Research Scientist

Muhammad Ibrahim

I work on system and application security — with an emphasis on mobile platforms, AI, and IoT devices — and on how end-users and developers interact with the systems they rely on.

Research Scientist II at the CyFI Lab, Georgia Institute of Technology. Open to collaboration on cybersecurity, AI, trust, privacy, and policy.

Portrait of Muhammad Ibrahim

Research

I build tools and conduct analyses to understand — and improve — the security of the devices people use every day.

Mobile Platform Security

Analyzing mobile platform mechanisms — attestation, authorization, and the APIs apps rely on — to expose weaknesses and design safer defaults.

IoT & Firmware Security

Studying how connected devices ship, update, and verify firmware — and the attack surface that opens when those pipelines go wrong.

AI & Security

Studying the security of AI-driven systems and using learning-based techniques to analyze software and its behavior at scale.

Human Factors in Security

Understanding how developers and end-users interact with mobile technology, and how those interactions can be leveraged to improve security.

Experience

  • Research Scientist II Jan 2025 – Present
    CyFI Lab · Georgia Institute of Technology
  • Research Assistant 2019 – 2024
    PurSec Lab · Purdue University

Education

  • Ph.D. in Computer Science 2019 – 2024
    Purdue University · Advised by Dr. Antonio Bianchi
  • B.S. in Computer Science 2015 – 2019
    Lahore University of Management Sciences (LUMS), Pakistan

Publications

Peer-reviewed work at top security and mobile systems venues. Full list on Google Scholar.

  1. 2024

    Wear's My Data? Understanding the Cross-Device Runtime Permission Model in Wearables

    IEEE S&P 2024 45th IEEE Symposium on Security and Privacy (Oakland) · 18% acceptance

  2. 2023

    AoT — Attack on Things: A Security Analysis of IoT Firmware Updates

    EuroS&P 2023 IEEE 8th European Symposium on Security and Privacy · 35% acceptance

  3. 2022

    SARA: Secure Android Remote Authorization

    USENIX Security 2022 31st USENIX Security Symposium · 18% acceptance

  4. 2021

    SafetyNOT: On the Usage of the SafetyNet Attestation API in Android

    MobiSys 2021 19th ACM International Conference on Mobile Systems, Applications, and Services · 22% acceptance

Security Disclosures

Vulnerabilities I've discovered and responsibly disclosed.

Get in touch

Always happy to talk about security research, AI, and potential collaborations.

mibrahim@gatech.edu