Richard Hyunho Im (richeeta)

Richard Hyunho Im (@richeeta)

I am a security researcher who specializes in uncovering logic bugs, uncommon attack surfaces, and race conditions. My findings have been publicly credited by Apple, OpenAI, Microsoft, Google, and the BBC.

I delivered my Siri-ously Leaky: Exploring Overlooked Attack Surfaces Across Apple’s Ecosystem talk at DEF CON 33 (available on YouTube) and co-hosted the Hacker v. Triage co-panel discussion alongside Denis Smajlović at DEF CON 33 Bug Bounty Village. I am scheduled to present an updated version of the talk at HOU.SEC.CON 2025.

I am CASP+, CSIE-, and OSCP-certified and ranked (as of August 2025) in the Top 25 of OpenAI’s bug bounty program.

I have served as a Subject Matter Expert for CompTIA for multiple exam blueprints, worked as an instructional specialist for Rice University’s cybersecurity boot camp, and authored the Platform-Specific Guidance for iOS and iPadOS in OWASP’s Mobile Application Security Cheat Sheet.

My published CVEs include:

My main research domains include iOS/iPadOS, macOS, visionOS, and Apple Intelligence, particularly where user experience collides with security boundaries: Shortcuts, Siri, SpringBoard, and deep link chains. I also poke at cloud authentication flows, broken access controls, IDORs, SSRFs, and race conditions.

Although I am highly allergic to Java, I have managed to build two Burp extensions:

I have a two year old toy poodle named Peanut, who shares my passion for bug hunting (though more literal in his case).