bugs

RTOS

  • Zephyr project (CVE-2024-5931, CVE-2024-6135, CVE-2024-6137, CVE-2024-8798, CVE-2024-6442, CVE-2024-6258 , CVE-2024-6444, CVE-2024-6259, CVE-2024-6443)
  • RIOT project (CVE-2024-51569, CVE-2024-52802)
  • ThreadX project (CVE-2025-55087, CVE-2025-55085, CVE-2025-55086)

Mobile

  • Qualcomm Bug Bounty $15,000 (CVE-2019-2289)

Awards

  • Conference on Information Security and Cryptography-Winter 2025 Excellence Prize
  • Cyber Threat Scenario Contest 2025 Excellence Prize (₩ 3,000,000)
  • Cyber Security Paper Contest 2025 Excellence Prize (₩ 2,000,000)
  • Conference on Information Security and Cryptography-Winter 2018 Excellence Prize

Patents

  • Insu Yun, Eunkyu Lee, Junyoung Park. Fuzzing-Based Vulnerability Detection Method. KR 10-2025-016972
  • Yongdae Kim, Hongil Kim, Jiho Lee, and Eunkyu Lee. Dynamic Security Analysis Method for Control Plane and System Therefore. US16716055.
  • Yongdae Kim, Hongil Kim, Jiho Lee, and Eunkyu Lee. Dynamic Security Analysis Method for Control Plane and System Therefore. KR 10-2215706-0000.