Federico Maggi

Federico Maggi

Senior Researcher

Trend Micro, Inc.

I enjoy working on various cyber-security topics. I’ve done offensive and defensive research on web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices.

I work with Trend Micro Research in a global team that focuses on technology and cyber-crime research. After more than 10 years, I concluded that I’m still around in the infosec area because it gives me so many opportunities to solve new exciting problems every day.

Interests

  • Systems Security
  • Applied Security
  • Data Analysis

Education

  • PhD in Computer Engineering, 2010

    Politecnico di Milano

  • MSc in Computer Engineering, 2007

    Politecnico di Milano

Recent Posts

Masked Emotions

Despite this little beast known as COVID-19 pandemic is about to turn 1 year old, many people still feel strange when wearing masks. While wearing a face mask we can’t speak properly and we can’t see others’ mouth, so our experience of a conversation can change, especially if speaking is central in our lives (think of any public figure).
Dec 21, 2020 27 min read
Masked Emotions

Reading Aloud

Reading long texts has always been a daunting task to me. A rocky mountain I seldom find myself brave enough to start climbing (unless forced to). I’ve never had good reading habits, except for a few, very intriguing novels with a powerful storyline, which I could actually read quite fast.
Dec 14, 2020 12 min read
Reading Aloud

Smart Manufacturing Security

How do we secure a smart manufacturing system, or a smart factory? Recent incidents such as the ransomware infection that halted production at a major semiconductor foundry in 2018 have already shown the impact of IT-to-OT lateral movement. Moreover, while smart manufacturing systems are isolated from other networks, there is a trend toward less isolation between IT and OT systems.

Jun 8, 2020 5 min read
Smart Manufacturing Security

Smart working, figli, tecnologia e didattica: il racconto e i consigli di un papà che lavora da casa da 4 anni e più

Ci voleva il termine “smart working," perché “lavoro da casa” in Italia, per molti, proprio non va giù. Sarà cultura, sarà mentalità, sarà la scarsa alfabetizzazione digitale, sta di fatto che è ancora guardato con sospetto da molti datori di lavoro, e con ammirazione e un pizzico di divertimento—quasi ironico (“ah ah ah, guardami lavoro dal divano!
Mar 9, 2020 11 min read
Smart working, figli, tecnologia e didattica: il racconto e i consigli di un papà che lavora da casa da 4 anni e più

Al lupo, al lupo! Tutti gli smartphone (non) sono sotto attacco!

È arrivato il momento di fare chiarezza sulle tante notizie che da circa un mese stiamo leggendo in materia di cellulari vulnerabili, sotto attacco, con buchi irreparabili, e chi più ne ha più ne metta.
Oct 1, 2019 13 min read
Al lupo, al lupo! Tutti gli smartphone (non) sono sotto attacco!
See all posts

Recent & Upcoming Talks

Hidden Attack Surfaces of Modern Industrial Automation Systems

Last year we performed a security analysis on a testbed smart manufacturing system using a variety of “unconventional” …
Oct 21, 2020 12:00 AM Stocholm, Sweden
Federico Maggi

Guarding the Factory Floor: Catching Insecure Industrial Robot Programs

What if a perfectly patched industrial manufacturing machine can still harbor for vulnerabilities where no one is looking? What if the …
Sep 12, 2020 12:00 AM Taiwan
Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi
PDF Video

OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts

In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation …
Aug 5, 2020 12:00 AM Las Vegas, US
Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi
PDF Video

Hey Operator, Where’s Your Crane? Attacking Industrial Remote Controllers

Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and …
May 10, 2019 12:00 AM Amsterdam, The Netherlands
Marco Balduzzi, Federico Maggi
PDF Video

RFQuack: The RF-Analysis Tool That Quacks

RFQuack is the versatile RF-analysis tool that quacks! It’s a library firmware that allows you to sniff, manipulate, and transmit …
May 9, 2019 12:00 AM Amsterdam, The Netherlands
Federico Maggi
PDF
See all talks

Recent Publications

Smart Factory Security: A Case Study on a Modular SmartManufacturing System

Smart manufacturing systems are an attractive target for cyber attacks, because they embed valuable data andcritical equipment. Despite …
Federico Maggi, Marco Balduzzi, Rainer Vosseler, Martin Rösler, Walter Quadrini, Giacomo Tavola, Marcello Pogliani, Davide Quarta, Stefano Zanero
PDF

Detecting Unsafe Code Patterns in Industrial Robot Programs

To appear
Marcello Pogliani, Federico Maggi, Marco Balduzzi, Davide Quarta, Stefano Zanero
PDF

Rogue Automation: Vulnerable and Malicious Code in Industrial Programming

In this research paper, we reveal previously unknown design flaws that malicious actors could exploit to hide malicious functionalities …
Federico Maggi, Marcello Pogliani, Martino, Vittone, Davide Quarta, Stefano Zanero, Marco Balduzzi, Rainer Vosseler, Martin Rösler
PDF

Attacks on Smart Manufactururing Systems: A Forward-looking Security Analysis

This research presents a systematic security analysis that we performed to explore a variety of attack vectors on a real smart …
Federico Maggi, Marcello Pogliani
PDF

Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats

Different critical infrastructures have been hit with attacks such as those that involved the infamous Stuxnet malware1 and the more …
Stephen Hilt, Federico Maggi, Charles Perine, Lord Remorin, Martin Rösler, Rainer Vosseler
PDF
See all publications

Experience

Also check the CV section and my LinkedIn profile.

 
 
 
 
 

Senior Researcher

Trend Micro, Inc.

Jul 2016 – Present Anywhere on Earth
R&D in the cyber-security area.
 
 
 
 
 

Adjunct (a.k.a. Contract) Professor

Politecnico di Milano

Jun 2016 – Jun 2017 Milano, Italy
Teaching (Computer Security).
 
 
 
 
 

Visiting Professor

UC Santa Barbara

Oct 2015 – Feb 2016 California, United States
Scientific research in the cyber-security area.
 
 
 
 
 

Assistant Professor

Politecnico di Milano

Jan 2014 – Jun 2016 Milano, Italy
Scientific research in the cyber-security area, teaching (Computer Security), research management.
 
 
 
 
 

Post-doctoral Researcher

Politecnico di Milano

Jan 2010 – Dec 2014 Milano, Italy
Scientific research in the cyber-security area, teaching (Computer Security, Computer Forensics, Programming).
 
 
 
 
 

Visiting Research Scholar

UC Santa Barbara

Sep 2008 – Jun 2009 California, United States
Scientific research in the cyber-security area.
 
 
 
 
 

Junior Penetration-testing Consultant

SecureNetwork s.r.l.

Jan 2005 – Dec 2016 Northern Italy
R&D, teaching (Information Security, Malware Analysis), web penetration testing, and vulnerability assessment.
 
 
 
 
 

IT Consultant

B.M.S. s.r.l.

Jan 2002 – Dec 2006 Northern Italy
IT and network engineering, deployment, and administration.
 
 
 
 
 

IT Consultant

Freelance

Jan 2000 – Jun 2016 Northern Italy

Contacts

The best way to contact me is via e-mail. Guess what the address might be? I usually answer within 1 day. If that doesn’t happen, feel free to ping me via instant messaging, Slack or IRC (mainly on Freenode), where I go by “phretor”.

If you need to communicate with my privately, use my GPG public key. Its fingerprint is C42B 0CC7 6191 5B69 2C68 E88F 9693 4CDE C0BB EBCF. If you prefer modern alternatives, yes, I use Signal (and you should, too), and Twitter.

Postal Office Address

Trend Micro Italy s.r.l. c/o Federico Maggi
Viale T. Edison 110
20099 Sesto San Giovanni
Milano, Italy