Dr. Andreas Gutmann

Security Researcher

---

I am a Senior Technologist Cyber Security & Online Safety in the Trust and Safety Technology Group at Ofcom, the UK's communications regulator, and alumni of the European Commission's flagship Marie Sklodowska-Curie Fellowship. I have a PhD in computer science from University College London (UCL) and a German Diplom (major in computer science, minor in law) from Karlsruhe Institute of Technology. My areas of interest are at the intersection of online safety, computer security, online privacy, HCI, artificial intelligence, sociology, psychology, and regulation.

Some of my past work includes the discovery of risks for accidental data breaches in Windows and macOS and novel security risks in iOS and macOS for the use of security codes sent via SMS. I also led an investigation into people's PIN shielding behaviour at ATMs and POS and developed a novel user authentication protocol proven secure against the complete compromise the user's devices. My contributions to the security of Apple's products were acknowledged twice. I used to occasionally write about the work I do here and here, and my work has been featured in the media several times, e.g. here, here, and here.

I completed my PhD in 2020 as a member of the Information Security Research Group of the Department of Computer Science at University College London (UCL) and the Privacy&Us Marie Sklodowska-Curie Innovative Training Network, supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network, grant number project 675730. My PhD thesis is titled An Analysis of Computer Systems for the Secure Creation and Verification of User Instructions and was supervised by Prof. Steven J. Murdoch. In this thesis, I evaluated systems for reliable data input with a specific focus on the (in)security of user interfaces in Windows, macOS, iOS, and implementations of transaction authentication mechanisms in online banking. My diploma thesis on Secure Human Identification Protocols Based on Linguistics was supervised by Prof. Jörn Müller-Quade.

Previously, I worked as a researcher at the Innovation Centre of OneSpan in Cambridge and at Technische Universität Darmstadt in Germany. In addition, I have been a visiting researcher at University of Glasgow (2015, 2016), University of Tokyo (2016), Karlstad University (2016), Goethe University Frankfurt (2017), USECON – Experience design & consulting (2017) and was a student assistant at Secorvo Security Consulting GmbH (2012-2013).