Martina Lindorfer


I am a tenure-track Assistant Professor in the Security and Privacy Group at TU Wien (Technische Universität Wien, formerly known as Vienna University of Technology) in Vienna, Austria. I am also a key researcher at SBA Research, the largest research center in Austria which exclusively addresses information security.

Before that, I was a Postdoc in the Computer Security Group (SecLab) at UC Santa Barbara, working with Christopher Kruegel and Giovanni Vigna. I received my doctorate in 2016 with honors of the Austrian president (Promotio Sub Auspiciis Praesidentis), as well as the ERCIM Cor Baayen Young Researcher Award in 2018. During my PhD, I was advised by Edgar Weippl and worked as a research assistant at the International Secure Systems Lab (iSecLab).

In addition to my PhD, I hold a Master's degree in Software Engineering and Internet Computing from TU Wien and a Bachelor's degree in Computer and Media Security from the University of Applied Sciences in Hagenberg.

You can download a copy of my CV here.

Research Interests

My research focuses on systems security, in particular mobile security and privacy, and all things malware analysis.

I am passionate about building large-scale analysis systems and providing them to the community. For example, I led the development and maintenance of Andrubis, a publicly available service to analyze Android apps for malicious behavior, and I am a contributor to ReCon, a tool that allows users to take control over which data mobile apps are leaking. I also work on the exploitation of and defense against rowhammer and other side-channel vulnerabilities, such as Drammer, the first deterministic attack that exploits the rowhammer hardware vulnerability on Android devices.


mlindorfer (at) iseclab (dot) org
martina (dot) lindorfer (at) tuwien (dot) ac (dot) at
TU Wien
Institute of Logic and Computation (192/6)
Security and Privacy Group
Favoritenstrasse 9-11, Stiege 2, 1. Stock
A-1040 Wien


Aug 10 We have some last minute funding for diversity grants for our summer school for security and privacy on blockchains (BDLT19) sponsored by Princeton's Center for Information Technology Policy.
Jul 1 I am proud to announce that I am now also a key researcher at SBA Research.
Jun 27 Elleen is presenting Panoptispy, our work on media leaks in mobile apps, at PrivacyCon hosted by the Federal Trade Commission (FTC).
Jun 17 We wrapped up the first iteration of our new Introduction to Security lecture with 300 participants with a presentation of the best of the 1,600 solutions to 11 challenges in our WUT CTF.
Jun 12 We are organizing the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies at TU Wien in September, the registration is now open.
Jan 31 I am looking for PhD students in (mobile) systems security and privacy! More information here.
Jan 8 Thanks Florian Aigner @ TU Wien for the nice profile of me and my research!
Oct 9 I am honored to receive the 2018 ERCIM Cor Baayen Young Researcher Award.
Aug 6 Rampage received a Pwnie nomination for Best Privilege Escalation Bug.
Jun 19 I am excited to officially announce that I will join TU Wien as an Assistant Professor (tenure track) in October.
Nov 11 Drammer received the Best Paper Award at the CSAW'17 Applied Research Competition.
Oct 2 I am excited to be selected as a mentor for Learn IT, Girl, a program that helps women around the globe to learn how to code.
Jul 26 Drammer received a Pwnie Award for Best Privilege Escalation Bug and was also nominated for Most Innovative Research.
May 20 I was interviewed by the Austrian daily newspaper Kurier on why more women should study computer science (print and online).
May 16 I am honored to be awarded my doctorate degree in a Promotio Sub Auspiciis Praesidentis (press release by TU Wien).
Apr 5 ReCon was used in the documentary Harvest to raise awareness about privacy risks of mobile apps.
Mar 21 Drammer received the Best Dutch Cyber Security Research Paper (DCSRP2017) award.
Nov 1 Drammer was recognized by the Android Security Rewards Program (CVE-2016-6728, critical).

Reviewer Service

Program Committee Member

  • The Web Conference (WebConf 2020, formerly known as WWW, Security, Privacy, and Trust track)
  • IEEE Symposium on Security and Privacy (S&P 2020)
  • USENIX Security Symposium (USENIX Security 2019 & 2020)
  • Annual Computer Security Applications Conference (ACSAC 2019), including Artifacts Evaluation Subcommittee
  • ACM ASIA Conference on Computer and Communications Security (ASIACCS 2019)
  • Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2016, 2017, 2018 & 2019)
  • European Workshop on Systems Security (EuroSec 2018 & 2019)
  • USENIX Workshop on Offensive Technologies (WOOT 2015 & 2018)
  • International Symposium on Engineering Secure Software and Systems (ESSoS 2018)
  • International Workshop on Innovations in Mobile Privacy and Security (IMPS 2017 & 2018)
  • Workshop on Formal Methods for Security Engineering (ForSE 2017 & 2018)
  • International Workshop on Emerging Cyberthreats and Countermeasures (ECTCM 2013, 2014 & 2015)

External Reviewer

  • Privacy Enhancing Technologies Symposium (PETS 2017, 2018 & 2020)
  • IEEE European Symposium on Security and Privacy (EuroS&P 2019)
  • International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2016)

Journal Reviewer

  • ACM Transactions on Privacy and Security
  • Computers & Security
  • EURASIP Journal on Information Security
  • IEEE Transactions on Computers
  • IEEE Transactions on Dependable and Secure Computing
  • IEEE Transactions on Information Forensics and Security
  • IEEE Transactions on Mobile Computing
  • International Journal of Information Security
  • Journal of Computer Virology and Hacking Techniques
  • Theoretical Computer Science



  • Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, Giovanni Vigna
    MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
    ACM Conference on Computer and Communications Security (CCS), October 2018
  • Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, David Choffnes
    Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
    Privacy Enhancing Technologies Symposium (PETS), July 2018
    MEDIA: Gizmodo, Fortune, Engadget, Heise, Stern, Futurezone, New York Times (Op-Ed), ABC ScreenTime w/ Diane Sawyer, New York Times (The Privacy Project), amongst many others.
    * Presented at the FTC PrivacyCon 2019 *
  • Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
    GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
    Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), June 2018
    MEDIA: Ars Technica, Slashdot, Heise, amongst others.
    * Pwnie nomination for Best Privilege Escalation Bug *
    * Best Research Award at the International Conference on Computing Systems (CompSys 2018) *
  • Jingjing Ren, Martina Lindorfer, Daniel Dubois, Ashwin Rao, David Choffnes, Narseo Vallina-Rodriguez
    Bug Fixes, Improvements, ... and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
    Network and Distributed System Security Symposium (NDSS), February 2018
    * Presented at the FTC PrivacyCon 2018 *
  • Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna
    Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
    Network and Distributed System Security Symposium (NDSS), February 2017
  • Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, ClĂ©mentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
    Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
    ACM Conference on Computer and Communications Security (CCS), October 2016
    MEDIA: WIRED, Ars Technica, Slashdot, amongst others.
    * Pwnie Award for Best Privilege Escalation Bug and nomination for Most Innovative Research *
    * Best Dutch Cyber Security Research Paper *
    * Best Paper Award at the CSAW'17 Applied Research Competition *
  • Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, David Choffnes
    ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
    International Conference on Mobile Systems, Applications and Services (MobiSys), June 2016
    MEDIA: Boston Globe, NBC News, MSN News, Christian Science Monitor, amongst others.
    * Presented at the FTC PrivacyCon 2017 *
  • Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda
    CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
    International Conference on Financial Cryptography and Data Security (FC), February 2016
  • Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer
    Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis
    Annual International Computers, Software & Applications Conference (COMPSAC), July 2015
    MEDIA: Futurezone, ORF Newton, SRF Kassensturz
  • Christian Platzer Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen,
    Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors
    International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), September 2014
  • Christian Platzer Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen,
    Andrubis: Android Malware Under The Magnifying Glass
    Technical Report, TU Wien, TR-ISECLAB-0414-001, July 2014
  • Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis
    AndRadar: Fast Discovery of Android Applications in Alternative Markets
    Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2014
  • Christian Platzer, Martin Stuetz, Martina Lindorfer
    Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images
    International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS), June 2014
  • Edgar Weippl Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani,
    Enter Sandbox: Android Sandbox Comparison
    IEEE Mobile Security Technologies Workshop (MoST), May 2014
  • Martina Lindorfer, Bernhard Miller, Matthias Neugschwandtner, Christian Platzer
    Take a Bite - Finding the Worm in the Apple
    International Conference on Information, Communications and Signal Processing (ICICS), December 2013
  • Martina Lindorfer, Matthias Neumayr, Juan Caballero, Christian Platzer
    POSTER: Cross-Platform Malware: Write Once, Infect Everywhere
    ACM Conference on Computer and Communications Security (CCS), November 2013
  • Matthias Neugschwandtner, Martina Lindorfer, Christian Platzer
    A View to a Kill: WebView Exploitation
    USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), August 2013
  • Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, Stefano Zanero
    Lines of Malicious Code: Insights Into the Malicious Software Industry
    Annual Computer Security Applications Conference (ACSAC), December 2012
  • Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti
    Detecting Environment-Sensitive Malware
    International Symposium on Recent Advances in Intrusion Detection (RAID), September 2011


  • Malware Through the Looking Glass: Malware Analysis in an Evolving Threat Landscape
    Dissertation, TU Wien, November 2015
  • Detecting Environment-Sensitive Malware
    Master's thesis, TU Wien, April 2011