36th Chaos Communication Congress

talk on conference website

The Hacker Jeopardy is a quiz show.

The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again.

talk on conference website

Welcome!

talk on conference website

Nowadays, Windows is still the most popular OS used in the world. It's very important for red teams / attackers to maintain the authority after they get into the OS by penetration test. So they need a vulnerability to hide in windows to escalate their account to system privilege.

In this presentation, we will share the methodology about how we started this work to analyze Windows internals. We will explain the inner workings of this technique and how we analyzed ALPC and Component Object Model(COM) in Windows OS. By analyzing historical bugs, we are able to extract their features from multiple vulnerabilities. We will develop an IDA plugin to analyze the execution path of target interfaces. Through this way we could find out the interface that called the specified sensitive operation. In fact, we found a large number of vulnerable modules in the ALPC and COM object, which allows the attacker to cross the security boundary and directly access the system.

talk on conference website

Is the way we run services these days sustainable? The trusted computing base -- the lines of code where, if a flaw is discovered, jeopardizes the security and integrity of the entire service -- is enormous. Using orchestration systems that contain millions of lines of code, and that execute shell code, does not decrease this. This talk will present an alternative, minimalist approach to secure network services - relying on OCaml, a programming language that guarantees memory safety - composing small libraries (open source, permissively licensed) to build so-called MirageOS unikernels -- special purpose services. Besides web services, other digital infrastructure such as VPN gateway, calendar server, DNS server and resolver, and a minimalistic orchestration system, will be presented. Each unikernel can either run as virtual machine (KVM, Xen, BHyve, virtio), as a sandboxed process (seccomp which whitelists only 8 system calls), or in smaller containments (GenodeOS, muen separation kernel) -- even a prototypical ESP32 backend is available.

Starting with an operating system from scratch is tough, lots of engineering hours have been put into the omnipresent ones. Reducing the required effort by declaring certain subsystems being out of scope -- e.g. hardware drivers, preemptive multitasking, multicore -- decreases the required person-power. The MirageOS project started as research project more than a decade ago at the University of Cambridge, as a minimal guest for Xen written in the functional programming language OCaml. Network protocols (TCP/IP, DHCP, TLS, DNS, ..), a branchable immutable store (similar and interoperable with git) are available. The trusted computing base is roughly two orders of magnitude smaller than contemporary operating systems. The performance is in the same ballpark as conventional systems. The boot time is measured in milliseconds instead of seconds. Not only the binary size of a unikernel image is much smaller, also the required resources are smaller: memory usage easily drops by a factor of 25, CPU usage drops by a factor of 10. More recently we focused on deployment: integration of logging, metrics (influx, grafana), an orchestration system (remote deployment via a TLS handshake, offers console access and an event log) for multi-tenant systems (policies are encoded in the certificate chain). We are developing, mostly thanks to public funding, various useful services: a CalDAV server storing its content in a remote git repository, an OpenVPN client and server, DNS resolver and server (storing zone files in a remote git repository) with let's encrypt integration, a firewall for QubesOS, image viewer mainly for QubesOS, ... The experience while developing such a huge project is that lots of components can be developed and tested by separate groups - and even used in a variety of different applications. The integration of the components is achieved in a type-safe way with module types in OCaml. This means that lots of errors are caught by the compiler, instead of at runtime.

talk on conference website

While open source is necessary for trustable hardware, it is far from sufficient. This is because “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. This talk helps us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap, concluding with a curated set of verifiable components that we are sharing as an open source mobile communications platform – a kind of combination hardware and software distribution – that we hope can be useful for developing and deploying all manner of open platforms that require a higher level of trust and security.

The inconvenient truth is that open source hardware is precisely as trustworthy as closed source hardware. The availability of design source only enables us to agree that the designer’s intent can be trusted and is likely correct, but there is no essential link between the hardware design source and the piece of hardware on your desk. Thus while open source is necessary for trustable hardware, it is far from sufficient. This is quite opposite from the case of open source software thanks to projects like Reproducible Builds, where binaries can be loaded in-memory and cryptographically verified and independently reproduced to ensure a match to the complete and corresponding source of a particular build prior to execution, thus establishing a robust link between the executable and the source. Unfortunately, “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. Even if you thoroughly inspect the design source, the factory could modify the design. Even if you audit the factory, the courier delivering the hardware to your desk could insert an implant. Even if you carried the hardware from the factory to your desk, an “evil maid” could modify your machine. This creates an existential crisis for trust – how can we know our secrets are safe if the very hardware we use to compute them could be readily tainted? This talk addresses the elephant in the room by helping us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap. When thinking about hardening a system against supply chain attacks, every component – from the CPU to the keyboard to the LCD – must be considered in order to defend against implanted screen grabbers and key loggers. At every level, a trade-off exists between complexity and the feasibility of non-destructive end-user verification with minimal tooling: a system simple enough to be readily verified will not have the equivalent compute power or features of a smartphone. However, we believe that a verifiable system should have adequate performance for a select range of tasks that include text chats, cryptocurrency wallets, and voice calls. Certain high-risk individuals such as politicians, journalists, executives, whistleblowers, and activists may be willing to use a device that forgoes bells and whistles in exchange for privacy and security. With this in mind, the Betrusted project brings together a curated set of verifiable components as an open source mobile communications platform - a combination open source hardware and software distribution. We are sharing Betrusted with the community in the hopes that others may adopt it as a reference design for developing and deploying all manner of open platforms that require a higher level of trust and security.

talk on conference website

The impact of scale in our field has been enormous and it has transformed the tools, the jobs and the face of the Infosec community. In this talk we discuss some of the ways in which defense has benefitted from scale, how the industry might be transitioning to a new phase of its growth and how the community will have to evolve to stay relevant.

talk on conference website

It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp have led a broader recognition of the importance of end-to-end encryption. There's still plenty of work to be done in finding new designs that balance privacy and usability in online communication.

This introduction to secure messaging will lay out the different risks that are present in communications, and talk about the projects and techniques under development to do better. The talk will begin with a threat modeling exercise to be able to concretely talk about the different actors and potential risks that a secure messaging system can attempt to address. From there, we'll dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal (and now the noise framework). The bulk of the talk will focus on the rest of the problem which is more in-progress, and in particular consider the various metadata risks around communication. We'll survey the problems that can arise around contact discovery, network surveillance, and server compromise. In doing so, we'll look at the forays into communication systems that attempt to address these issues. Pond offered a novel design point for discovery and a global network adversary. Katzenpost adapts mixnets to limit the power of network adversaries and server compromise in a different way. Private Information Retrieval (PIR) trades off high server costs for a scheme that could more realistically work with mobile clients. Others, for instance Secure Scuttlebutt attempt to remove the need for infrastructural servers entirely with gossip and partial views of the network, a whole other set of tradeoffs.

talk on conference website

Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien gemeinsam mit Fee Baumann von Heyva Sor A Kurd, live aus Nord-Ost-Syrien

Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien. Fand Live-Berichterstattung aus Kriegsgebieten zu Zeiten des 2. Golfkrieges noch überwiegend durch ein paar wenige Journalist*innen, oft “embedded” statt, die für CNN&Co im grünlichen Nachtsicht-Look aus dem Panzer berichteten, kann in den sozialen Medien heute jede*r zur Quelle werden. Auf diese Weise gelangt die Öffentlichkeit an Informationen die vorher nur sehr schwer zu bekommen gewesen wären & schon gar nicht in Echtzeit. Die Quellenvielfalt birgt große Chancen für die Bewertung einer Lage und auch zur Überprüfung von Informationen durch mehrere Quellen oder Image Reverse Suche. Gleichzeitig verbreiten sich Gerüchte und Falschinformationen ebenfalls sehr viel schneller. Zudem können soziale Medien auch gezielt, etwa von Kriegsparteien manipuliert werden. Die Türkei setzte neben Deutschen Panzern etwa auch Bot-Armeen ein, im Ergebnis: Zwar verurteilte ein großteil der Welt den türkischen Einmarsch in Nord-Ost-Syrien, aber Twitter-Hashtags zeichneten zeitweilig ein ganz anderes Bild. Gleichzeitig kann es schon auch mal passieren, dass Türkei nahe Djihadistische Gruppen ausversehen selbst Videos ihrer Kriegsverbrechen prahlerisch ins Netz stellen. Was bedeutet all das für humanitäre Helfende vor Ort, die Twitter & co mittlerweile nicht nur zur Spendenwerbung sondern auch zur Lagebewertung nutzen: Wie kann man in der Praxis damit umgehen, dass sich auf Twitter gegebenenfalls ein ganz anderes Bild zeichnet als vor Ort und vor allem: Welches davon ist näher an der Realität? Darum geht es in diesem Talk am Beispiel des Türkischen Überfalls auf Nord-Ost-Syrien, von Sebastian Jünemann und Ruben Neugebauer von der Hilfsorganisation Cadus, die vor Ort mit mehreren, im wesentlichen medizinischen Projekten aktiv war, sowie Fee Baumann von der Organisation Heyvasor a Kurd, dem kurdischen roten Halbmond. Außerdem werden wir klären wie man sich per Selfie bequem ins Jenseits befördern kann und was sonst noch so für die persönliche Sicherheit zu beachten ist, im Umgang mit modernen Medien in Kriegsgebieten.

talk on conference website

This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution.

This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are.

talk on conference website

Das Umweltbundesamt hat in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Vortrag wollen Marina Köhn (Umweltbundesamt) und Dr. Eva Kern (Umwelt-Campus Birkenfeld) die Messergebnisse aus dem Labor der Forschung präsentieren und die entwickelte Methode des Forschungsprojektes erläutern. Weiterhin möchten wir die Inhalte des geplanten Umweltzeichens für Software vorstellen.

Das Zusammenwirken von Hard- und Software, also zum Beispiel von Computer und Betriebssystem, ist vergleichbar mit einem Buch und dem Inhalt des Buches. Fehlt ein Teil dieser Einheit, ist der Bestimmungszweck nicht mehr gegeben. Ein Computer ist zusammengesetzt aus verschiedenen Komponenten, die unterschiedliche Aufgaben wahrnehmen. Die Software ist die Logik, die das Ausführen dieser Aufgaben ermöglicht. Zwar ist Software, ähnlich wie Wissen, immateriell, jedoch benötigt sie die Hardwareressourcen, um existieren zu können. Softwareprodukte sind somit ein wesentlicher Bestandteil der Informations- und Kommunikationstechnik (IKT). In den letzten Jahren wurden einige Anstrengungen unternommen, um die IKT nachhaltiger zu gestalten. Beispielsweise wurden die Energieeffizienz der IKT-Produkte gesteigert, Anforderungen an das Energiemanagement der Geräte gestellt und neue ressourcenschonende Hardwarearchitekturen entwickelt. Konkrete Anforderungen an das Design und die Programmierung von Soft-ware, die die Energieeffizienz der Hardware unterstützen, sind bisher nicht vorhanden. Obwohl Hardware und Software, wie oben erläutert, eine Einheit bilden und die Art und Weise der Softwarearchitektur und -programmierung große Auswirkung auf den entsprechenden Hardwarebedarf haben, fehlen konkrete Anforderungen. Das Fehlen der Anforderungen an Softwareprodukten hat zur Folge, dass die Energieeffizienzgewinne der Hardware durch ineffiziente Software oder schlechte Softwarekonzepte nicht oder nur teilweise zum Tragen kommen. Vor diesem Hintergrund hat das Umweltbundesamt in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Forschungsprojekt „Entwicklung und Anwendung von Bewertungsgrundlagen für ressourceneffiziente Software unter Berücksichtigung bestehender Methodik“ des Umweltbundesamtes (UBA 2018) wurde zusammen mit dem Öko-Institut, den Umwelt-Campus Birkenfeld und der ETH Zürich eine Bewertungsmethodik entwickelt, anhand derer der Energiebedarf, die Inanspruchnahme von Hardware-Ressourcen sowie weitere umweltbezogene Eigenschaften von Softwareprodukten ermittelt werden können. Der Vergleich verschiedener Softwareprodukte mit gleicher Funktionalität macht deutlich, dass es teils erhebliche Unterschiede zwischen den Produkten gibt. Bei der Ausführung eines Standardnutzungsszenario werden die Unterschiede der Energieeffizienz zwischen den Softwareprodukten erkennbar. Dies ist vor allem vor dem Hintergrund relevant, dass die übermäßige Beanspruchung von Hardware dazu führt, dass die Pro-grammausführung länger dauert und es im schlimmsten Fall dazu führt, dass diese vermeintlich langsame Hardware ausgemustert und durch neue, schnellere Hardware ersetzen wird. Labels und Zertifizierungen, wie es sie seit langem schon für den Bereich der Hardware existieren, gibt es im Softwarebereich jedoch nicht. Das ändert sich demnächst! Wir haben erfolgreich Kriterien für das Umweltzeichen Blauer Engel für energie- und ressourcensparende Software entwickelt. Wir hoffen, dass wir mit dem Umweltzeichen eine Debatte über umweltverträgliche Software auslösen werden und wir hoffen, dass viele Software-Entwickler*innen und Hersteller von Software sich zukünftig an diese Kriterien orientieren.

talk on conference website

This talk will cover everything about the Acorn Archimedes, a British computer first released in 1987 and (slightly) famous for being the genesis of the original ARM processor.

The Archimedes was designed by Acorn in the UK in the mid-1980s, and was released in late 1987 with massive performance for its medium price (and, with the first OS, a hangover-coloured GUI). The machine isn't widely known outside Europe. Even in the UK, it was released just as the IBM PC was taking over, so remained niche. It was built from scratch with four purpose-designed chips, the ARM, the VIDC, the MEMC and the IOC. Looking at each chip, we'll take a hardware and software tour through what is one of the most influential yet little-known modern computers. The talk will detail the video, sound, IO and memory management hardware, alongside the original ARM processor which is quite different to what we have today. The Arc was a pleasure to program, both simple and fast, and we'll look at its software including the quirky operating systems that made the Arc tick, from Arthur to RISC OS and Acorn's mysterious BSD4.3 UNIX, RISCiX. The first models were followed by the lower-end A3000 in 1989, which looked similar to the the Amiga 500 or Atari STE but had around eight times the CPU performance: no sprites, no blitter, no Copper, no problem! ;-) This talk will also share insights from the original chipset designers, with a tour of prototype hardware and unreleased Archimedes models. The audience will get an appreciation for the Arc's elegant design, the mid-1980s birth of RISC processors, and the humble origins of the now-omnipresent ARM architecture.

talk on conference website

Wir verlassen uns in unserem Alltag permanent auf die Verfügbarkeit von elektrischer Energie. Aber wenn wir vom dauerhaften Betrieb von Kraftwerke, die fossile Energieträger verbrennen, wie stellen wir die Versorgung sicher, wenn nachts kein Wind weht? Elektrolyse oder Pumpspeicherkraftwerk? Superkondensatoren oder mechanische Speicher? Was geht heute überhaupt schon? Ähnlich unklar ist die Zukunft der Mobilität, wenn Verbrennungsmotoren von unseren Straßen verschwinden sollen. Batteriefahrzeug oder Wasserstoffauto? Und bekommt man sein Fahrzeug überhaupt so schnell vollgetankt wie heute mit Benzin?

Als eins der größeren Probleme stellt sich die Bereitstellung elektrischer Energie für unsere hoch technologisierte Welt dar. Der Beitrag der aus erneuerbaren Energiequellen gewonnenen elektrischen Energie ist in den letzten Jahrzehnten beständig gestiegen, aber dennoch bleibt ein Problem: wie stellen wir Energie bereit, wenn keine Sonne scheint und kein Wind weht? Ein Überblick über bekannte und weniger bekannte Energiespeicher soll erleichtern, aktuelle Diskussionen der Energie- und Klimapolitik zu verstehen und einzuordnen. Batterien und Akkus liefern seit vielen Jahrzehnten den Strom für vor allem tragbare Geräte: Die allgegenwärtige, nicht wiederaufladbare Alkali-Mangan-Batterie speist Uren, Fernbedienungen, Taschenlampen und Geräte aller Art. Speziell die wiederaufladbare Lithium-Ionen-Batterie hat unsere moderne Welt revolutioniert, aus gutem Grund wurde diese Entwicklung dieses Jahr mit dem Nobelpreis in Chemie ausgezeichnet. Wird diese Technologie die Zukunft der Elektromobilität sein, und den überschüssigen Solarstrom speichern, um ihn nachts wieder zur Verfügung zu stellen? Oder sollte die kaum bekannte Natriumsulfid Batteriechemie der bessere Kandidat sein? Wie macht man aus Solarstrom Wasserstoff, und wie speichert man diesen? Lohnt sich das überhaupt, und wenn ja, wie bekommt man daraus wieder elektrische Energie erzeugt? Aktuell tobt eine erbitterte Debatte, ob die Elektromobilität in Zukunft nun auf reinen Batteriebetried setzen sollte, oder doch das Wasserstoffauto das Rennen machen soll. Gibt es eine klare Antwort darauf, und wie sind die jeweiligen Beiträge von Wissenschaft, Wirtschaft, Politik und Ethik?

talk on conference website

Modern smartphones offer a whole range of sensors like magnetometers, accelerometers or gyroscopes. The open source app "phyphox", developed at the RWTH Aachen University, repurposes these sensors as measuring instruments in physics education.

When put into a salad spinner, the phone can acquire the relation of centripetal acceleration and angular velocity. Its barometer can be used to measure the velocity of an elevator. And when using two phones, it is easy to determine the speed of sound with a very simple method. In this talk, I will show these possibilities in demonstration experiments, discuss available sensors and their limitations and introduce interfaces to integrate phyphox into other projects. In this talk, the developer of the app "phyphox" at the RWTH Aachen University will first introduce how sensors in smartphones can be used to enable experimentation and data acquisition in physics teaching with several demonstrations on stage. Available sensors and their limitations will be discussed along with interfaces allowing the integration of phyphox into other project, either as a means to access sensor data or to display data from other sources. The app is open source under the GNU GPLv3 licence and available for Android (>=4.0) and iOS (>=8.0). It is designed around experiment configurations for physics education at school and university, allowing for a quick setup with a single tap. At the same time, these configurations may be modified by any user to set up customized sensor configurations along with data analysis and data visualization, defined in an XML format. These configurations are Turing complete and can easily be transferred via QR codes, so an experienced user (teacher) can create a specific configuration and allow less experienced users (students) to use it with ease.

talk on conference website

Ein von Zeit Online entwickeltes Tool macht es möglich, die Plenarprotokolle des Bundestags grafisch und inhaltlich auszuwerten, und zwar seit seiner ersten Sitzung 1949 bis heute. In den 200 Millionen Wörtern zeigen sich historische Zäsuren, sie machen gesellschaftliche und sprachliche Entwicklungen sichtbar: Wie ernst nahm der Bundestag in den vergangenen Jahren den Klimawandel? Wie häufig redeten die Abgeordneten über Datenschutz, über Arbeitslosigkeit, über Rechtsextremismus, über Geflüchtete? Es wird sichtbar und vergleichbar, zu welchem Zeitpunkt welche Themen debattiert wurden, wie sich die politische Aufmerksamkeit über die Jahre verändert hat. Und die Daten belegen, wie die Sprache selbst sich verändert, nicht nur weil neue Themen aufkommen, sondern auch weil sich der Sprachgebrauch wandelt. Am Ende kann das Publikum selbst Wörter vorschlagen und versuchen, die entsprechenden Graphiken zu interpretieren.

Die Protokolle des Bundestags decken einen Zeitraum von siebzig Jahren ab. In dieser Zeit hat sich die Bundesrepublik stark verändert und damit natürlich auch die im Bundestag verwendete Sprache. Manche Dinge sind trivial, z.B. dass Flüchtlinge einst Vertriebene waren oder dass mit Computernetzen zusammenhängende Wörter erst in neuerer Zeit auftauchen. Andere überraschen, z.B. dass seit der Wiedervereinigung mehr von Ostdeutschen als von Westdeutschen gesprochen wird. Anhand von einschlägigen Beispielen wollen wir erläutern, wie sich Sprache und mit ihr Politik verändert hat. Wir untersuchen die Rhetorik alter und neuer Rechter, die Rhetorik des "Marktes", der Krisen und natürlich auch die des gepflegten Beschimpfens. Mit dem Tool lässt sich zeigen, welche Debatten groß und wortreich geführt wurden, welche klein und unbedeutend blieben, obwohl es vielleicht wichtig gewesen wäre, über die Themen zu debattieren. Die Sprache ist somit der Zugang zur Analyse der Politik des Parlaments. Woher stammen unsere Daten? Wir haben die Protokolle aller Sitzungen des Deutschen Bundestages analysiert: 4.217 Protokolle aus 19 Legislaturperioden, insgesamt rund 200 Millionen Wörter. Sie stammen aus dem Open Data Portal des Bundestages. Jede Sitzung wird dort von Stenografen genau dokumentiert und auf diesem Portal veröffentlicht. Unsere Auswertung beginnt mit der ersten Sitzung am 7. September 1949 und endet mit der letzten Sitzung vor der Sommerpause 2019 — der Sondersitzung zur Vereidigung von Annegret Kramp-Karrenbauer als Verteidigungsministerin am 24. Juli 2019.

talk on conference website

The 3DS is reaching end of life but has not revealed all its weaknesses yet. This talk will go through the process of reverse engineering an undocumented communication protocol and show how assessing hard-to-reach features yields dangerous results, including remote code execution exploits!

Embedded Devices are all around us, talking to each other in ways we often don't even realize. In this talk, we discuss how one such communication mechanism in the 3DS remained unexplored for over seven years as well as the vulnerabilities that were lying dormant as a result.

We will explore specific features of the 3DS and talk about their low-level implementation details and about why they were not tested before. Besides, we will walk through the (lengthy) dev process involved in putting together this exploit, and the significant risks involved in devices (even game consoles) having this kind of vulnerability.

Finally, we will demonstrate the attack in action.

Since the talk will be a bit technical some basic knowledge about network protocols and software exploitation techniques is recommended, but it is aimed to be enjoyable for non-technical audiences as well.
One might also take a look at previous talks (32c3 and 33c3) about the 3ds for more in-depth background knowledge.

talk on conference website

So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone this year. This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone. The insights gained from the exploitation process will hopefully help defend against such attacks in the future.

This talk will dive into the internals of an iMessage exploit that achieves unsandboxed remote code execution on vulnerable devices (all iPhones and potentially other iDevices up to iOS 12.4) without user interaction and within a couple of minutes. All that is necessary for a successful attack in a default configuration is knowledge of the target’s phone number or an email address. Further, the attack is also possible without any visible indicators of the attack displayed to the user. First, an overview of the general iMessage software architecture will be given, followed by an introduction of the exploited vulnerability. Next, a walkthrough of the exploitation process, including details about how the various exploit mitigations deployed on iOS were bypassed, will be presented. Some of the exploitation techniques are rather generic and should be applicable to exploit other vulnerabilities, messengers, and even other platforms such as Android. Along the way, some advice will be shared with the audience on how to bootstrap research in this area. The talk concludes with a set of suggestions for mobile OS and messenger vendors on how to mitigate the demonstrated exploit techniques effectively and hopefully make these kinds of attacks significantly more difficult/costly to perform in the future. While previous experience with iOS userland exploitation will not be required for this talk, some basic background knowledge on memory corruption vulnerabilities is recommended.

talk on conference website

Seit dem 14. November ist die letzte Schonfrist zur Umsetzung der Europäischen Richtline 2015/2366 über Zahlungsdienste im Binnenmarkt (neudeutsch PSD2) verstrichen. Das hat erst vielen Banken viel Arbeit gemacht, und macht jetzt vielen Kunden viel Ärger. Warum eigentlich?

Dieser Vortrag gibt einen Überblick über die Hintergründe der Zahlungsdiensterichtlinie, das was sie bewirken sollte, und das was sie tatsächlich bewirkt. Der Sicht aus der Regulierungsperspektive wird die tatsächliche Erfahrung als Anwender, und als Entwickler von Open-Source-Software gegenübergestellt.

talk on conference website

Herzstück der digitalen Gesundheitsversorgung für 73 Millionen Versicherte ist die hochsichere, kritische Telematik-Infrastruktur mit bereits 115.000 angeschlossenen Arztpraxen. Nur berechtigte Teilnehmer haben über dieses geschlossene Netz Zugang zu unseren medizinischen Daten. Ein "Höchstmaß an Schutz" also, wie es das Gesundheitsministerium behauptet? Bewaffnet mit 10.000 Seiten Spezifikation und einem Faxgerät lassen wir Illusionen platzen und stellen fest: Technik allein ist auch keine Lösung. Braucht es einen Neuanfang?

Schon in 12 Monaten können 73 Millionen gesetzlich Versicherte ihre Gesundheitsdaten in einer elektronischen Patientenakte speichern lassen. Dazu werden zurzeit alle Arztpraxen, Krankenhäuser und Apotheken Deutschlands über die neu geschaffene kritische Telematik-Infrastruktur verbunden. Dieses hochverfügbare Netz genügt "militärischen Sicherheitsstandards", bietet ein "europaweit einzigartiges Sicherheitsniveau" und verspricht ein "Höchstmaß an Schutz für die personenbezogenen medizinischen Daten" wie Arztbriefe, Medikamentenpläne, Blutbilder und Chromosomenanalysen. "Wir tun alles, damit Patientendaten sicher bleiben." "Selbst dem Chaos Computer Club ist es nicht gelungen, sich in die Telematik-Infrastruktur einzuhacken." "Nach den Lehren aus PC-Wahl, Ladesäulen und dem besonderen elektronischen Anwaltspostfach brauchen wir kein weiteres Exempel."

talk on conference website

PDF is the most widely used standard for office documents. Supported by many desktop applications, email gateways and web services solutions, are used in all sectors, including government, business and private fields. For protecting sensitive information, PDFs can be encrypted and digitally signed. Assumed to be secure for 15 years, our talk reveals how to break PDF Encryption and how to break PDF Signatures. We elaborated novel attacks leading to critical vulnerabilities in all PDF viewers, most notably in Adobe, Foxit, and Okular. As a result, an attacker can retrieve the plaintext of encrypted PDFs without knowing the password and manipulate the content of digitally signed PDFs arbitrarily while a victim is unable to detect this.

The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. It is used to store sensitive information like contracts and health records. To protect this information PDF documents can be encrypted or digitally signed. Thus, confidentiality, authenticity, integrity, and non-repudiation can be achieved. In our research, we show that none of the PDF viewers achieve all of these goals by allowing an attacker to read encrypted content without the password or to stealthily modify the signed content. We analyze the PDF encryption specification and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. In addition, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. Our research on PDF security is also available online at https://www.pdf-insecurity.org/.

talk on conference website

A deep dive investigation into Siemens S7 PLCs bootloader and ADONIS Operating System.

Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 PLC series is one of the most widely used PLCs in the industry. In recent years, Siemens integrated various security measures into their PLCs. This includes, among others, firmware integrity verification at boot time using a separate bootloader code. This code is baked in a separated SPI flash, and its firmware is not accessible via Siemens' website. In this talk, we present our investigation of the code running in the Siemens S7-1200 PLC bootloader and its security implications. Specifically, we will demonstrate that this bootloader, which to the best of our knowledge was running at least on Siemens S7-1200 PLCs since 2013, contains an undocumented "special access feature". This special access feature can be activated when the user sends a specific command via UART within the first half-second of the PLC booting. The special access feature provides functionalities such as limited read and writes to memory at boot time via the UART interface. We discovered that a combination of those protocol features could be exploited to execute arbitrary code in the PLC and dump the entire PLC memory using a cold-boot style attack. With that, this feature can be used to violate the existing security ecosystem established by Siemens. On a positive note, once discovered by the asset owner, this feature can also be used for good, e.g., as a forensic interface for Siemens PLCs. The talk will be accompanied by the demo of our findings.

talk on conference website

The Large Hadron Collider (LHC) is the biggest particle accelerator on Earth. It was built to study matter in more detail than ever before and prove physical theories like the Standard Model of Particle Physics. This talk will focus on the engineering aspects of LHC. How was it built? What makes it tick? Which technologies are needed to create a such powerful machine? This talk will take you on a journey to explore how the most complex machine ever built by humans works.

During previous CCCs, several talks described what kind of data the experiments of LHC look out for, how the data is stored, how physicists are analysing data and how they extract their huge discoveries. Often times though, the presence of the particle accelerator itself is taken for granted in light of these findings. That's why this talk will give an in-depth engineering summary about that 'particle accelerator'. We'll shed light on the big technology and engineering problems that had to be solved before being able to build a machine that we take for granted these days. Among other things, we will describe how to cool down several thousand tons of magnets to -271.25°C, how to safely dissipate ~500 MegaJoule of energy in just a fraction of a second, or how to bend a beam of particles around a corner while it's moving along with ~99,9999991% of the speed of light. Of course, we'll also touch on the bits that make collecting the data gathered in all the physics detectors possible in the first place.

talk on conference website

When climate activists say you should listen to the science they usually refer to reports by the Intergovernmental Panel on Climate Change (IPCC). The IPCC is an Intergovernmental organization (IGO) providing an objective summary of scienctific results regarding climate change, its impacts and its reasons. The simulation of future climate is one fundamental pillar within climate research. But what is behind it? How does the science sector look like? How do we gain these insights, what does it mean?

This lecture aims at answering these questions. In particular, it provides an overview about some basic nomenclature for a better understanding of what climate modelling is about.
The following topics will be addressed:

• Who does climate modelling?
  Which institutes, infrastructures, universities, initiatives are behind it and which are the conferences climate scientists go to. What background do climate scientists have?
• What is the difference between climate projections and weather predictions? Why is it called a climate projection and not climate prediction? While climate scientists are not able to predict weather at a specific date in a decade, why does it still make sense to propose general trends under certain conditions?
• What is a climate model, what is an impact model and what is the difference between these? What are components and features of the different kind of models? Here, some examples will be shortly presented (e.g.atmosphere, ocean, land, sea ice).
• Quite a few models are open source and freely accessible. If there is time I will shortly show you how you could install an impact model (example mHM) on your local PC. How accessible is the data used for the projections for the IPCC reports?
• Overview over the used infrastructure (for example JUWELS, a supercomputer in Jülich), programming languages, software components

talk on conference website

We present the next step after Rowhammer, a new software-based fault attack primitive: Plundervolt (CVE-2019-11157). Many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. We show that these privileged interfaces can be reliably exploited to undermine the system's security. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code.

Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (BlackHat USA 2015, CCC 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again. In this CCC talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt. Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. In this talk, we show that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes. We have responsibly disclosed our findings to Intel on June 7, 2019. Intel assigned CVE-2019-11157 to track this vulnerability and refer to mitigations. The scientific paper on Plundervolt will appear at the IEEE Security & Privacy Symposium 2020. The work is the result of a collaboration of Kit Murdock (The University of Birmingham, UK), David Oswald (The University of Birmingham, UK), Flavio D. Garcia (The University of Birmingham, UK), Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium), Daniel Gruss (Graz University of Technology, Austria), and Frank Piessens (imec-DistriNet, KU Leuven, Belgium).

talk on conference website

Over the past 2 years we've been building delivery robots - at first thought to be autonomous. We slowly came to the realization that it's not something we could easily do; but only after a few accidents, fires and pr disasters.

We've all seen the TV show Silicon Valley, but have you actually peered underneath the curtain to see what's happening? In this entertaining talk, Sasha will share his first hand experience at building (and failing) a robotics delivery startup in Berkeley. Over the course of 2.5 years this startup built hundreds of robots, delivered thousands of orders, and had one robot stolen. The talk will look over the insanity that's involved with building an ambitious startup around a crazy vision; sharing the ups and downs of the journey. It will also touch up lightly on the technology that drives it and the simplistic approach to AI/machine learning this company took.

talk on conference website

One apparent paradox of the digitisation of work is that while productivity in manufacturing is skyrocketing, productivity in caring professions (health, education) is actually declining - sparking a global wave of labour struggle. Existing economic paradigms blind us to understanding how economies have come to be organised. We meed an entirely new discipline, based on a different set of values.

talk on conference website

In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning dozens of national teams (some of which operate in extremely hostile conditions), he will show why community-owned free and open source infrastructure is mission-critical for the growth, success and safety of global civil disobedience movements.

An extension of an earlier talk at C-Base Berlin, Julian will give an overview of his own discoveries, platform choices, successes and mistakes meeting the needs of 5-figure at-risk server memberships, from geo-political and legal challenges, to arrest opsec and uptime resilience in the face of powerful adversaries driving attacks on infrastructure and seized activist devices spanning many countries before and during periods of mass civil disobedience. In particular the talk is a call for all sysadmins, opsec and infosec professionals and enthusiasts to rise up and join the fight for current and future generations of all life.

talk on conference website

Once you start looking at electronic trash you see it everywhere: in laptops of course but also increasingly in cars, fridges, even inside the bodies of humans and other animals. The talk will look at how artists have been exploring the e-junk invasion.

Régine Debatty is a curator, critic and founder of http://we-make-money-not-art.com/, a blog which has received numerous distinctions over the years, including two Webby awards and an honorary mention at the STARTS Prize, a competition launched by the European Commission to acknowledge "innovative projects at the interface of science, technology and art". Régine writes and lectures internationally about the way artists, hackers, and designers use science and technology as a medium for critical discussion. She also created A.I.L. (Artists in Laboratories), a weekly radio program about the connections between art and science for Resonance104.4fm in London (2012–14), is the co-author of the “sprint book” New Art/Science Affinities, published by Carnegie Mellon University (2011) and is currently co-writing a book about culture and artificial intelligence.

talk on conference website

There are countless post-quantum buzzwords to list: lattices, codes, multivariate polynomial systems, supersingular elliptic curve isogenies. We cannot possibly explain in one hour what each of those mean, but we will do our best to give the audience an idea about why elliptic curves and isogenies are awesome for building strong cryptosystems.

It is the year 2019 and apparently quantum supremacy is finally upon us [1,2]. Surely, classical cryptography is broken? How are we going to protect our personal communication from eagerly snooping governments now? And more importantly, who will make sure my online banking stays secure? The obvious sarcasm aside, we should strive for secure post-quantum cryptography in case push comes to shove. Post-quantum cryptography is currently divided into several factions. On the one side there are the lattice- and code-based system loyalists. Other groups hope that multivariate polynomials will be the answer to all of our prayers. And finally, somewhere over there we have elliptic curve isogeny cryptography. Unfortunately, these fancy terms "supersingular", "elliptic curve", "isogeny" are bound to sound magical to the untrained ear. Our goal is to shed some light on this proposed type of post-quantum cryptography and bring basic understanding of these mythical isogenies to the masses. We will explain how elliptic curve isogenies work and how to build secure key exchange and signature algorithms from them. We aim for our explanations to be understandable by a broad audience without previous knowledge of the subject. [1] https://www.quantamagazine.org/john-preskill-explains-quantum-supremacy-20191002/ [2] https://www.nature.com/articles/d41586-019-02936-3

talk on conference website

Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC.

The Intel Management Engine, a secondary computer system embedded in modern chipsets, has long been considered a security risk because of its black-box nature and high privileges within the system. The last few years have seen increasing amounts of research into the ME and several vulnerabilities have been found. Although limited details were published about these vulnerabilities, reproducing exploits has been hard because of the limited information available on the platform. The ME firmware is the root of trust for the fTPM, Intel Boot Guard and several other platform security features, controlling it allows overriding manufacturer firmware signing, and allows implementing many background management features. I have spent most of past year reverse engineering the OS, hardware and links to the host (main CPU) system. This research has led me to create custom tools for manipulating firmware images, to write an emulator for running ME firmware modules under controlled circumstances and allowed me to replicate an unpublished exploit to gain code execution. In this talk I will share the knowledge I have gathered so far, document my methods and also explain how to go about a similar project. I also plan to discuss the possibility of an open source replacement firmware for the Management Engine. The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets.

talk on conference website

Der Europäische Menschenrechtsgerichtshof beschäftigt sich nun schon seit Jahren mit der Frage, ob die durch Edward Snowden öffentlich bekanntgewordene geheimdienstliche Massenüberwachung mit der Europäischen Menschenrechtskonvention kompatibel ist. Wie ist der Stand der Dinge?

Dieses Jahr gab es zwei neuerliche Anhörungen in Straßburg, die sich mit der britischen und schwedischen Massenüberwachung durch die Geheimdienste auseinandersetzten. Im Vortrag werden die bisher gefällten Urteile und die neuen vorgetragenen Argumente beleuchtet. Insbesondere der britische Fall ist das erste Mal, dass der Gerichtshof nicht nur die Massenüberwachung an der Menschenrechtskonvention misst, sondern auch das Datenkarussell zwischen den Geheimdiensten, namentlich dem GCHQ und der NSA. Wegen der schon Mitte Januar vom Bundesverfassungsgericht anberaumten mündlichen Anhörung zum BND-Gesetz wird sich ein Teil des Vortrags auch mit der deutschen geheimdienstlichen Massenüberwachung beschäftigen. Der CCC hat eine Stellungnahme zur Ausland-Ausland-Fernmeldeaufklärung abgegeben, deren Inhalt kurz zusammengefasst wird. Offenlegung: Ich bin eine der Beschwerdeführerinnen in dem britischen Fall.

talk on conference website

Making climate predictions is extremely difficult because climate models cannot simulate every cloud particle in the atmosphere and every wave in the ocean, and the model has no idea what humans will do in the future. I will discuss how we are using the Julia programming language and GPUs in our attempt to build a fast and user-friendly climate model, and improve the accuracy of climate predictions by learning the small-scale physics from observations.

Climate models are usually written in Fortran for performance reasons at the expense of usability, but this makes it hard to hack and improve existing models. Bigger supercomputers can resolve smaller-scale physics and help improve accuracy but cannot resolve all the small-scale physics so we need to take a different approach to climate modeling. In this talk I will discuss why modeling the climate on a computer is so difficult, and how we are using the Julia programming language to develop a fast and user-friendly climate model that is flexible and easy to extend. I will also discuss how we can leverage GPUs to embed high-resolution simulations within a global climate model to resolve and learn the small-scale physics allowing us to simulate the climate more accurately, as the the laws of physics will not change even if the climate does.

talk on conference website

This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle.

The climate crisis is already existing and it is going to become worse. Looking at the pure facts of the changing climate, the acidication of the oceans, the slowly but steady rising of the sea level and the strengthening earth response effects, which make thing worse, it is hard to stay optimistic on the development of human kind on this planet. This lead to the largest social movement in Germany since the second world war fighting for a limitation of climate change to a maximum average temperature increase of 1.5°C. On the other hand, this movement is often disputed. Since the necessary changes are not liked by everyone, the engagement of especially students was attacked also by politicians – even declaring that they should leave such issues to the professionals. At this point scientist for future joined together to support the demands of the students and declare, „they are right“. This support is urgently needed. People have many open questions. The necessary changes are involving all societies in the world. In Germany, one of the most disputed topics is the field of energy, its generation, distribution and use. Is it actually possible to go for 100% renewable energies? What would this lead to? These are typical questions – which are not easy to answer. Other typical questions are more fundamental, since climate sceptics are increasing in their relevance and their social media outreach. Thus a lot of people encouter questions, they cannot answer. This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle.

talk on conference website

(en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing. (de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. Wir möchten darüber sprechen und vorführen, was wir tun.

(en) LibreSilicon develops a free and open source technology to fabricate chips in silicon and provides all information to use them - or technical spoken - a Process Design Kit (PDK). On one abstraction level higher, user always using with their design compile tools a Standard Cell Library (StdCellLib) with basic blocks like logic gates, latches, flipflops, rams, and even pad cells. From a programmers point of view, as a PDK is comparable to a language like C, the Standard Cell Library becomes comparable to libc. All commercial available Standard Cell Libraries containing a small subset of all useful cells only, limited just by the manpower of the vendor. They are hand-crafted and error-prone. Unfortunately Standard Cell Libraries are also commercial exploited with Non-disclosure agreement (NDAs) and heavily depend on the underlying PDKs. Our aim is to become the first free and open source Standard Cell Library available. The lecture shows, how far we are gone, with makefile controlled press-button solution which generates a substantial number of Standard Cells by automated processing and respecting the dependencies in the generated outputs. (de) LibreSilicon entwickelt eine freie und offene Technologie um Siliziumchips herstellen zu können. Dies umfasst alle notwendigen Informationen dies zu tun, oder technisch gesagt, ein Process Design Kit (PDK - engl: Prozessbauskasten). Die Anwender nutzen überwiegend auf einer Abstraktionsebene höher mit ihren Design Compiler meist jedoch die Standardzellenbibliothek (StdCellLib) mit Basisblöcken wie Logikgattern, Latches, FlipFlops, Speicherzellen oder auch Padzellen. Aus Sicht eines Programmierers wäre das PDK vergleichbar einer Sprachdefinition wie C, die darauf aufsetzende Standardzellbibliothek (StdCellLib) dann vergleichbar mit der libc. Nun enthalten alle nur kommerziell verfügbaren Standardzellenbibliotheken lediglich eine kleine Teilmenge aller nützlichen Zellen, limitiert durch die Arbeitskräfte beim Hersteller. Sie sind handgemacht und fehlerträchtig. Unglücklicherweise sind die kommerziellen Standardzellbibliotheken stark vom PDK abhängig und mit Geheimhaltungsvereinbarungen gepflastert. Unser Ziel ist es, die erste freie und offene Standardzellbibliothek zu werden. Dieser Talk zeigt, wie weit wir bereits gekommen sind, mit Hilfe der Makefile-gesteuerten Lösung eine beachtliche Anzahl an Standardzellen und deren Ausgabeformate als Abhängigkeiten automatisiert zu generieren.

talk on conference website

VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervisor of VMware vSphere, which is the world's most prevailing, state-of-the-art private-cloud software, ESXi plays a core role in the enterprise's cloud infrastructure. Bugs in ESXi could violate the security boundary between guest and host, resulting in virtual machine escape. While a few previous attempts to escape virtual machines have targeted on VMware workstation, there has been no public VMware ESXi escape until our successful demonstration at GeekPwn 2018. This is mainly due to the sandbox mechanism that ESXi has adopted, using its customized filesystem and kernel. In this talk, we will share our study on those security enhancements in ESXi, and describe how we discover and chain multiple bugs to break out of the sandboxed guest machine.

During the presentation, we will first share the fundamentals of ESXi hypervisor and some of its special features, including its own customized bootloader, kernel, filesystem, virtual devices and so on. Next, we will demonstrate the attack surfaces in its current implementations and how to uncover security vulnerabilities related to virtual machine escape. In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2018-6981 and CVE-2018-6982, and give an exhaustive delineation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context. Meanwhile, due to the existence of sandbox mechanism in ESXi, code execution is not enough to pop a shell. Therefore, we will underline the design of the sandbox and explain how it is adopted to restrict permissions. We will also give an in-depth analysis of the approaches leveraged to circumvent the sandbox in our escape chain. Finally, we will provide a demonstration of a full chain escape on ESXi 6.7.

talk on conference website

The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting. The groundbreaking reality is less visible because it must be - obfuscation and anonymity are key security measures in the face of jail sentences up to ten years. Instead of the big political picture, this talk uses interviews with a range of activists to help people understand the practicalities of situation on the ground and how it relates to Hongkong's political situation. It also provides detailed insights into protestors' organisation, tactics and technologies way beyond the current state of reporting. Ultimately, it is the story of how and why Hongkongers have been able to sustain their movement for months, even faced with an overwhelming enemy like China.

This is the story of how and why Hongkongers have been able to sustain their movement so long, even faced with an overwhelming enemy like China. The protestors have developed a range of tactics that have helped them minimise capture and arrests and helped keep the pressure up for five months: They include enforcing and maintaining anonymity, both in person and online, rapid dissemination of information with the help of the rest of the population, a policy of radical unanimity to maintain unity in the face of an overwhelming enemy and Hongkongers’ famous “be water” techniques, through which many of them escaped arrest.

talk on conference website

Die sogenannten digitalen Assistenzsysteme des BAMF, „intelligente Grenzen“ in der EU und immer größer werdende Datenbanken: Wer ins Land kommt und bleiben darf, wird immer mehr von IT-Systemen bestimmt. Davon profitiert die Überwachungsindustrie, während Menschen von automatisierten Entscheidungen abhängig werden.

Deutschland hat in den letzten Jahren massiv in Technik investiert, um Asylverfahren zu digitalisieren. Biometrische Bilder mit Datenbanken abgleichen, Handys ausgelesen und analysieren, Sprache durch automatische Erkennungssysteme schleifen. Ganz abgesehen von der Blockchain, die alles noch besser machen soll. Doch nicht nur in Deutschland werden zum Zweck der Migrationskontrollen immer mehr Daten genutzt. In Norwegen werden Facebook-Profile Geflüchteter ausgewertet, in Dänemark sogar USB-Armbänder. Die Grenzagentur Frontex soll für „intelligente Grenzen“ sorgen, Datenbanken werden EU-weit ausgebaut und zusammengelegt. Rechtschutzmechanismen versagen größtenteils. Worum es dabei geht? Schnellere Abschiebungen. Wer davon profitiert? Die Überwachungsindustrie. In Vorbereitung von Klageverfahren bringt die Gesellschaft für Freiheitsrechte e.V. (GFF) gemeinsam mit der Journalistin Anna Biselli im Laufe des Dezembers eine Studie heraus, die sich diesem Thema genauer widmet. Die Ergebnisse der Studie wollen Lea Beckmann und Anna Biselli gemeinsam vorstellen und kontextualisieren. Anna Biselli ist Informatikerin und Journalistin und arbeitet seit Jahren zu Fragen der Digitalisierung von Migrationskontrolle. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Gerichtsverfahren Grund- und Menschenrechte stärkt und zivilgesellschaftliche Partnerorganisationen rechtlich unterstützt. In vielen ihrer Verfahren setzt sich die GFF dabei für Datenschutz und einen verantwortungsvollen Einsatz von Technologie und gegen Diskriminierung ein.

talk on conference website

Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln, was die Hersteller umsetzen müssen (und was nicht). Hier wird auch die Frage beantwortet, warum beispielsweise die Apple-Watch (oder genauer gesagt nur zwei Apps) ein Medizinprodukt sind aber die card10 nicht.

Dieser Vortrag gibt Antworten auf die folgenden Fragen:

• Was ist denn überhaupt ein Medizinprodukt?
• Was steht dazu im Gesetz?
• Was haben Normen damit zu tun?
• Was tun die Hersteller überlicherweise um diese Anforderungen umzusetzen?
• Wie sieht ein typischer Entwicklungsprozess aus?
• Wie sieht es mit Security und Safety aus?
• Warum sind Innovationen so schwer?
• Was passiert nach der Entwicklung?
• Wer überwacht das alles?

talk on conference website

This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present.

This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst). This talk aims to focus on the uncovering of the KGB Hack, which began in 1986 when Clifford Stoll, a systems administrator at the University of California in Berkeley, noticed an intruder in his laboratory’s computer system – and, unlike other admins of the time, decided to do something about it. It took three more years of relentless investigation on Stoll’s part and laborious convincing of the authorities of the United States and the Federal Republic of Germany to trace back the intruder to a group of young men loosely connected to the CCC who worked with the KGB, selling information gained from breaking into US military computers to the Soviet Union. In March of 1989, the widely watched West-German television news program "ARD Im Brennpunkt" informed the public of the “biggest instance of espionage since the Guillaume affair”. It presented a new quality of high tech espionage, undertaken by “computer freaks”, somewhat shady-seeming young men connected to the Chaos Computer Club. The reporting on the KGB Hack had a tremendously negative effect on the public image of hackers in general and the CCC in particular. Now the “computer freaks” were no longer seen as benevolent geeks who pointed out flaws in computer systems - they were criminals, working with the Russians, harming their own country. Sounds familiar? It’s an image which has been lingering until today.

talk on conference website

The AMD Platform Security Processor (PSP) is a dedicated ARM CPU inside your AMD processor and runs undocumented, proprietary firmware provided by AMD. It is a processor inside your processor that you don't control. It is essential for system startup. In fact, in runs before the main processor is even started and is responsible for bootstrapping all other components. This talk presents our efforts investigating the PSP internals and functionality and how you can better understand it.

Our talk is divided into three parts: The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot. The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output. The talk concludes with a security analysis of the PSP firmware. We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP. This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP.

talk on conference website

Einführung in das Forschungsfeld der Kritikalitätsanalysen. Anhand der Rohstoffe Tantal, Wolfram, Zinn und Gold werden exemplarisch die quantitativen und qualitativen Indikatoren für eine Versorgungsengpassanalyse vorgestellt.

Moderne High-Tech-Produkte benötigen chemische Elemente, die in spezifischen Rohstoffen (z. B. Erze) vorkommen. Dabei unterliegen Verfügbarkeit und Preis dieser Rohstoffe in hohem Maße den Einflussfaktoren der Konzentrationsrisken, politischen Risiken, Angebotsreduktions- und Nachfrageanstiegsrisiken. Da Unternehmen oftmals über Jahre hinweg an bestimmte Rohstoffe gebunden sind, müssen sie den Unsicherheiten mit vielfältigen Strategien begegnen. Vom Abbau und der Verarbeitung bis zur Nutzung und Entsorgung wird die gesamte Wertschöpfungskettenkritikalität bewertet. Dadurch können Verwundbarkeiten von Unternehmen und Ländern durch Rohstoffengpässe objektiv identifiziert und Handlungsempfehlungen definiert werden. Die Kritikalitätsanalyse wird am Beispiel der 3TG-Materialien (Tantal, Wolfram, Zinn und Gold) veranschaulicht.

talk on conference website

Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With our attack called NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks.

Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card. In this talk, we present the first security analysis of DDIO. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server. netcat is also a famous utility that hackers and system administrators use to send information over the network. NetCAT is a pun on being able to read data from the network without cooperation from the other machine on the network. However, we received very mixed reactions on that pun. More details on this in the talk. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019.

talk on conference website

Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world.

Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us (Chris Kelty, Gabriella Coleman, and Paula Bialski) have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders, will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. We will begin our talk by telling the audience what drove to build this website and what we learned in the process of collaborating with now over fifty people to bring it into being. After our introduction, we will showcase about 7-10 videos drawn from quite different sources (ads, parodies, movie clips, documentary film, and talks) and from different parts of the world (Mexico, Germany, South Africa, France) in order to discuss the cultural significance of hacking in relation to regional and international commonalities and differences. Finally, we will finish with a short reflection on why such a project, based on visual artifacts, is a necessary corollary to text-based discussions, like books and magazines, covering the history and contemporary faces of hacking.

talk on conference website

Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview.

Today, billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. If at all, people know that once upon a time, they were storing phone books on SIM cards.

Every so often there are some IT security news about SIM card vulnerabilities, and SIM card based attacks on subscribers.

Let's have a look at SIM card technology during the past almost 30 years and cover topics like

• Quick intro to ISO7816 smart cards
• SIM card hardware, operating system, applications
• SIM card related specification bodies, industry, processes
• from SIM to UICC, USIM, ISIM and more
• SIM toolkit, proactive SIM
• eSIM

talk on conference website

This talk investigates the business of fake likes and fake accounts: In a world, where the number of followers, likes, shares and views are worth money, the temptation and the will to cheat is high. With some luck, programming knowledge and persistence we obtained thousands of fanpages, You Tube and Instagram account, where likes have been bought from a Likes seller. We were also able to meet people working behind the scenes and we will prove, that Facebook is a big bubble, with a very high percentage of dead or at least zombie accounts. The talk presents the methodology, findings and outcomes from a team of scientists and investigative journalists, who delved into the parallel universe of Fake Like Factories.

When you hear about fake likes and fake accounts, you instantly think of mobile phones strung together in multiple lines in front of an Asian woman or man. What if we tell you, that this is not necessarily the whole truth? That you better imagine a ordinary guy sitting at home at his computer? In a longterm investigation we met and talked to various of these so called “clickworkers” - liking, watching, clicking Facebook, You Tube and Instagram for a small amount of money the whole day in their living room. Fortuitously we could access thousand campaigns, Facebook Fanpages, You Tube videos or Instagram accounts. Thousands of websites and accounts, for which somebody bought likes in the past years. But we did not stop the investigation there: We dived deeper into the Facebook Fake Accounts and Fake Likes universe, bought likes at various other Fake Likes sellers. To get the big picture, we also developed a statistical method to calculate the alleged total number of Facebok User IDs, with surprising results.

talk on conference website

Manche Spiele will man gewinnen, andere will man einfach nur spielen. Bei vielen Spielen will man beides. Spielen macht Spaß. Gewinnen auch. Warum also nicht immer und überall spielen? Warum nicht Politik spielen wie einen Multiplayer-Shooter? Mit motivierten Kameraden und ahnungslosen Gegnern? Mit zerstörbarer Umgebung, erfolgreichen Missionen und zu erobernden Flaggen? Teile der radikalen Rechten tun das mit Erfolg. Der Vortrag schaut sich einige Beispiele aus Deutschland und den USA näher an.

Wir sprechen von “Spielifizierung”, wenn typische Elemente von Spielmechaniken genutzt werden, um in spielfremden Kontexten motivationssteigernd zu wirken. Während diese Strategie vor allem wirtschaftlich genutzt wird, um Kundenbindung und Mitarbeiterproduktivität zu erhöhen, ist sie auch zu einem zunehmend wichtigen Teil politischer Kultur geworden. Insbesondere Online-Communities verwenden Spielelemente, Memes/Lore und spielnahe Unterhaltungsformate, um ihre sozialen Beziehungen und jene zur Realität zu gestalten und zu strukturieren. Innerhalb solcher Beziehungen war es nur eine Frage der Zeit, bis archetypische NPCs wie der gewöhnliche Troll sich zu Lone-Wolf-Spielercharakteren entwickeln, Rudel bilden und sich in einem stetig wachsenden und ausdifferenzierenden System von Gilden und meritokratischen Jagdverbänden organisieren würden. Die Politisierung solcher neuer Stammesgesellschaften ist eine logische Konsequenz dieser Evolution. Der Vortrag beleuchtet einerseits den US-kulturellen Hintergrund des Feldes: von der Spielmetapher als legitimierenden Rahmen in der “Manosphere”, “#Gamergate” und Operationen der chan-übergreifenden /pol/-Community. Andererseits sucht er Strategien, die darauf abzielen, Teile des politischen Diskurses zu “gamen”, zu kapern und zu verstärken, auch in deutscher Trollkultur auf, vom genreprägenden “Drachengame” bis zu explizit politischen Initiativen wie “Reconquista Germanica”... und dem live gestreamten Terror einer neuen faschistischen Subkultur.

talk on conference website

SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges.

Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines.

talk on conference website

Chaos meets Poetry Slam. Der humoristische Dichterwettstreit mit Informatikhintergrund. Mitmachen ausdrücklich erwünscht.

Und keine Sorge, ein Poetry Slam hat nichts mit dem Ingeborg-Bachmann-Preis zu tun. Hierbei geht es um einen Wettkampf bei dem selbstgeschriebene Texte live vorgetragen werden. Prosa, Lyrik, lustige Geschichte, das ist eure Wahl. Erzählt von euren Sysadmin Lovestorys, WebDev-f*ckUps oder was auch immer euch auf der Seele liegt. Für Kurzentschlossene bieten wir euch davor noch einen Crash Kurs in Slam Poetry an, damit auch ihr das Publikum begeistern könnt und mit in das Finale einzieht. Die Session findet ihr zeitnah im Event-Wiki. Auf dieser Seite findet ihr auch eine Adresse, um euch für das große Event anzumelden. Durch den Abend begleitet euch das Slam-erfahrene Team der "Slamigans" aus dem Umfeld des Chaostreff Flensburg. Moderiert von Thorben Dittmar, früherer U20-Local aus dem Kühlhaus und ewiger zweiter Platz, stimmt das Publikum zusammen über die besten Beiträge ab. Das Siegertreppchen darf sich schon auf tolle Preise freuen. Also schnell anmelden!

talk on conference website

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

talk on conference website

Aktiv werden zur rechten Zeit - Stand up for Your Right! Betriebsrat - klingt für viele IT-ler*innen doch nach letztem Jahrtausend. Dabei ist dies ein hart erkämpftes und wichtiges Instrument, um der Stimme der Beschäftigten bei der Geschäftsleitung Ausdruck zu verleihen. Wir schildern anhand eines konkreten Beispiels, wie ein Betriebsrat gegründet wird, ohne dass die Chefetage zwischendurch schon den Stecker zieht.

Das deutsche Arbeitsrecht in Form des Betriebsverfassungsgesetzes garantiert die Mitsprache der Belegschaft in jeder Firma mit mehr als fünf Arbeitnehmer*innen. Dabei ist vieles zu beachten - und ohne eine professionelle Begleitung z.B. durch eine Gewerkschaft kaum zu schaffen. In unserer Firma geht es ab: Massenentlassungen aufgrund ökonomischer Turbulenzen. Die Geschäftsleitung spielt dirty und schaut, womit sie durchkommt. Höchste Zeit für einen Betriebsrat! • Um zu erfahren, dass man gemeinsam stark sein kann. • Um der Gechäftsleitung klarzumachen. was geht und was nicht. • Um bei Einstellungen und Entlassungen Fairplay zu gewährleisten. • Um die verbrieften Rechte der Beschäftigten durchzusetzen. Am Beispiel einer Berliner Großraumdiskothek und einem ebenso in Berlin ansässigen Musikinstrumenteherstellers, welches kürzlich einem Fünftel seiner Belegschaft betriebsbedingt gekündigt hat, zeigen wir wie das geht mit der Betriebsratsgründung, worauf unbedingt zu achten ist und wo Interessierte professionelle Unterstützung für dieses organisatorischen Kraftakt finden können. Den Talk halten wir zu viert: eine Beschäftigte der Diskothek, ein Beschäftigter des Musikinstrumenteherstellers, ein Vertreter der IG Metall und ein Vertreter von ver.di. Am besten geht das von der Hand, bevor es ungemütlich wird.

talk on conference website

A deep dive into power generation process, industrial solutions and their security implications. Flavoured with vulnerabilities, penetration testing (security assessment) methodology and available remediation approaches.

The research studies a very widespread industrial site throughout the world – power generation plants. Specifically, the heart of power generation – turbines and its DCS – control system managing all operations for powering our TVs and railways, gaming consoles and manufacturing, kettles and surveillance systems. We will share our notes on how those systems are functioning, where they are located network-wise and what security challenges are facing owners of power generation. A series of vulnerabilities will be disclosed along with prioritisation of DCS elements (hosts) and attack vectors. Discussed vulnerabilities are addressed by vendor of one of the most widespread DCS on our planet. During the talk we will focus on methodology how to safely assess your DCS installation, which security issues you should try to address in the first place and how to perform do-it-yourself remediation. Most of the remediation steps are confirmed by vendor which is crucial for industrial owners.

talk on conference website

Mit 4G wurde gegenüber früheren Mobilfunktechnologien das Air-Interface komplett neu gestaltet. Mit 5G wird dieses nun auf mögliche Zukunftstechnologien erweitert. Wir stellen die Neuerungen und die Möglichkeiten auf dem 5G-Air-Interface und im Core-Netz gegenüber 4G vor.

Die folgenden Themen werden behandelt: Die 5G-Luftschnittstelle: - Subcarrier, Subcarrierspacing, Symbolzeit - OFDMA bei 4G - Guard Period - Resource Block und Referenzsignal - Resource Grid und die Aufgaben der physikalischen Kanäle - Grenzen von 4G und Möglichkeiten mit 5G - Kanalbandbreiten und Frequenzbereiche 5G - Subcarrier-Spacing und Änderungen im Resource Block (MBMS, NBIoT, Data, Low Latency, etc.) - Beispiele von Resource Grids - 5G auf 3,5 GHz und 700 MHz - Berechnung der maximalen Datenrate - TDD und dessen Vorteile und Einschränkungen (Sync, Laufzeit) - Massive MIMO, Multi-User MIMO - statische Beams und Traffic Beams - Mixed Mode - Dynamic Spectrum Sharing - Messung von Antennen bei 5G Netzarchitektur: - Aktueller Stand von 5G (NSA, Anker bei 4G, TDD, CA mit 4G) - 5G NSA und SA - Core-Netzelemete, Schnittstellen und deren Aufgaben - Radionetzwerk, eNB, gNB, Schnittstellen ((e)CPRI, S, X, ...) - Backhaul, 10 Gbit/s Fiber und Richtfunk - Vorstellung 3GPP Specs

talk on conference website

There's a variety of places - on Earth and beyond - that pose challenging conditions to the ever-shrinking digital circuits of today. Making those tiny transistors work reliably when bombarded with charged particles in the vacuum of space, in the underground tunnels of CERN or in your local hospital's X-ray machine is not an easy feat. This talk is going to shed some light on what can be done to keep particles from messing up your ones and zeroes, how errors in digital circuits can be detected and corrected, and how you may even re-purpose those flipped bits in your RAM as a particle detector.

This talk will introduce the audience to the class of problems that digital circuits are faced with in challenging radiation environments. Such environments include satellites in space, the electronics inside particle accelerators and also a variety of medical applications. After giving an overview of the various effects that may cause malfunctions, different techniques for detection and mitigation of such effects are presented. Some of these techniques concern the transistor-level design of digital circuits, others include triple modular redundancy (TMR) and correction codes. Some open source software solutions that aid in the design and verification of circuits hardened against such problems are presented, and of course a 'lessons learned' from our experiences in the field of particle detector electronics will be shared.

talk on conference website

In this talk, you'll learn about the environmental impact of the digital products and services you build, why this matters. You’ll be introduced to a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotspots in digital products, and the steps you can take to reduce them.

You might have heard stories about how bitcoin, or the internet itself, is responsible for an ever-growing share of global carbon emissions. But it doesn’t need to be this way. Did you know that just by switching AWS regions in the US, you can wipe out a huge chunk of the carbon footprint from running your tech infrastructure? Most people don't, and we need stuff like this to be common knowledge in our industry - we need to know how to build digital products without needing to emit carbon, the same way we expect people in automotive industries to how to build cars with without needing lead in the fuel. In this talk, you'll learn about the environmental impact of the digital products and services you build, and a about a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotspots in the way you build them. You’ll also see how to use skills you already have to make meaningful, measurable improvements to the environmental impact of the digital products and services you build, and the open source tools available to support you in your efforts to green your stack.

talk on conference website

As Long-Term Evolution (LTE) communication is based on over-the-air signaling, a legitimate signal can potentially be counterfeited by a malicious signal. Although most LTE signaling messages are protected from modification using cryptographic primitives, broadcast messages and some of the unicast messages are unprotected. In this talk, we would like to introduce a signal injection attack that exploits the fundamental weakness of unprotected messages in LTE and modifies a transmitted signal over the air. This attack, which is referred to as signal overshadowing (named SigOver) overwrites a portion of the legitimate signal to inject manipulated signal into the victim while the victim is connected to a legitimate cellular network. In most aspects, SigOver attack is superior to FBS (Fake Bas Station) and MitM (Man-in-the-Middle) attack, in terms of Efficiency, Effectiveness, and Stealthiness. Thus, Sigover results in new attacks exploiting broadcast channel and unicast channel. For example, SigOver attack on the broadcast messages can affect a large number of nearby UEs simultaneously such as signaling storm, Denial-Of-Service, downgrading attack, location tracking, and fake emergency alert. SigOver attack on unicast channel can silently hand over victims to FBS and perform MitM attack. Sigover attack is currently zero-day. Since it exploits the fundamental problems in LTE physical signal, it will remain effective until 3GPP standards change.

In detail, we talk about the implementation of the SigOver, the first practical realization of the signal overshadowing attack on the LTE broadcast signals, using a low-cost Software Defined Radio (SDR) platform and open-source LTE library. The SigOver attack was tested against 10 smartphones connected to a real-world network, and all were successful. The experimental result shows that the SigOver overshadows the target signal and causes the victim device to decode it with 98% success rate with only 3 dB power difference from a legitimate signal. On the other hand, attacks utilizing an FBS have only 80% success rate even with 35 dB power difference. This implies that the SigOver can inconspicuously inject any LTE message and hand over victims to FBS for the Man-in-the-Middle attack. Presentation Snapshot : 1. Overview on LTE Architecture including structure, security aspects, and types of messages. Broadcast messages and some of the unicast messages are unprotected; thus they have a fundamental weakness. 2. Introduction of SigOver Attack, attack vectors, detailed implementational design, and issues on performing the attack. SigOver attack can manipulate unprotected LTE signals. 3. Comparison with FBS (Fake Base Station) Attacker and MitM (Man-in-the-Middle) Attacker, in terms of Efficiency, Effectiveness, and Stealthiness. In most aspects, SigOver is superior than FBS and MitM attacker. 4. Possible exploitations of broadcast channel using SigOver Attacks, such as signaling storm, Denial-Of-Service, downgrading attack, location tracking, and fake emergency alert. 5. Possible exploitations of unicast channel using SigOver Attacks. An attacker can manipulate every individual unprotected downlink messages. As the whole injection process is silent, this results in whole new types of attacks. 6. For example, an attacker can silently hand over victims to the fake base station. Once the victim is connected to the FBS, attacks including Man-in-the-Middle attack are possible.

talk on conference website

Did you ever wonder what happens in the time period it takes light to cross the diameter of your hair? This is the femtosecond, a millionth of a billionth of a second. It is the time scale of electron and nuclear motion, and therefore the most fundamental processes in atomic and molecular physics, chemistry and biology start here. In order to take movies with femtosecond time resolution, we need ultrafast cameras – flashes of light that act faster than any camera shutter ever could. And imaging ultrafast motion is only the first step: We aim to control dynamics on the femtosecond time scale, ultimately driving chemical reactions with light.

Investigating ultrafast processes is challenging. There simply are no cameras that would be fast enough to image a molecule in motion, so we need to rely on indirect measurements, for example by ultrashort light pulses. Such ultrashort pulses have been developed for several years and are widely applied in the study of ultrafast processes by, e.g., spectroscopy and diffraction. Depending on the specific needs of the investigation, they can be generated either in the laboratory or at the most powerful light sources that exist today, the x-ray free-electron lasers. With ultrafast movies, a second idea comes into play: once we understand the dynamics of matter on the femtosecond time scale, we can use this knowledge to control ultrafast motion with tailored light pulses. This is promising as a means to trigger reactions that are otherwise not accessible. In my talk, I will give a brief introduction to the rapidly developing field of ultrafast science. I will summarize main findings, imaging techniques and the generation of ultrashort pulses, both at lab-based light sources and large free-electron laser facilities. Finally, I will give an outlook on controlling ultrafast dynamics with light pulses, with the future goal of hacking chemical reactions.

talk on conference website

TamaGo is an Open Source operating environment framework which aims to allow deployment of firmware for embedded ARM devices by using 0% C and 100% Go code. The goal is to dramatically reduce the attack surface posed by complex OSes while allowing unencumbered Go applications.

TamaGo is a compiler modification and driver set for ARM SoCs, which allows bare metal drivers and applications to be executed with pure Go code and minimal deviations from the standard Go runtime. The presentation explores the inspiration, challenges and implementation of TamaGo as well as providing sample applications that benefit from a pure Go bare metal environment. TamaGo allows a considerable reduction of embedded firmware attack surface, while maintaining the strength of Go runtime standard (and external) libraries. This enables the creation of HSMs, cryptocurrency stacks and many more applications without the requirement for complex OSes and libraries as dependencies.

talk on conference website

Most modern embedded devices have something to protect: Whether it's cryptographic keys for your bitcoins, the password to your WiFi, or the integrity of the engine-control unit code for your car. To protect these devices, vendors often utilise the latest processors with the newest security features: From read-out protections, crypto storage, secure-boot up to TrustZone-M on the latest ARM processors. In this talk, we break these features: We show how it is possible to bypass the security features of modern IoT/embedded processors using fault-injection attacks, including breaking TrustZone-M on the new ARMv8-M processors. We are also releasing and open-sourcing our entire soft- and hardware toolchain for doing so, making it possible to integrate fault-injection testing into the secure development lifecycle.

Modern devices, especially secure ones, often rely on the security of the underlying silicon: Read-out protection, secure-boot, JTAG locking, integrated crypto accelerators or advanced features such as TrustZone are just some of the features utilized by modern embedded devices. Processor vendors are keeping up with this demand by releasing new, secure processors every year. Often, device vendors place a significant trust into the security claims of the processors. In this talk, we look at using fault-injection attacks to bypass security features of modern processors, allowing us to defeat the latest chip security measures such as TrustZone-M on the new ARMv8 processors. After a quick introduction into the theory of glitching, we introduce our fully open-source FPGA platform for glitching: An FPGA-based glitcher with a fully open-source toolchain & hardware, making glitching accessible to a wider audience and significantly reducing the costs of getting started with it - going as far as being able to integrate glitch-testing into the Secure Development Lifecycle of a product. Then, we look at how to conduct glitching attacks on real-world targets, beyond academic environments, including how to prepare a device for glitching and how to find potential glitch targets. Afterwards, we demonstrate fault-injection vulnerabilities we found in modern, widely-used IoT/embedded processors and devices, allowing us to bypass security features integrated into the chip, such as: - Re-enabling locked JTAG - Bypassing a secure bootloader - Recovering symmetric crypto keys by glitching the AES implementation - Bypassing secure-boot - Fully bypassing TrustZone-M security features on some new ARMv8M processors We will also demonstrating how to bypass security features and how to break the reference secure bootloader of the Microchip SAM L11, one of the newest, TrustZone-M enabled ARM Cortex-M processors, using roughly $5 of equipment. After the talk, PCBs of our hardware platform will be given out to attendees.

talk on conference website

Eine Software ist unbedenklich, wenn man sie auf ungefilterte Daten aus einem Webformular aufrufen kann, ohne prüfen zu müssen, ob dann etwas schlimmes passieren kann. In der Praxis lässt sich ein Kontinuum zwischen Nützlichkeit und Unbedenklichkeit als Kontrahenten beobachten. Software fängt häufig eher unbedenklich an, und wird dann immer bedenklicher, je mächtiger sie wird. Dieser Vortrag will a) diese Beobachtung beschreiben und b) fragen, wie man die Unbedenklichkeit beibehalten kann. Gibt es da Abstufungen? Metriken? Kriterien, die bei einer konkreten Entscheidung helfen können?

Die Kernidee dieses Vortrages ist es, von reaktiver Security ("wir packen einfach alles in eine VM / einen Container / eine Sandbox") wegzukommen hin zu einer vertrauenswürdigen Software-Infrastruktur, der man auch ohne Einsperren trauen kann.

Die offensichtliche Frage ist, wie man sowas konstruieren würde. Noch wichtiger ist aber die Frage, woran wir vertrauenswürdige Software überhaupt erkennen können.

Diese Metrik wäre dann auch hilfreich, um zu erkennen, ob unsere Einsperr-Methode überhaupt vertrauenswürdig war.

talk on conference website

Die Intensität des Kampfes um die Freiheit im digitalen Raum lässt auch in der Schweiz nicht nach. Wir blicken auf das netzpolitische Jahr 2019 zwischen Bodensee und Matterhorn zurück. Wir behandeln jene Themen, die relevant waren und relevant bleiben.

Weiter zeigen wir, was von der Digitalen Gesellschaft in der Schweiz im neuen Jahr zu erwarten ist. Themen sind unter anderem: Elektronische Identifizierung (E-ID): Das Gesetz, welches die elektronische Identifizierung regelt, ist verabschiedet worden. Der digitale Ausweis soll von privaten Unternehmen herausgegeben werden. Wir haben das Referendum gegen das Gesetz ergriffen. E-Voting: Ein öffentlicher Test des letzten sich im Rennen befindenden Systems war vernichtend. Wie es nun weitergeht im Kampf für das Vertrauen in die direkte Demokratie in der Schweiz. Netzsperren: Das erste Gesetz, in dem Netzsperren explizit verankert sind, ist dieses Jahr in Kraft getreten. Wie es in der Umsetzung aussieht Leistungsschutzrecht: Was es ins neue Urheberrechtsgesetz geschafft hat - und wie das Leistungsschutzrecht bezwungen wurde. Datenschutz: Wo in der Schweiz besonders viel «Datenreichtum» zu beobachten war und was es mit der Login- bzw. Tracking-Allianz auf sich hat. Netzneutralität: Nach einem langen Kampf erhält die Schweiz eine gesetzlich verankerte Netzneutralität. Im kommenden Jahr wird das Gesetz in Kraft treten. Digitale Gesellschaft in der Schweiz: Winterkongress, Big Brother Awards und andere Aktivitäten. Nach dem Vortrag sind alle interessierten Personen eingeladen, die Diskussion in einem Treffen fortzusetzen. Es werden Aktivistinnen und Aktivisten von verschiedenen Organisationen der Netzpolitik in der Schweiz anwesend sein (Digitale Gesellschaft, CCC-CH, CCCZH, Piratenpartei Schweiz).

talk on conference website

Data is core to the digital economy. Scandals such as Cambridge Analytica, however, serve as a reminder that large-scale collection and use of data raise serious privacy concerns. In this talk, I will discuss past and current research in data anonymization and anonymous use of data. More specifically, I will describe how historical statistical disclosure control methods fail to protect people's privacy in a world of big data and discuss the potential and challenges of modern security-based approaches to data privacy.

Data is a core element of modern society but its collection and use also raise serious privacy concerns. To allow data to be used while preserving privacy, GDPR and other legal frameworks rely on the notion of “anonymous data”. In this talk, I will first show how historical anonymization methods fail on modern large-scale datasets including how to quantify the risk of re-identification, how noise addition doesn't fundamentaly help, and finally recent work on how the incompleteness of datasets or sampling methods can be overcomed. This has lead to the development of online anonymization systems which are becoming a growing area of interest in industry and research. Second, I will discuss these the limits of these systems and more specifically new research attacking a dynamic anonymization system called Diffix. I will describe the system, both our noise-exploitation attacks, and their efficiency against real-world datasets. I will finally conclude by discussing the potential of online anonymization systems moving forward.

talk on conference website

Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden - und einiger anderer auch. Aber wie gut ist dieser Trend wirklich? Und wie nachhaltig? Wir setzen uns mit wissenschaftlicher Nachhaltigkeit, sozialen Auswirkungen, und den Folgen für unsere Ressourcen, unseren Energieverbrauch, und damit unseren Planeten auseinander.

Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden. Die Sinnhaftigkeit und die Qualität der Lösung scheinen dabei jedoch immer mehr vom Buzzword Bingo verschluckt zu werden. Ist es sinnvoll, weiterhin auf alle Probleme Deep Learning zu werfen? Wie gut ist sind diese Ansätze wirklich? Was könnte alles passieren, wenn wir so weiter machen? Und können diese Ansätze uns helfen, nachhaltiger zu leben? Oder befeuern sie die Erwärmung des Planetens nur weiter? Wir setzen uns im Detail mit drei Fragestellungen auseinander: 1. Wissenschaftliche Nachhaltigkeit: Wie gut sind die Ergebnisse wirklich? Was können die modernen neuronalen Netze und was können sie nicht? Und vor allem: Wo werden sie eingesetzt und wie sinnvoll ist das? KI Systeme, deren Beschreibung beeindruckend sind, produzieren nicht immer die besten Ergebnisse, und Reproduzierbarkeit, Evaluation, und Reflexion leiden unter Konkurrenzdruck und dem Publikationszyklus. Außerdem, welche Lösungen und Ansätze gehen im Deep Learning Hype unter? Dafür, dass sich so viele Forscher*innen mit dem Thema beschäftigen, zahlen wir damit, dass andere Themen, Ideen und Ansätze ignoriert werden - obwohl sie nützlich sein könnten. 2. Gesellschaftliche Auswirkungen: Was macht das mit unserer Gesellschaft? Insbesondere die Maschinen, die auf irgendeiner Ebene versuchen, Menschen zu imitieren, aber auch viele Anwendungen, die wir alltäglich verwenden, haben einen grundlegenden Einfluss auf uns, der nicht immer ausreichend reflektiert wird. Maschinen können auch diskriminieren, unsere Entscheidungen beeinflussen, uns in falscher Sicherheit wiegen und Aufgaben übernehmen, denen sie überhaupt nicht gewachsen sind. 3. Umwelteinfluss: Welche Ressourcen investieren wir? Rechenzentren, riesige Data Warehouses, Kryptocurrency-Berechnung und Compute Cluster haben einen nicht mehr vernachlässigbaren Einfluss auf unsere endlichen Ressourcen und den CO2-Haushalt, direkt und indirekt. Die Menge an Strom, Zeit, Platz und Material, die wir investieren, sind in den letzten Jahren massiv gewachsen. Wollen wir wirklich so weiter machen?

talk on conference website

Der Diskurs hat sich von Klimaschutz als Aufgabe von Individuen hinzu einer strukturellen, systemischen Frage verschoben. Welche Veränderungen brauchen wir und warum lohnt es gemeinsam und aktivistisch gegen fossile Energieträgern und Co. vorzugehen. Viele Bereiche der Digitalsierung heizen die Klimakrise momentan an. Ich möchte eine aktivistische Perspektive darauf geben, welche Rolle Digitalisierung beim Ende des Ressourcenraubbaus spielen kann. Eine Energieversorgung ausschließlich aus erneuerbaren Energien ist ohne Digitalisierung nicht möglich. Digitale Kommunikation ist entscheidend bei der Organisation von Fridays For Future, wie sie aktuell gestaltet wird verbrennt sie viele persönliche Ressourcen.

Nach einem Jahr Klimastreik redet die Gesellschaft in einem Ausmaß wie nie zuvor über die Klimakrise. Lösungsansätze dieser Krise werden auch in der Öffentlichkeit immer öfter auf einer strukturelle und systemischen Ebene diskutiert. 1,4 Millionen Menschen waren am 20. September beim Global Climate Strike in Deutschland auf der Straße. Die institutionalisierte Politik, Parteien & vor allem die Bundesregierung machen weiterhin nur mit ihrer Blockadehaltung auf sich aufmerksam. Welche Rolle spielt eigentlich die Digitalisierung beim Ausstoß von Treibhausgasen und welche bei der Reduzierung dieses Ausstoß. Mit anderen Worten, welche Digitalsierung ist klimazerstörend und wie müssen wir sie gestalten in Zeiten der Klimakrise. Die wöchentlichen Streiks und viele weitere Veranstaltungen sowie die Organisation des Ganzen prägten viele junge Menschen das vergangenge Jahr. Digitale Kommunikation spielt in der Vernetzung der einzelnen Arbeits- und Ortsguppen eine essentielle Rolle. Diese Organisationsform bedeutet nicht nur schnelle Reaktionsfähigkeit, sondern oft auch die Verbrennung sämtlicher personeller Ressourcen. Die Digitalisierung sorgt in vielen Bereichen für mehr Emissionen. Allein die Organisation der Klimagerechtigkeitsproteste zeigt, dass sie nicht nur Teil des Problems ist, sondern auch Teil der Lösung. Die planetaren Grenzen & Menschenrechte lassen sich nicht verhandeln, alle anderen Grenzen können wir zu Gunsten der Menschen aufweichen oder abschaffen. Der Kampf für digitale Freiheit erleichtert Aktivismus für Klimagerechtigkeit, beides geht uns alle etwas an.

talk on conference website

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure, which led to the development of an IoT-specific cybercrime underground. Unfortunately, the software on these systems is hardware-dependent, and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Moreover, most of the existing devices implement their functionality through the use of multiple binaries. This multi-binary service implementation renders current static and dynamic analysis techniques either ineffective or inefficient, as they are unable to identify and adequately model the communication between the various executables. In this talk, we will unveil the inner peculiarities of embedded firmware, we will show why existing firmware analysis techniques are ineffective, and we will present Karonte, a novel static analysis tool capable of analyzing embedded-device firmware by modeling and tracking multi-binary interactions. Our tool propagates taint information between binaries to detect insecure, attacker-controlled interactions, and effectively identify vulnerabilities. We will then present the results and insights of our experiments. We tested Karonte on 53 firmware samples from various vendors, showing that our prototype tool can successfully track and constrain multi-binary interactions. In doing so, we discovered 46 zero-day bugs, which we disclosed to the responsible entities. We performed a large-scale experiment on 899 different samples, showing that Karonte scales well with firmware samples of different size and complexity, and can effectively and efficiently analyze real-world firmware in a generic and fully automated fashion. Finally, we will demo our tool, showing how it led to the detection of a previously unknown vulnerability.

Presentation Outline 1. Introduction to IoT/Embedded firmware [~7 min] * A brief intro to the IoT landscape and the problems caused by insecure IoT devices. * Overview of the peculiarities that characterize embedded firmware. * Strong dependence from custom, unique environments. * Firmware samples are composed of multiple binaries, in a file system fashion (e.g., SquashFS). * Example of how a typical firmware sample looks like. 2. How to Analyze Firmware? [~5 min] * Overview on the current approaches/tools to analyze modern firmware and spot security vulnerabilities. * Description of the limitations of the current tools. * Dynamic analysis is usually unfeasible, because of the different, customized environments where firmware samples run. * Traditional, single-binary static analysis generates too many false positives because it does not take into account the interactions between the multiple binaries in a firmware sample. 3. Modeling Multi-Binary Interactions [~5 min] * Binaries/processes communicate through a finite set of communication paradigms, known as Inter-Process Communication (or IPC) paradigms. * An instance of an IPC is identified through a unique key (which we term a data key) that is known by every process involved in the communication. * Data keys associated with common IPC paradigms can be used to statically track the flow of attacker-controlled information between binaries. 4. Karonte: Design & Architecture [~15 min] * Our tool, Karonte, performs inter-binary data-flow tracking to automatically detect insecure interactions among binaries of a firmware sample, ultimately discovering security vulnerabilities (memory-corruption and DoS vulnerabilities). We will go through the steps of our approach. * As a first step, Karonte unpacks the firmware image using the off-the-shelf firmware unpacking utility binwalk. * Then, it analyzes the unpacked firmware sample and automatically retrieves the set of binaries that export the device functionality to the outside world. These border binaries incorporate the logic necessary to accept user requests received from external sources (e.g., the network), and represent the point where attacker-controlled data is introduced within the firmware itself. * Given a set of border binaries, Karonte builds a Binary Dependency Graph (BDG) that models communications among those binaries processing attacker-controlled data. The BDG is iteratively recovered by leveraging a collection of Communication Paradigm Finder (CPF) modules, which are able to reason about the different inter-process communication paradigms. * We perform static symbolic taint analysis to track how the data is propagated through the binary and collect the constraints that are applied to such data. We then propagate the data with its constraints to the other binaries in the BDG. * Finally, Karonte identifies security issues caused by insecure attacker-controlled data flows. 5. Evaluation & Results [~10 min] * We leveraged a dataset of 53 modern firmware samples to study, in depth, each phase of our approach and evaluate its effectiveness to find bugs. * We will show that our approach successfully identifies data flows across different firmware components, correctly propagating taint information. * This allowed us to discover potentially vulnerable data flows, leading to the discovery of 46 zero-day software bugs, and the rediscovery of another 5 n-days bugs. * Karonte provided an alert reduction of two orders of magnitude and a low false-positive rate. * We performed a large-scale experiment on 899 different firmware samples to assess the scalability of our tool. We will show that Karonte scales well with firmware samples of different size and complexity, and thus can be used to analyze real-world firmware. 6. Demo of Karonte [~5 min] * We will show how Karonte analyzes a real-world firmware sample and detects a security vulnerability that we found in the wild. * We will show the output that Karonte produces and how analysts can leverage our tool to test IoT devices. 7. Conclusive Remarks [~3 min] * A reprise of the initial questions and summary of the takeaways.

talk on conference website

Considerations for distributed and decentralized technologies from the perspective of a product that many would like to see decentralize.

Amongst an environment of enthusiasm for blockchain-based technologies, efforts to decentralize the internet, and tremendous investment in distributed systems, there has been relatively little product movement in this area from the mobile and consumer internet spaces. This is an exploration of challenges for distributed technologies, as well as some considerations for what they do and don't provide, from the perspective of someone working on user-focused mobile communication. This also includes a look at how Signal addresses some of the same problems that decentralized and distributed technologies hope to solve.

talk on conference website

Psychedelic research constitutes a challenge to the current paradigm of mental healthcare. But what makes it so different? And will it be able to meet the high expectations it is facing? This talk will provide a concise answer.

Psychedelic Therapy is evolving to be a game changer in mental healthcare. Where classical antidepressants and therapies e.g. for Posttraumatic Stress Disorder often have failed to provide relief, substance assisted psychotherapies with Psilocybin, LSD and MDMA show promising results in the ongoing clinical trials worldwide. A challenge to the current paradigm: Unlike the conventional approach of medicating patients with antidepressants and other psychotropic drugs on a daily basis for months and years at a time, Psychedelic Therapy offers single applications of psychedelics or emotionally opening substances such as Psilocybin, LSD and MDMA within the course of a limited number of therapeutic sessions. The clinical trials conducted in this kind of setting are currently designed around depression, substance abuse, anxiety and depression due to life threatening illnesses, PTSD, anorexia and social anxiety in Autism. Though the results look promising, it is important not to take these therapies for a “magic bullet cure” for all and very patient will mental issues. This talk will outline the principles of psychedelic therapy and research and provide a concise overview of what psychedelic therapy can and cannot offer in the future.

talk on conference website

Für Sinti*zze und Roma*nja gehören Anfeindungen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt und veröffentlicht. Warum ist es so gefährlich, ethnische Herkunft in Polizeidatenbanken zu erfassen? Und was für Konsequenzen hat es, sie in Berichterstattung zu erwähnen? Wann darf die Polizei überhaupt Daten zu ethnischer Herkunft erheben? Und wann und mit welchen Methoden tut sie es vielleicht trotz Verbots?

Für Sinti*zze und Roma*nja gehören auch in Deutschland Anfeindungen in allen Lebenslagen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt und veröffentlicht. In Pressemitteilungen der Polizei tauchen immer wieder Hinweise auf die ethnische Herkunft auf, vor allem bei Tatverdächtigen, seltener bei Opfern oder Zeug*innen. Die Berliner Polizei hat in der Kriminalstatistik 2017 den Hinweis veröffentlicht, dass die Mehrheit der Tatverdächtigen von „Trickdiebstahl in Wohnungen“ Angehörige der Volksgruppe Sinti und Roma seien: Dass es rechtswidrig ist, wenn die Polizei die zugrunde liegenden Daten tatsächlich erhebt, ist unstreitig. In Kooperation mit dem Zentralrat hat die Gesellschaft für Freiheitsrechte e.V. (GFF) im Fall der Berliner Polizeikriminalstatistik bei der Berliner Landesdatenschutzbeauftragten ein Beschwerdeverfahren wegen des Verdachts auf Diskriminierung von Sinti*zze und Roma*nja lanciert. Beide Organisationen prüfen gemeinsam weitere rechtliche Möglichkeiten. Warum ist es so gefährlich, ethnische Herkunft in Polizeidatenbanken zu erfassen? Und was für Konsequenzen hat es, sie in Berichterstattung zu erwähnen? Wann darf die Polizei überhaupt Daten zu ethnischer Herkunft erheben? Und wann tut sie es vielleicht trotz Verbots? Und mit welchen Methoden erhebt die Polizei überhaupt die ethnische Herkunft? Die Gesellschaft für Freiheitsrechte e.V. (GFF) und der Zentralrat Deutscher Sinti und Roma wollen diese Fragen gemeinsam mit dem Publikum diskutieren. Anja Reuss ist Politische Referentin des Zentralrats Deutscher Sinti und Roma, der politischen Interessenvertretung der deutschen Sinti und Roma mit Sitz in Heidelberg. Als Dachverband setzt sich der Zentralrat auf nationaler und internationaler Ebene für eine gleichberechtigte Teilhabe von Sinti und Roma in Politik und Gesellschaft sowie für die Auseinandersetzung mit und Bekämpfung von Antiziganismus ein. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Prozesse Grund- und Menschenrechte stärkt und zivilgesellschaftlichen Partnerorganisationen rechtlich unterstützt. In ihren Verfahren setzt sich die GFF dabei immer wieder kritisch mit polizeilichen Ermittlungsbefugnissen auseinander, sei dies im Zusammenhang mit dem Einsatz von Späh-Software oder bei der Datenerhebung.

talk on conference website

In Brüssel wird über eine Verordnung verhandelt, die es allen EU-Staaten ermöglichen soll, Provider zur Herausgabe von Inhalten oder Metadaten zu verpflichten – egal wo die Daten gespeichert sind, egal ob die Tat, um die es geht, dort eine Straftat ist. Werden CLOUD-Act, e-Evidence und ähnliche Kodifikationen bald dafür sorgen, dass Strafverfolgungsbehörden aller Länder Daten von Providern weltweit abgreifen können?

Strafverfolger hierzulande würden gern möglichst schnell alle möglichen Daten von allen möglichen Online-Diensten über ihre Kunden erhalten. Juristisch stehen dem bisher einige Hürden im Weg, wenn die Anbieter nicht im Inland sitzen oder wenn sie Daten auf Servern im Ausland speichern. Hinter der Auskunft, mit welcher IP eine Morddrohung auf Facebook gepostet wurde, verbergen sich Diskussionen über die großen Themen des Völkerrechts: Souveränität und Territorialität. Weil Daten oft auf der ganzen Welt gespeichert werden, wird das etablierte System der gegenseitigen Rechtshilfe in Frage gestellt. Während die EU noch über die eEvidence-Verordnung berät, haben die USA schon mit UK ein Abkommen für unbegrenzten Direktzugriff geschlossen und verhandeln mit Australien. Warum diesen neuen Regeln jeder Grundrechtsschutz fehlt und wie grenzüberschreitende Repression politische Verfolgung verändern könnte, erfahrt ihr in diesem Talk.

talk on conference website

Wireless connectivity is an integral part of almost any modern device. These technologies include LTE, Wi-Fi, Bluetooth, and NFC. Attackers in wireless range can send arbitrary signals, which are then processed by the chips and operating systems of these devices. Wireless specifications and standards for those technologies are thousands of pages long, and thus pose a large attack surface.

Wireless exploitation is enabled by the technologies any smartphone user uses everyday. Without wireless connectivity our devices are bricked. While we can be more careful to which devices and networks we establish connections to protect ourselves, we cannot disable all wireless chips all the time. Thus, security issues in wireless implementations affect all of us. Wireless chips run a firmware that decodes wireless signals and interprets frames. Any parsing error can lead to code execution within the chip. This is already sufficient to read data passing the chip in plaintext, even if it would be encrypted while transmitted over the air. We will provide a preview into a new tool that enables full-stack Bluetooth fuzzing by real-time firmware emulation, which helps to efficiently identify parsing errors in wireless firmware. Since this kind of bug is within the wireless chips' proprietary firmware, patching requires assistance of the manufacturer. Often, fixing this type of security issue takes multiple months, if done at all. We will tell about our own responsible disclosure experiences, which are both sad and funny. Another risk are drivers in the operating system, which perform a lot of operations on the data they receive from the wireless chip. Most drivers trust the input they get from a wireless chip too much, meaning that wireless exploitation within the chip can easily escalate into the driver. While escalating directly into the operating system is the commonly known option, it is also possible to escalate into other chips. This is a new attack type, which cannot be filtered by the operating system. For everyone who is also concerned during our talk, there will be fancy tin foil hats.

talk on conference website

Extinction Rebellion (XR) ist eine global agierende, schnell wachsende, klimaaktivistische Graswurzel-Bewegung, die mit gewaltfreien Aktionen zivilen Ungehorsams auf die drohende Klimakatastrophe hinweist und Regierungen zum Handeln bewegen will. Die Ortsgruppe Berlin präsentiert in einer Art Jahresrückblick eine Auswahl an aktuellen Aktionen und stellt vor, wo wir als Bewegung gerade stehen, was wir bislang erreicht haben und was weiterhin gebraucht wird, um ein dringend notwendiges politisches Umsteuern einzuleiten. Let's act now.

Extinction Rebellion (XR) hat ein turbulentes erstes Jahr hinter sich. Im letzten Herbst wurden in London die fünf wichtigsten Brücken über die Themse besetzt und die drohende Klimakatastrophe begann – endlich! – ins öffentliche Bewusstsein zu rücken. In diesem Herbst gab es koordinierte Aktionen und Blockaden mit Zehntausenden Teilnehmer:innen bereits in über 60 Metropolen auf der ganzen Welt. Über zweitausend Menschen sind dabei verhaftetet worden. Klimapolitisch hat sich dennoch so gut wie nichts getan. Während Regierungen entweder regungslos verharren oder aber den Klimanotstand ausrufen und zugleich neue Infrastruktur für fossile Brennstoffe bewilligen, arbeitet die Leugner:innenmaschinerie auf Hochtouren und bemüht sich um die Konstruktion alternativer Fakten. Gleichzeitig erleben wir immer wieder, dass unsere wissenschaftlichen Prognosen nicht stimmen und sich der Klimawandel in seinem Verlauf schneller und heftiger vollzieht als vorhergesagt. Hitzewellen, Waldbrände, Dürren, Ernteausfälle, Wasserknappheit sind nicht mehr zu ignorieren. Es ist daher unumgänglich, den politischen Druck zu erhöhen, indem mehr Aktionen an mehr Orten mit noch viel mehr Menschen und auf vielen verschiedenen Ebenen durchgeführt werden. XR kann jede Art von Unterstützung gut gebrauchen – egal ob es um Nachhilfe in puncto Privacy geht, um Operational Security, um Soft- und Hardware oder um eigenständigen Hacktivismus. Wichtig ist nur: Wir müssen uns jetzt aufraffen, zusammentun und aktiv werden. The time is now.

talk on conference website

Browsers are the ones who handle our sensitive information. We entirely rely on them to protect our privacy, that’s something blindly trusting on a piece of software to protect us. Almost every one of us uses browser extensions on daily life, for example, ad-block plus, Grammarly, LastPass, etc.

But what is the reality when we talk about security of browser extensions. Every browser extensions installed with specific permissions, the most critical one is host access permission which defines on which particular domains your browser extension can read/write data. You might already notice the sensitivity of host permissions since a little mistake in the implementation flow would lead to a massive security/privacy violation. You can think of this way when you install an extension that has permission to execute JavaScript code on https://www.bing.com, but indeed, it allows javaScript code execution on https://mail.google.com. Which means this extension can also read your google mail, and this violates user privacy and trust. During the research on edge extensions, we noticed a way to bypass host access permissions which means an extension which has permission to work on bing.com can read your google, facebook, almost every site data. we noticed using this flow we can change in internal browser settings, Further, we ware able to read local system files using the extensions. Also in certain conditions, it allows you to execute javaScript on reading mode which is meant to protect users from any javaScript code execution issues. This major flaw in Microsoft Edge extension has been submitted responsibly to the Microsoft Security Team; as a result, CVE-2019-0678 assigned with the highest possible bounty. Outline 1. Introduction to the browser extension This section is going to cover what is browser extensions, and examples of browser extensions that are used on a daily basis. 2. Permission model in browser extensions This section details about the importance of manifest.json file, further details about several permissions supported by edge extensions and at last it describes different host access permissions and the concept of privileged pages in browsers. 3. Implementation of sample extension In this section, we will understand the working of edge extensions and associated files. 4. Playing with Tabs API This section includes the demonstration of loading external websites, local files and privileged pages using the tabs API. 5. Forcing edge extensions to load local files and privileged pages Here we will see how I fooled edge extensions to allow me to load local files and privileged pages as well. 6. Overview of javascript protocol This section brief about the working and the use of JavaScript protocol. 7. Bypassing host access permission The continuing previous section, here we will discuss I was able to bypass host access permission of edge extensions using the javascript URI’s. 8. Stealing google mails Once we bypassed the host access permission, we will discuss how edge extension can read your Google emails without having permission. 9. Stealing local files The continuing previous section, here we will discuss how an edge extension can again escalate his privileges to read local system files. 10. Changing internal edge settings This section details how I was able to change into internal edge settings using edge extensions, this includes enabling/disabling flash, enabling/disabling developer features. 11. Force Update Compatibility list This section details how an extension can force update Microsoft compatibility list 12. javascript code execution on reading mode? Here we will dicuss about the working of reading mode and CSP issues associated with it. 13. Escalating CSP privileges. This section describes how edge extensions provides more privilages to the user when dealing with content security policy

talk on conference website

Der Hackerparagraph § 202c StGB ist seit August 2007 in Kraft. Das Bundesverfassungsgericht nahm eine dagegen gerichtete Verfassungsbeschwerde nicht an, wies aber darauf hin, dass er verfassungskonform auszulegen sei. Wie ist also die Rechtslage? Und wie sieht die Realität der Strafverfolgung aus? Reality Check!

Wie war das nochmal mit diesem umstrittenen Hackerparagraphen? Welche Rolle spielt er in der Praxis der Strafverfolgung? Kann mich so ein Ermittlungsverfahren am Ende selber betreffen? Und wie gehen die Strafverfolgungsbehörden bei Ermittlungen wegen des Verdachts auf Straftaten nach § 202c StGB vor? Dies wird anhand eines von einer Schwerpunktstaatsanwaltschaft für Cybercrime geführten Strafverfahrens beantwortet. Der Vortrag stellt Rechtslage und Realität gegenüber. Um es vorweg zu nehmen: Sowas kann man sich gar nicht ausdenken.

talk on conference website

A lecture on the environmental impacts of digital industry today and how to think about and design digital tools with limited energy and resources.

In his lecture Gauthier Roussilhe summarises what we know today about the environmental impacts of digital industry. He addresses the sustainability of the current trajectory and how to think differently about digital industry. Contesting the myths of dematerialisation and of the global village, he gives examples of digital web design based on CO2/energy budget rather than monetary budget. He also gives examples of digital tools that accept the materiality of their territory (geographical, infrastructures) to think of new digital uses.

talk on conference website

talk on conference website

Der Talk soll die Geschichte der senseBox von Beginn bis jetzt wiedergeben. Dabei möchte ich vor allem auf unsere Arbeit im Bereich Open Source, Open Data, Open Hardware und Open Educational Resources eingehen. Die Motivation von Teilnehmern des senseBox Projekts möchte ich basierend auf einer Nutzerstudie kurz wiedergeben. Außerdem möchte ich auf aktuelle Probleme sowie technische Hürden und die Genauigkeit der Daten eingehen. Zu guter Letzt gebe ich einen kurzen Ausblick in die Zukunft des Projekts.

Mithilfe der senseBox, einem DIY Citizen Science Baukasten, kann jeder an der Forschung und Wissenschaft teilnehmen. Sei es durch die Messung von Umweltdaten, Analyse und Auswertung dieser Daten oder durch die Teilnahme an Diskussionen einer großen Community. Außerdem können Schülerinnen und Schüler durch die Nutzung von Open Educational Resources und einer visuellen Entwicklungsumgebung das Programmieren spielend erlernen. Dadurch wird nicht nur das Umweltverständnis, sondern auch die digitale Bildung gefördert. Die Hardware der senseBox basiert auf dem Konzept von Arduino und enthält neben dem Microcontroller noch weitere Umweltsensoren. Jegliche Projekte, von einer einfachen Wetterstation über ein intelligentes Bewässerungssystem für den Garten bis hin zu einer Wasserqualität-Boje in der Nordsee, sind durch die offene Arduino Plattform umsetzbar. Das Rückgrat der senseBox ist die openSenseMap. Das Backend sammelt die gesendeten Daten der senseBoxen aber auch anderer Geräte. Sensoren zur Luftqualität von Luftdaten.info oder HackAIR sowie alle anderen Geräte können ihre Sensordaten zur offenen API der openSenseMap senden. Die Webanwendung ermöglicht Visualisierungen und Analysemöglichkeiten. Die Daten sind über die API für jeden frei verfügbar und können somit unter anderem für die Klimaforschung genutzt werden. Das Projekt startete vor einigen Jahren als Studienprojekt an der Universität Münster. Nach mehreren Abschlussarbeiten, Projektwochen, Workshops und Förderperioden entstand aus einer einfachen Idee ein umfangreiches Toolkit. Die openSenseMap, auf welcher anfänglich einige Dutzend senseBoxen registriert waren, verzeichnete in den letzten 5 Jahren steigende Nutzerzahlen mit aktuell rund 5300 registrierten senseBoxen. Daraus resultieren Probleme, welche zu Beginn des Projekts nicht absehbar waren: die Webanwendung läuft inzwischen in der Cloud und fordert viel Rechen- und Speicherkapazität. Die Messdaten werden ineffizient in Datenbanken gespeichert, dadurch benötigt die Anwendung starke virtuelle Server. Der Talk soll die Geschichte der senseBox von Beginn bis jetzt wiedergeben. Dabei möchte ich vor allem auf unsere Arbeit im Bereich Open Source, Open Data, Open Hardware und Open Educational Resources eingehen. Die Motivation von Teilnehmern des senseBox Projekts möchte ich basierend auf einer Nutzerstudie kurz wiedergeben. Außerdem möchte ich auf aktuelle Probleme sowie technische Hürden und die Genauigkeit der Daten eingehen. Zu guter Letzt gebe ich einen kurzen Ausblick in die Zukunft des Projekts.

talk on conference website

In this talk we will take a look at the 'Vault 7' Protego documents, which have received very little attention so far, and challenge the assertion that Protego was a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft' based on system block diagrams, build instructions and a few interesting news items. In addition, we will discuss hypothetical weaknesses in systems like it.

In March 2017, WikiLeaks published the 'Vault 7' series of documents detailing 'cyber' activities and capabilities of the United States' Central Intelligence Agency (CIA). Among a wide variety of implant & exploit frameworks the final documents released as part of the dump, related to a project code-named 'Protego', stood out as unusual due to describing a piece of missile control technology rather than CNO capabilities. As a result, these documents have received comparatively little attention from the media and security researchers. While initially described by WikiLeaks as a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft', a closer look at the documents sheds significant doubt on that assertion. Instead, it seems more likely that Protego was part of an arms control solution used in covert CIA supply programs delivering various kinds of weapons to proxy forces while attempting to counteract undesired proliferation. In this talk we will take a look at the Protego documents and show how we can piece quite a bit of information together from a handful of block diagrams, some build instructions and a few news articles. Finally, we will discuss the potential weaknesses of such 'lockdown' systems which have been proposed for and are deployed in everything from theft prevention solutions and livestock management to firearms control and consumer UAVs.

talk on conference website

Robots, Satellites and biometrical traps - more than a Billion Euro will be spent in 2021 for what they call "Border Security." The European Border and Coastguard, formerly Frontex, dreams of a fully automomus border surveillance system.

As a humanitarian & human rights organisation involved in sea rescue, we recognise however that the shift towards new technologies correlates with a shift away from basic human rights standards. The robots, satellites & co. are not used to make society safer & life easier but to spy on us and to deport people to torture in Libya. At Sea-Watch e.V. we are involved in a non-profit initiative dedicated to the civilian rescue of refugees at sea. In view of the humanitarian disaster on the Mediterranean Sea-Watch provides emergency aid, demands and forces at the same time the rescue by the responsible European institutions and stands publicly for legal escape routes and open borders. We are politically and religiously independent and finance ourselves exclusively through donations. At sea, we formerly cooperated with Frontex ships in rescues when they were still involved in live saving operations. Now we regularly observe them actually being involved in illegal refoulements, especially with our surveillance aircraft Moonbird. Frontex was formerly an agency that advised governments on border control and did risk assessments on border crossings, it had basically a coordinating role within the European framework. They were called "European Agency for the Management of Operational Cooperation at the External Borders". In 2016, during the so-called refugee crisis, the European Commission proposed to strengthen them and they became the European Border and Coast Guard Agency. Frontex is working and developing satellite observation, the development of drone capabilities and other surveillance technologies like IMSI-Catchers with the help of European universities and companies like EADS and esri. All this happens right now without a lot of public or transparency from the site of the agency. While they provide national authorities with equipment and justify their yearly growing budget with out border security there are no sources to measure the effectivity of their methods. While they present themselves as the friendly boarderguard next door it has evolved into an engency which is developing capabilities in all kinds of surveillance technologies with pilot projects which sound like they are taken out of a science fiction movie: SMILE "SMILE proposes a novel mobility concept, using privacy by design principles, that will enable low cost secure exchange and processing of biometric data, addressing in parallel the aforementioned challenges by designing, implementing and evaluating in relevant environments (TRL6) prototype management architecture, for the accurate verification, automated control, monitoring and optimization of people’ flows at Land Border Infrastructures." Roborder "ROBORDER aims at developing and demonstrating a fully-functional autonomous border surveillance system with unmanned mobile robots including aerial, water surface, underwater and ground vehicles, capable of functioning both as standalone and in swarms, which will incorporate multimodal sensors as part of an interoperable network." http://btn.frontex.europa.eu/projects/external/roborder iBorderCtrl "iBorderCtrl envisages to enable faster thorough border control for third country nationals crossing the borders of EU, with technologies that adopt the future development of the Schengen Border Management. The project will present an optimal mixture of an enhanced, voluntary form of a Registered Traveller Programme and an auxiliary solution for the Entry/Exit System based on involving bona fide travellers" http://btn.frontex.europa.eu/projects/external/iborderctrl While the people in charge do not manage to organize a proper search- and rescue program, Europe is setting up and spending more and more on a massive surveillance agency for border protection which has a big focus in surveillance and "protecting" the European external borders while no one ever evaluated the effectivity of this massive border militarization.

talk on conference website

With the rapid development of mobile internet, apps become more and more complex. However, their most used functions are limited to a few pages. Enters instant app. It has many advantages over normal apps, such as click-to-play and concise design, and it's becoming more and more popular. There is some form of instant app framework in many popular apps, such as Google Play, TikTok, etc. In addition, many phone vendors have also embedded instant app frameworks in their pre-installed applications. However, there is barely any public research on attacking instant apps.

In this talk, we will dive into a common architecture of instant app framework, and demonstrate attack models for it. Based on these attack models, we have reverse engineered top instant app frameworks. We will show how to bypass various kinds of sandboxing and restriction technologies to break isolations between instant apps. These vulnerabilities could lead to sensitive information leakage, identity theft, account takeover and other severe consequences. During the study of Google Instant app, we also bypassed component access restrictions, which greatly expands attack surface. These vulnerabilities and attack models affects more than 60% of Android devices and at least 1 billion users. Finally, we summarize the root causes of these vulnerabilities at the architectural level and point out the potential attack points. We will also propose practical mitigation measures for specific vulnerabilities. We hope we could make users and developers aware of the potential security risks while enjoying the convenience of instant apps. We also hope to make security community aware of this emerging new attack surface.

talk on conference website

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. By translating internet cookies into sound, the ‘Listening Back’ browser add-on provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. Addressing the proliferation of ubiquitous online surveillance and the methods by which our information flows are intercepted by mechanisms of automated data collection, ‘Listening Back’ functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised. This lecture performance will examine Internet cookies as a significant case study for online surveillance with their invention in 1994 being historically situated at the origins of automated data collection, and the commercialisation of the World Wide Web. I will integrate online browsing to demonstrate the ‘Listening Back’ add-on and explore it’s potential to reveal algorithmic data capture processes that underlie our Web experience.

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised. Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture. By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning?

talk on conference website

What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?

Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones. So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect. In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects. As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists.

talk on conference website

Individuals conducting reverse engineering for research purposes face several legal issues arising from IP and competition law. The legislation has reacted by introducing a new law on trade secrets specifically allowing reverse engineering. While the new law is certainly an improvement, many questions still remain as to conflicts with opposing domestic laws as well as other possibilities to waive the permission. In this talk, we provide guidance through the jungle of the current legal situation from a techno-legal perspective.

Hardware Reverse Engineering (HRE) is common practice for security researchers in order to detect vulnerabilities and assure integrity of microchips. Following last years talk “Mehr schlecht als Recht: Grauzone Sicherheitsforschung” and from the standpoint of a research group regularly applying HRE, we asked ourselves about potential negative legal implications for our personal lives. Therefore, we consulted an expert who assesses the legal implications of our work. For a long time, our law has solely protected the inventor of a product. Discovering the underlying technical details and mechanisms of, e. g. microchips, has been deemed illegal due to intellectual property (IP) protection laws. Only lately, the legislation has recognized the importance of cybersecurity that heavily relies on reverse engineering to find security gaps and malfunctions. Subsequently, Germany introduced a new trade secret allowing for the “observation, study, disassembly or testing of a product or object” in 2018. However, at this stage, several questions remain unanswered: Is it possible to restrict this freedom by, e. g. contractual agreements? How may the gained knowledge (not) be used? How do claims from IP holders from other legal systems such as the US influence our case? The talk will shed light on these questions from a techno-legal perspective. Ultimately, it will give guidance for reverse engineers, demonstrating the boundaries of such new developments and highlighting the legal uncertainties in need of clarifications by literature and practice.

talk on conference website

Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work?

Concerns during the cold war era mainly focused on the diversion of Uranium intended for commercial nuclear power towards usage in weapons. During the 1990s, these concerns gave way to a focus on the role of military Uranium as a major source of fuel for commercial nuclear power. Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work? In the late 1980s the United States and countries of the former Soviet Union signed a series of disarmament treaties to reduce the world's nuclear arsenals. Since then, lots of nuclear materials have been converted into fuel for commercial nuclear reactors. Highly-enriched uranium in US and Russian weapons and other military stockpiles amounts to about 1500 tonnes, equivalent to about seven times the annual world Uranium mine production. These existing resources can be used instead of exploiting natural Uranium reserves, which are as limited as all other non-renewable energy sources. Uranium mining is a dirty, polluting, hazardous business which possibly could be stopped altogether if existing resources would be used instead. This talk is a primer in nuclear physics with focus on conversion of weapon grade Uranium and Plutonium into fuel for civil nuclear power plants.

talk on conference website

Von Menschen, die den riskanten Weg übers Mittelmeer auf sich nehmen, in der Hoffnung, in Europa Sicherheit zu finden. Nach 700 Aufführungen der Asyl-Monologe, Asyl-Dialoge und NSU-Monologe das neue Theaterstück von Autor und Regisseur Michael Ruf. Die Mittelmeer-Monologe erzählen von Menschen, die den riskanten Weg über das Mittelmeer auf sich nehmen, in der Hoffnung, in Europa in Sicherheit leben zu können – von libyschen Küstenwachen, italienischen Seenotrettungsstellen und deutschen Behörden, die dies verhindern und von Aktivist*innen, die dem Sterben auf dem Mittelmeer etwas entgegen setzen.

Die MITTELMEER-MONOLOGE erzählen von den politisch widerständigen Naomie aus Kamerun und Yassin aus Libyen, die sich auf einem Boot nach Europa wiederfinden, von brutalen 'Küstenwachen' und zweifelhaften Seenotrettungsstellen und von Aktivist*innen, die dem Sterben auf dem Mittelmeer etwas entgegen setzen. Diese Aktivist*innen überzeugen beim 'Alarmphone' die Küstenwachen, nach Menschen in Seenot zu suchen oder lernen auf der Seawatch, Menschen vor dem Ertrinken zu bewahren – kurzum sie tun das eigentlich Selbstverständlichste, was im Jahr 2019 alles andere als selbstverständlich ist: menschliches Leben zu retten! "Die Monologe berühren, schaffen Nähe, machen wütend und benennen Wege, um sich persönlich zu engagieren. (...) Sie widersetzen sich der Entmenschlichung der Tragödie. (...) Im Mittelpunkt stellen sie die Geschichten der Betroffenen." die tageszeitung, taz Die Mittelmeer-Monologe sind dokumentarisches, wortgetreues Theater, basierend auf mehrstündigen Interviews. Dadurch werden reale Fälle der Seenotrettung rekonstruiert, erzählt aus der Perspektive von Betroffenen und Aktivist*innen. Eines dieser realen Ereignisse zeigt die besondere Brutalität der "libyschen Küstenwache". So fuhr am 6.11.2017 zeitgleich ein Rettungsschiff von Seawatch und ein Schiff der libyschen Küstenwache zu einem Migranten-Boot. Auf diesem Boot befanden sich 150 Passagiere. Eine konfliktreiche Rettungsoperation begann, und während Seawatch letztendlich 59 Personen retten konnte, ertranken mindestens 20 Personen und 47 Personen wurden zurück nach Libyen gebracht - inhaftiert, geschlagen, verkauft, gefoltert. Dieser 6.11. wurde von "Forensic Architecture" aufwändig rekonstruiert (siehe Video "Mare Clausum. The Sea Watch vs Libyan Coast Guard Case") und von der New York Times ebenfalls als Video ("How Europe Outsources Migrant Suffering at Sea") journalistisch aufgearbeitet. Indem Michael Ruf zwei Personen, die an jenem Tag hautnah involviert waren, viele Stunden interviewt hat, liefert er die persönlichen Narrationen zu diesem paradigmatischen Fall. Die Premiere der Mittelmeer-Monologe fand fast genau 5 Jahre nach Gründung des WatchTheMed Alarmphones (11.10.2014) statt und erzählt einige Fälle der Seenotrettung dieses Aktivisten-Netzwerks. In diesen 5 Jahren hat das Alarmphone 2800 Boote in Seenot begleitet und unterstützt. Das Alarmphone ist rund um die Uhr anrufbar, umfasst ein Netzwerk von 200 Beteiligten in vielen Städten Europas und Nordafrikas und hat sich als kontinuerliche Infrastruktur für das Recht auf Bewegungsfreiheit entwickelt. Die Mittelmeer-Monologe liefern persönliche und intime Einblicke in die weitesgehend unbekannte Arbeit des Alarmphones, die einer Aktivistin und die jener Person, die in Seenot die Nummer des Alarmphones wählte, sowie deren insprierende gemeinsame Geschichte. Übertitel in Englisch, Französich und Arabisch.

talk on conference website

Before media art has emerged, traditional art and dance are already applying algorithms to make sophisticated patterns in their textures or movements. Hieda is researching the use of algorithm through creation of media installations and dialog with artists, dancers, choreographers and musicians. He also presents his current interest in machine learning and art which potentially exclude (or already excluding) some populations due to the dataset and modality.

talk on conference website

Development-fused iPhones with hardware debugging features like JTAG are out of reach for many security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones. We'll look at a way to break KTRR, a custom hardware mitigation Apple developed to prevent kernel patches, and use this capability to load a kernel extension that enables full-featured, single-step kernel debugging with LLDB on production iPhones.

This talk walks through the discovery of hardware debug registers on the iPhone X that enable low-level debugging of a CPU core at any time during its operation. By single-stepping execution of the reset vector, we can modify register state at key points to disable KTRR and remap the kernel as writable. I'll then describe how I used this capability to develop an iOS kext loader and a kernel extension called KTRW that can be used to debug the kernel with LLDB over USB.

talk on conference website

The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant dangers to the technical community. This panel will explain the legal and political issues we all need to understand in order to respond to this historic challenge.

We've been warning you about it for years, and now it's here. The talk will dissect the legal and political aspects of the US case against Wikileaks from an international perspective. It will describe the threats this prosecution poses to different groups and the key issues the case will raise. Most importantly, we will explain how we are still in time to act and change the course of history.

The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant dangers to the technical community, the trans community, to human rights defenders and anti-corruption campaigners everywhere.

If we don't take action now, the ramifications of this case will be global, tremendously damaging and potentially irreversible in times when the need to hold the powerful to account has never been more obvious. This is a historic moment and we need to rise to its challenge.

This talk will explain the legal and political aspects of the case against WikiLeaks, the reasons why Chelsea Manning and Jeremy Hammond have been imprisoned again, the governmental interests for and against prosecution, the dynamics of UK/US extradition and what it means to prosecute Assange as Trump runs for re-election.

This is a case with destructive potential like no other, with profound implications for the future of dissent, transparency, accountability and our ability to do the work we care about.

The situation is frightening but it isn't hopeless: we will conclude with a guide to an effective strategy against the lawfare the journalist and technical communities are now facing courtesy of Donald Trump's DOJ.

talk on conference website

Civil society depends on the continuing ability of citizens to communicate with one another, without fear of interference, deprivation or eavesdropping. As the international political climate changes alongside that of our physical climatic environment, we must find ways to create mobile communications systems that are truly resilient and sustainable in the face of such shocks. We have therefore identified a number of freedoms that are required for resilient mobile phones: Energy, Communications, Security, Innovation, Maintenance and Scale-Dependency. These can be summarised as making it possible for people to create, maintain and develop mobile communications solutions, without requiring the capital and resources of a large company to do so. In this lecture I will explain why each of these is necessary, as well as describing how we are incorporating these principles into the MEGAphone open, resilient and secure smart-phone project.

In the humanitiarian sector we talk about how without energy there is no communications, and without communications there is no organisation, and how without organisation people die. As we see increasing frequency of natural disasters, man-made disasters like wars and unrest, and the distressing intersection of these events, we have been convinced that we need to be able to create mobile communications devices that can not only survive in such events, but be sustained in the long term, and into what we call the coming Digital Winter. The Digital Winter is the situation where the freedoms to create and innovation digital systems will become impossible or highly limited due to any of various interrelated factors, such as further movement towards totalitarian governments, the failure of international supply systems (or their becoming so untrustworthy to be usable), the failure of various forms of critical infrastructure and so on. Fortunately the Digital Winter has not yet arrived, but the signs of the Digital Autumn are already upon us: The cold winds chilling our personal freedoms can already be felt in various places. Thus we have the imperative to act now, while the fruit of summer and autumn still hangs on the trees, so that we can make a harvest that will in the least sustain us through the Digital Winter with resilient, secure and sustainable communications systems, and hopefully either stave off the onset of the winter, bring it to a sooner end, and/or make the winter less bitter and destructive for the common person. It is in this context that we have begun thinking about what is necessary to achieve this, and have identified six freedoms that are required to not merely create digital solutions that can survive the Digital Winter, but hopefully allow such solutions to continue to be developed during the Digital Winter, so that we can continue to react to the storms that will come and the predators that will seek to devour our freedoms like hungry wolves. The six freedoms are: 1. Freedom from Energy Infrastructure, so that we cannot be deprived of the energy we need to communicate. 2. Freedom from Communications Infrastructure, so that we cannot be deprived of the communications we need to organise and sustain communities. 3. Freedom from depending on vendors for the security of our devices, so that we can patch security problems promptly as they emerge, so that we can sustain communications and privacy. 4. Freedom to continue to innovate and improve our digital artefacts and systems, so that we can react to emergy threats and opportunities. 5. Freedom to maintain our devices, both their hardware and software, so that our ability to communicate and organise our communities cannot be easily eroded by the passage of time. 6. Freedom from Scale-Dependency, so that individuals and small groups can fully enjoy the ability to communicate and exercise the preceding freedoms, without relying on large corporations and capital, and also allowing minimising of environmental impact. In this lecture I will explore these issues, as well as describe how we are putting them into practice to create truly resilient and sustainable mobile phones and similar devices, including in the MEGAphone open-source/open-hardware smart phone.

talk on conference website

Xbox 360 video game console had a number of widely known hacks for firmware of its optical disc drives. However, it was never the case with Blu-ray disc drives of Sony PlayStation video game consoles. In fact, up until recently there was no much information available on this subject publicly.

In this presentation, I would like to share my journey of delving deep into internals and security of Sony PlayStation Blu-ray disc drives. As games are distributed within optical media, those embedded devices were intended to contain the best security possible. I will demonstrate a multiple hardware hacks and several software vulnerabilities that allowed to dump firmware and get code execution on multiple models of Sony PlayStation Blu-ray disc drives. In this presentation, I will share the following: 1) I will provide in-depth analysis of vulnerabilities and their exploitation to achieve code execution on multiple models of Sony PlayStation Blu-ray disc drives 2) I will discuss problems that I’ve encountered while reverse engineering the firmware and how I solved (some of) them 3) I will talk about security features of Sony PlayStation Blu-ray disc drives 4) I will explain what engineers did right and how achieving code execution on the drive doesn’t lead to full compromise of security

talk on conference website

We will examine the European Commission’s proposal for a regulation on preventing the dissemination of terrorist content from as a radical form of censorship. Looking at the rationale and arguments of policy-makers in Brussels, we will discuss normalisation of a “do something doctrine” and “policy-based evidence”. How can citizens and activists influence that legislative process? And what does it mean if they won’t?

Fear of terrorism as a tool for dissent management in the society is utilised almost everywhere in the world. This fear facilitates the emergence of laws that give multiple powers to law enforcement, permanently raising threat levels in cities around the world to “code yellow”. A sequel of that show is now coming to a liberal democracy near you, to the European Union. The objective of the terrorist content regulation is not to catch the bad guys and girls, but to clean the internet from images and voices that incite violence. But what else will be cleaned from in front of our eyes with this law with wide definitions and disproportionate measures? In the Brussels debate, human rights organisations navigate a difficult landscape. On one hand, acts of terrorism should be prevented and radicalisation should be counteracted; on the other, how these objectives can be achieved with such a bad law? Why are Member States ready to resign from judicial oversight over free speech and hand that power to social media platforms? Many projects documenting human rights violations are already affected by arbitrary content removal decisions taken by these private entities. Who will be next? In the digital rights movement we believe that the rigorous application of principle of proportionality is the only way to ensure that laws and subsequent practices will not harm the ways we exercise the freedom of speech online. Reaching to my experience as a lobbyist for protection of human rights in the digital environment, I want to engage participants in the conversation about the global society of the near future. Do we want laws that err on the side of free speech and enable exposure to difficult realities at the risk of keeping online the content that promotes or depicts terrorism? Or do we “go after the terrorists” at the price of stifling citizen dissent and obscuring that difficult reality? What can we do to finally have that discussion in Europe now that there is still time to act?

talk on conference website

Seit Anfang 2019 hat David jeden einzelnen Halt jeder einzelnen Zugfahrt auf jedem einzelnen Fernbahnhof in ganz Deutschland systematisch gespeichert. Inklusive Verspätungen und allem drum und dran. Und die werden wir in einem bunten Vortrag erforschen und endlich mal wieder ein bisschen Spaß mit Daten haben. Rechtlicher Hinweis: Es liegt eine schriftliche Genehmigung der Bahn vor, von ihr abgerufene Rohdaten aggregieren und für Vorträge nutzen zu dürfen. Inhaltliche Absprachen oder gar Auflagen existieren nicht.

Die Bahn gibt ihre Verspätungen in "Prozent pünktlicher Züge pro Monat" an. Das ist so radikal zusammengefasst, dass man daraus natürlich nichts interessantes lesen kann. Jetzt stellt euch mal vor, man könnte da mal ein bisschen genauer reingucken. Stellt sich raus: Das geht! Davids Datensatz umfasst knapp 25 Millionen Halte - mehr als 50.000 pro Tag. Wir haben die Rohdaten und sind in unserer Betrachtung völlig frei. Der Vortrag hat wieder mehrere rote Fäden. 1) Wir vermessen ein fast komplettes Fernverkehrsjahr der deutschen Bahn. Hier etwas Erwartungsmanagement: Sinn ist keinesfalls Bahn-Bashing oder Sensationsheischerei - wer einen Hassvortrag gegen die Bahn erwartet, ist in dieser Veranstaltung falsch. Wir werden die Daten aber nutzen, um die Bahn einmal ein bisschen kennenzulernen. Die Bahn ist eine riesige Maschine mit Millionen beweglicher Teile. Wie viele Zugfahrten gibt es überhaupt? Was sind die größten Bahnhöfe? Wir werden natürlich auch die unerfreulichen Themen ansprechen, für die sich im Moment viele interessieren: Ist das Problem mit den Zugverspätungen wirklich so schlimm, wie alle sagen? Gibt es Orte und Zeiten, an denen es besonders hapert? Und wo fallen Züge einfach aus? 2) Es gibt wieder mehrere Blicke über den Tellerrand, wie bei Davids vorherigen Vorträgen auch. Ihr werdet wieder ganz automatisch und nebenher einen allgemeinverständlichen Einblick in die heutige Datenauswerterei bekommen. (Eine verbreitete Verschwörungsheorie sagt, euch zur Auswertung öffentlicher Daten zu inspirieren, wäre sogar der Hauptzweck von Davids Vorträgen. :-) )Die Welt braucht Leute mit Ratio, die Analyse wichtiger als Kreischerei finden. Und darum beschreibt davod auch, wie man so ein durchaus aufwändiges Hobbyprojekt technisch angeht, Anfängerfehler vermeidet, und verantwortungsvoll handelt.

talk on conference website

The ZombieLoad attack exploits a vulnerability of most Intel CPUs, which allows leaking data currently processed by other programs. ZombieLoad is extremely powerful, as it leaks data from user-processes, the kernel, secure enclaves, and even across virtual machines. Moreover, ZombieLoad also works on CPUs where Meltdown is fixed in software or hardware.

The Meltdown attack published in 2018 was a hardware vulnerability which showed that the security guarantees of modern CPUs do not always hold. Meltdown allowed attackers to leak arbitrary memory by exploiting the lazy fault handling of Intel CPUs which continue transient execution with data received from faulting loads. With software mitigations, such as stronger kernel isolation, as well as new CPUs with this vulnerability fixed, Meltdown seemed to be solved. In this talk, we show that this is not true, and Meltdown is still an issue on modern CPUs. We present ZombieLoad, an attack closely related to the original Meltdown attack, which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. Furthermore, we compare ZombieLoad to other microarchitectural data-sampling (MDS) attacks, such as Fallout and RIDL. The ZombieLoad attack can be mounted from any unprivileged application, without user interactions, both on Linux and Windows. In the talk, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we demonstrate that such attacks are not only feasible but also relatively easy to mount, and difficult to mitigate. We show that Meltdown mitigations do not affect ZombieLoad, and consequently outline challenges for future research on Meltdown attacks and mitigations. Finally, we discuss the short-term and long-term implications of Meltdown attacks for hardware vendors, software vendors, and users.

talk on conference website

Das Jahr 2018 stand ganz im Zeichen der bundesweiten Proteste gegen die Polizeigesetze. Und 2019? Es ist leiser geworden um noPAG, noPolGNRW & Co. Aber das Biest lebt!

Wir blicken zurück auf die Proteste, geben einen kurzen Überblick über Erfolge und Niederlagen unseres Widerstands und eine Vorschau auf die Schrecken, die sich am Horizont der Inneren Sicherheit abzeichnen. Außerdem erklären wir, warum die Bewegung gegen die Polizeigesetze auf keinen Fall sterben darf – und warum sie sich neuen Themen wie Klimaschutz, Antifaschismus und Antirassismus widmen muss. Auf dem 3C35 rief Constanze Kurz dazu auf, auch 2019 gegen die bundesweit erfolgenden Verschärfungen der Polizeigesetze vorzugehen. Und tatsächlich sind dieses Jahr viele Menschen gegen die Gesetzesnovellierungen auf die Straße gegangen – aber das eigentliche Jahr der Proteste war 2018. Trotz der über Monate anhaltenden Demonstrationen und Aktionen in der gesamten Republik sind die Novellierungen in den wenigsten Bundesländern zurückgenommen wurden, und dort, wo Gesetzespassagen gestrichen und geändert wurden, handelte es sich meist um kosmetische Korrekturen. Dem allgemeinen Trend hin zu einer autoritären Wende in Sachen Innerer Sicherheit hat das keinen Abbruch getan, so unsere Ausgangsthese. Gleichzeitig sind viele der Bündnisse zerfallen, die Demonstrationen kleiner geworden, und auch der Großteil der Presse schenkt Polizei- und Sicherheitsgesetzen nur noch gelegentlich Aufmerksamkeit. Dabei kann die Bedeutung der Debatte um eine angebliche Versicherheitlichung unserer Gesellschaft gar nicht hoch genug bewertet werden: Es gibt starke Anzeichen dafür, dass die Institution Polizei, aber auch Militär und private Sicherheitsdienste, immer mehr an Macht gewinnen – was nicht zuletzt mit Blick auf die zahlreichen Skandale der letzten Monate und die Frage, wie strukturell rechts diese Institutionen eigentlich sind, von immenser gesellschaftlicher Tragweite ist. Und auch wenn politischer Protest häufig aufmerksamkeits-ökonomischen Logiken unterworfen ist, glauben wir, dass das Zerfallen der Bündnisse gegen die Polizeigesetze besonders bedauerlich ist. Zum ersten Mal seit langem nämlich sind hier Gruppen Seite an Seite auf die Straße gegangen, die lange Zeit nicht gemeinsam im Widerstand waren: Datenschützer*innen und Fußballfans, linksliberale Parteien und Antifaschist*innen, soziale Bewegungen und migrantische Organisationen – Gruppen, deren gegenseitige Solidarität großer Gewinn und wichtige Voraussetzung für erfolgreiche emanzipatorische Politik ist. Was sind also die großen Herausforderungen in Sachen Innere Sicherheit, die auf uns warten? Was haben die Polizeigesetze mit Racial Profiling, Ende Gelände und NSU 2.0 zu tun? Warum brauchen wir auch weiterhin die im Zuge der Proteste entstandenen Allianzen zwischen Datenschützer*innen und anderen sozialen Bewegungen? Und welche Themen müssen wir in den Blick nehmen, wenn wir verstehen wollen, was autoritäre Wende heißt? Die Referent*innen kommen selbst aus unterschiedlichen linken sozialen Bewegungen und haben sich im Zuge der Proteste gegen das neue bayerische Polizeiaufgabengesetz im noPAG-Bündnis kennengelernt. Laura Pöhler ist Antifaschistin und Sprecherin des noPAG-Bündnisses. Johnny Parks war in der noPAG-Jugend aktiv, ist Pressesprecher für Ende Gelände und engagiert sich als PoC gegen Rassismus. Sie beide kämpfen für eine Rücknahme der Gesetzesnovellierungen in Bayern. Die Idee, gemeinsam beim CCC-Kongress zu sprechen, entsprang nicht zuletzt dem Wunsch, im Kontakt mit denjenigen Menschen zu bleiben, welche die Proteste gegen das PAG maßgeblich mitgestaltet haben: Datenschützer*innen.

talk on conference website

Modern road vehicles are fitted with an electronic immobilization system, which prevents the vehicle from starting unless an authorized transponder is present. It is common knowledge that the security transponder embedded in the key fob should be secure, and quite some work has been published on the (in)security of such transponders. However, we identify another crucial part of the immobilizer system, that has not yet received any academic attention. We investigated three vehicles, and found that the security transponder does not communicate with the ECM (Engine Control Module) but with the BCM (Body Control Module). After succesful authentication of the key, the BCM will then authenticate towards the ECM, after which immobilization is deactivated and the vehicle may start. If either the security transponder or this ECM-BCM authentication protocol is weak, vehicles may be started without presence of a valid security transponder. We present three case studies of such ECM-BCM protocols on vehicles from Peugeot, Fiat and Opel. The protocols are shown to be used in many different models, and also by other brands owned by the same group. We show how two of the protocols are completely broken, while the third one is derived directly from a 1995 security transponder. Both attacks can be carried out through the standardized OBD-II connector, present and conveniently located in all modern vehicles. Bottom line: cryptographic protocols used in the ECM-BCM authentication are not on par when compared with the crypto embedded in the transponder.

Nowadays, immobilizers play an essential role in the prevention of vehicle theft. Intended to raise the complexity of theft through the introduction of non-mechanical safety measures, immobilizers have always worked by the same basic principle: to disallow ignition until some secret is presented to the vehicle. Immobilizers gained popularity in the 1990s, as a consequence of legislation: the European Union, Australia and Canada adopted regulation in the nineties, mandating the use of electronic immobilization systems in passenger cars. Immobilizers have shown to be highly effective in the effort to reduce theft rates. According to a 2016 study, the broad deployment of immobilization devices has lead to a reduction in car theft of an estimated 40% on average during 1995-2008. However, various tools are on the market to bypass electronic security mechanisms. Deployment of insecure immobilizer systems has real-world consequences: multiple sources report cars being stolen by exploiting vulnerabilities in electronic security, sometimes to extents where insurance companies refuse to insure models unless additional security measures are taken. In modern cars, the ECM (Engine Control Module) is responsible for operating the car engine, and is also responsible for starting the engine. A common misconception about immobilizer systems is that the car key always authenticates directly to the ECM, and that the ECM will only allow the car to start when it has established an authorized 125KHz RFID security transponder is present. In practise, the security transponder in the key fob authenticates towards the BCM (Body Control Module), which in turn authenticates towards the ECM. We have selected three cars from different major Original Equipment Manufacturers (OEMs) and identified immobilizer protocol messages from CAN-bus traffic, which can be accessed through the conveniently located OBD-II connector. We made traces of CAN-traffic when the ignition lock is switched to the ON position. Immobilizer related messages can be easily recognized when searching for high-entropy messages that strongly differ between traces. Confidence that the messages are indeed related to immobilizer can be increased by removing the security transponder from the key, which should result in different protocol messages. After identification of related messages, we dumped ECM and BCM micro-controller firmwares, either by leveraging existing software functions, or by using micro-controller debug functionality such as JTAG and BDM. We derived the immobilizer protocol through reverse-engineering. In all three cases, we established the same protocol is used in several different models from the same OEMs, including currently manufactured ones. We then analyzed the protocols for cryptographic strength. Two turn out to be completely broken, while the last one is directly derived from a 1995 security transponder. While it exhibits no obvious weaknesses, it is used in conjunction with current AES security transponders, and as such, we still recommend the manufacturer to replace it.

talk on conference website

Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and WiFi controllers, which resulted in 3 different pre-authentication remote code execution. Exploitation used various vulnerabilities such as information leak, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. Throughout the research, 33 different access points firmware examined, and all of them were found vulnerable. This talk also introduces and shares the framework used in this research. That includes a Ghidra script and a dockerized QEMU full system emulation for easy cross-architecture research setup. Here's a fun fact: BlackHat USA 2019 used Ruckus Networks access points.

Presentation Outline: This talk demonstrates 3 remote code executions and the techniques used to find and exploit them. It overviews Ruckus equipment and their attack surfaces. Explain the firmware analysis and emulation prosses using our dockerized QEMU full system framework. -Demonstrate the first RCE and its specifics. Describe the webserver logic using Ghidra decompiler and its scripting environment. -Demonstrate the second RCE using stack overflow vulnerability. -Lastly, demonstrate the third RCE by using a vulnerability chaining technique. All Tools used in this research will be published.

talk on conference website

Kommet zusammen Ihr Jüngerinnen der Bits und Bytes und hörtet die frohe Kunde des offenen Sourcecodes. Halleluhjaz!

Am Anfang stand das NOP. Am Ende steht das NOPE. Lasst euch verwirren von Interpunktion und Kommentaren. Seid stark im Anblicke der zweiköpfigen Schlange! Die Zeit ist reif den offenen Sourcecode zu predigen. Kommet in Scharen! Bringet Kind und Kegel. Für alle Altergruppen (geboren vor Greased Weasel, über Erotic Pickel Hering bis hin zu Sheep on Meth)

talk on conference website

Let's build funny robots and let them fight each other as long as we are superior to them :) Please let's dishonor high tech and celebrate everything made out of stuff we usually throw away (and blinks).

Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious. Everyone is invited to compete with a self-made robot, especially if you've never done that before. High-tech is penalized, creativity encouraged. If you are interested, please send me a quick "sounds cool, maybe i'll build one" mail to honky@defendtheplanet.net or contact @honky in RocketChat. We need at least 8 Robots to participate, if we have more, we'll bring this to the battlefield.

talk on conference website

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

talk on conference website

Conservation genomic approaches are crucial for establishing long-term sustainable conservation and management strategies for the protection of biodiversity and natural ecosystems. In this talk, the diverse and disparate fields of expertise and activism are presented, which are involved in building effective conservation genomic reference datasets and their infrastructures, analytical inference/prediction environments and operational tools for practical application.

Natural ecosystems and biodiversity are lost at an alarming and accelerating rate due to anthropogenic (over-) exploitation, habitat destruction and climate change. Conservation genomics promises to provide reliable and detailed insights into the current state of species and their interactions, as well as, the processes shaping their reactions to change. Such knowledge is urgently needed for forecasts of species’ responses under quickly and potentially unpredictably changing climatic and environmental conditions, as well as, sociopolitical changes and shifting patterns of economic (over-) exploitation. Conservation genomic insights will allow societies in dynamic contexts to come to adequate decisions and effective action in time. Reliable, decisive and useful practical tools that are robust under real-world operational conditions are, for example, needed for genetic inventory and monitoring campaigns, by certification initiatives, for example in fisheries or forestry, and in forensic genetic case work enforcing legal protection. The development and implementation of the building blocks for conservation genetic tools will involve the cooperation of experts, activists and citizen enthusiasts from many and, so far, often unconnected backgrounds and communities. These extensive projects will bring together experts from biodiversity science, bioinformatics, statistical genetics, machine learning and IT-security, as well as, citizen scientists and volunteers, conservation activists, stewards and managers of natural “resources”, and local communities.

talk on conference website

OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way.

OpenBSD's website advertises a secure and modern operating system, with cool and modern mitigations. But no rational analysis is provided: are those mitigations effective? what are their impacts on performances, inspectability and complexity? against what are they supposed to defend? how easy are they to bypass? where they invented by OpenBSD or by others? is OpenBSD's reputation warranted? This talk aims at answering all those questions, for all OpenBSD's mitigations, because, in the words of Ryan Mallon: Threat modelling rule of thumb: if you don’t explain exactly what you are securing against and how you secure against it, the answers can be assumed to be: “bears” and “not very well”. All the research done for this talk is available on isopenbsdsecu.re

talk on conference website

Was haben E-Bikes mit Connected Mobility zu tun? Und ist so was wie LineageOS auch für Bike Computer möglich? Außerdem: wie lassen sich Cradle to Cradle Prinzipien auf E-Bikes anwenden? Der Vortrag gibt einen Einblick in die Rolle von E-Bikes in der Connected Mobility und umreißt ihren Stand der Technik. Zudem berichtet er von den Herausforderungen, ein nachhaltiges Open-Source-E-Bike zu entwickeln. Last but not least möchte er die Idee eines Open-E-Bike-Wiki vorstellen.

Dank Vernetzung auf allen Ebenen soll Mobilität sicherer, umweltfreundlicher, humancentered etc. werden. Fokus ist natürlich der Automotive Bereich. Da wird entwickelt, was das Zeug hält. Aber was ist mit E-Bikes? Sie haben durch ihre On-Board-Komponentenvernetzung perfekte Voraussetzungen für Connected und Smart. Deshalb jagt ein Hardware- und Sofwareupgrade inzwischen das nächste. Detaillierte Userdaten landen auf den Servern der Hersteller, dank proprietärer Software aller relevanten Komponenten. Der Vortrag beschäftigt sich im ersten Teil mit Connected Mobility und dem Stand der Technik bei E-Bikes - ein Fokus: Ihre Konnektivitätsoptionen und die Sensorvielfalt. Und es geht um Sinn und Unsinn des Technikeinsatzes. Im zweiten Teil geht es um das eigentliche e-Bike-Projekt. Der Vortrag erzählt von den Eigenheiten der Fahrzeugkonstruktion inspiriert von Cradle to Cradle und den Stand der Dinge der IT – Open Source, Open Embedded und Open IoT - aus der Sicht einer Produktdesignerin, die keine Hackerin ist und gern alles offen und transparent entwickeln würde und anwender*innenfreundliche Applikationen sucht. Und er erzählt von der Idee den IT-Dschungel zu lichten: der Erstellung eines Open-E-Bike-Wikis.

talk on conference website

Seit Jahren wird über den Einfluss des Internets auf die Gesellschaft diskutiert. Desinformationskampagnen in den sozialen Medien, russische Bots und Empfehlungs-Algorithmen hätten die Gesellschaft gespalten. Doch viele Unterstellungen lassen sich einfach widerlegen. Dieser Vortrag gibt einen Überblick und schlägt Ansätze vor, wie sich die Phänomene des Rechtsrucks zu einem konsistenten Bild zusammenfügen lassen.

talk on conference website

Quantum technologies are often only over-hyped showed as threat for cybersecurity … But they also offer some opportunities to enhance the cybersecurity landscape . As an example, you may know that a quantum computer will be able to break RSA keys but Quantum communication technologies can also provide a new way to exchange securely a cipher key. More, with Quantum networking technologies, communication eavesdropping are , by design, detectable and thus this could lead to some good opportunities to use them to enhance cybersecurity. Some even begins to build a Quantum internet ! We may also solve main security issues face by cloud computation (privacy, confidentiality etc) via the use of "Blind quantum computation" in the cloud. However few people understand & explain how such machines & technologies work. Even fewer people trying to build one. I’m one of this crazy people. In this talk, we aim to explain how this new type of much powerful digital processing works and how we build our own Quantum computer …without a Phd in quantum physic. We will describe our plan to build the Quantum computer's hardware with hacker’s style. Through our own experiments, we will discuss our failures, our success, our progress around this challenging goal ! Come to see part of the hardware we build at the moment. We use the "Trapped ion technology". We trap atoms to make powerful calculation & computing task! Be prepared to unlock your quantum brain as this new domain is really different for classical computation ;-) but it can enhance the Cybersecurity world

Our goal : Bring the knowledge that Quantum computing works, explain how they make such power calculation at hardware level, is doable at home and will provide a new way to do secure computing and communication for the best of the humanity Proposal Agenda -Quantum computer 101 (one slide to be able to understand the basic of quantum mechanic w/o FUD) -Why those Quantum computer are so powerful -How to break things with quantum computers -How to improve the security level of modern network with quantum technologies (Networking, blind quantum computing for 100%privacy in the cloud, cipher key security, quantum internet & more) -How a Quantum computer based on Trapped ions technology works to do their magic super powerful calculation (at hardware level) -How we build our own quantum computer hardware at home (in our military grade High Tech...Garage!) with hacker style & open source software (Contain full video of the buildings of our Quantum computer)

talk on conference website

Sie sollen den Staat schützen, sind aber selbst eine Gefahr: Soldaten und Polizisten, die sich in Chat-Gruppen organisieren und auf den „Tag X“ vorbereiten. Mit aufwändigen Recherchen hat ein Team der taz ein bundesweites konspiratives Netzwerk aus Preppern und Staatsbediensteten aufgedeckt. Kopf war „Hannibal“, Elitesoldat beim Kommando Spezialkräfte – und Auskunftsperson für den Militärischen Abschirmdienst. Hier geben die ReporterInnen Einblick in die Recherche und zeigen, was aus ihren Berichten folgte. Oder auch nicht.

Ein Elitesoldat des Kommando Spezialkräfte, der bundesweit Chatgruppen und einen Verein namens „Uniter e.V.“ gründet, in dem paramilitärische Trainings abgehalten werden. Ein SEK-Polizist und Prepper, der knapp 60.000 Schuss Munition hortet, die aus Polizeibeständen entwendet wurden. Männer, die Feindeslisten anlegen und offenbar planen, an einem „Tag X“ politische Gegner umzubringen. Drei Schlaglichter auf die mehr als zwei Jahre andauernde „Hannibal“-Recherche der taz. Sie führte in viele Felder: Hinein in Verfassungsschutzbehörden und Bundeswehr; hinaus aufs Land zwischen Mecklenburg-Vorpommern und Baden-Württemberg; auf Facebook-Profile philippinischer Politiker und in Telegram-Chats deutscher Verschwörer. Auf die Recherchen folgte Bestürzung, aber – zunächst – auch Belächeln. Sind diese Leute wirklich gefährlich oder doch bloß harmlose Spinner? In diesem Talk geben zwei der ReporterInnen des taz-Teams einen Einblick in ihre Arbeit, berichten von Begegnungen mit Preppern mit Umsturzfantasien und Verfassungsschutzmitarbeitern, die im schwarzen Porsche Cayenne vorfahren. Sie berichten von Erfolgen bei der Online-Recherche und warum Hinfahren und an Türen klingeln am Ende doch unerlässlich ist. Die Journalisten schildern, was nach ihren Veröffentlichungen passiert ist: Im politischen Raum, in der Justiz – und welche Fragen noch offen sind. Warum etwa wird nicht wegen Bildung einer terroristischen Vereinigung ermittelt? Vortrag von: Sebastian Erb, Redakteur der taz am Wochenende Daniel Schulz, Leiter des Ressorts Reportage & Recherche der taz

talk on conference website

Cryptographic hash functions are everywhere, yet modeling the characteristics of their real-world occurrences is surprisingly complicated when trying to prove security. We argue how seemingly convenient features of doing classical math may make it actually harder to model them correctly.

Did you ever wonder why programmers use hash functions without keys while cryptographers only proved the implemented protocol secure for a hash function that is keyed? Did you ever want to have your passwords hashed using a random oracle for maximum security? If you are unhappy because it is possible to prove that a microkernel implementation can be proven to do what it is supposed to do, but your favourite cryptographic protocol cannot, then this talk may be for you.

We explore how the way we do classical math leads deviations between cryptographic functions and how they can be modeled in proofs, and what could be done about that.

We focus on questions like:

• How we can be forced to worry about collisions that no one knows
• How it can be that proofs in an exact science like math need to be interpreted
• Why modern cryptographers cannot prove something under the assumption that "hash function X is secure" while programmers have to design their software like this
• Whether "proving A" is always the same as "proving A"
• How to reasonably measure precomputation complexity in cryptographic attack
• And finally: Why we may need different mathematical foundations to formalize cryptography

talk on conference website

How do we write software that works - or rather, how do we ensure it's correct once it's written? We can just try it out and run it, and see if it works on a few examples. If the program was correct to begin with, that's great - but if it's not, we're going to miss bugs. Bugs that might crash our computer, make it vulnerable to attacks, stop the factory, endanger lives, or "just" leave us unsatisfied. This talk is about techniques every programmer can use to avoid large classes of bugs. You think about general properties of the things in your code, verify them through automatically generated tests, and (when it's particularly critical) proofs. This is a surprisingly fun and satisfying experience, and any programmer can do it. You need just a bit of high school math (which we'll refresh in the talk) to get started.

This talk is specifically about accessible techniques: Almost any program, function, or entity has a few interesting properties, and teasing them out will enhance your understanding of what is going on in your software. The next trick is to write out the property in your programming language. People with lots of time and budget can write down enough properties to form a complete specification of the security- and safety-critical parts of a system and prove that they hold for their system. In the talk, we'll instead focus on a dead-simple technique called QuickCheck. (Your programming language almost certainly has a QuickCheck library you can use.) QuickCheck - from the code describing the property - will automatically generate as many test cases as you want, run them, and produce counterexamples for failures. QuickCheck is amazingly effective at flushing out those corner cases that elude traditional unit tests. Finally, for simple properties of pure functions, we can also attempt a proof using simple algebra. The results are a wonderful feeling of satisfaction, and a sound sleep.

talk on conference website

Ein lustiger Rückblick über die Aktionen des Peng Kollektivs.

Cop Map zu Polizeigewalt, MaskID zum Überwachungsstaat und Gesichtserkennung, Adblocker zur Werbeindustrie, CFRO zum Finanzsystem, Deutschland geht klauen zu Lieferketten und der Aufbau der Bewegung Seebrücke zur Entkriminalisierung der Seenotrettung sind nur ein Bruchteil der Aktionen, die seit dem letzten Besuch 2015 hier noch nicht präsentiert wurden. Eine Tour de Force durch Momente zivilen Ungehorsams und Subversion, wobei wir uns selbst nicht zu ernst nehmen und vor allem darauf abzielen, mit den sozialen Bewegungen zusammen zu arbeiten. Eine Stunde geballte Kommunikationsguerilla, lustige Medienaktionen, aber auch ein Einblick in mögliche Denkweisen und Aktionsmöglichkeiten, die andere machen können. Was ist heutzutage möglich und was ist vor allem nötig?

talk on conference website

This talk is about modifying cheap wifi dongles to realize true unidirectional broadcast transmissions that can transport digital data like HD drone video with guaranteed latency over a range of tens of kilometers. The talk will show the necessary changes to the firmware and kernel of the wifi dongle, the forward error correction and software diversity (fuse several receivers in software) that is added to improve reliability and the most prominent use case: Flying a remote controlled drone at a distance of tens of kilometers.

Wifi as it is implemented in the 802.11 standard tries (as best as it can) to guarantee to a user the delivery of data and the correctness of the data. To increase the chance of delivery, the standard includes techniques like automatic retransmission, automatic rate reduction, CSMA/CA. To guarantee correctness, the packets are using CRC sums. These measures are very useful in a typical 1-to-1 communication scenario. However, they do not adapt very well to a 1-to-n scheme (broadcast). Even in case of a 1-to-1 scenario the techniques mentioned above make it impossible to guarantee a latency and throughput of a transmission. Wifibroadcast uses the wifi hardware in a mode that is very similar to the classic analog broadcast transmitters. Data will immediately be sent over the air, without any association of devices, retransmissions and rate reductions. The data can be picked up by an arbitrary number of receivers that decode the data stream, repair damaged packages via software diversity and repair damaged bits via forward error correction. The Wifibroadcast software is an easy to use Linux program into which arbitrary data can be piped. The same data will then appear on the receiving program on standard output and can thus be piped into further programs. All software developed has been made available under the GPL license. A prominent use case for Wifibroadcast is the transmission of live video from a drone. Compared to standard wifi this offers the following advantages: * Guaranteed latency * No association (that might get lost) * Multiple receivers work out of the box * True unidirectional communication allows to use asymmetrical antenna setups * Slow breakup of connection instead of complete communication loss The talk will show the details of the Wifibroadcast protocol, the changes to the firmware & driver, the forward error correction, software diversity and finally will show the HD video transmission over tens of kilometers as an application example.

talk on conference website

HUMUS sapiens represents a compilation of soil explorations emerging from the networks of mikroBIOMIK, Hackteria, and Gasthaus – with the ambition to bring DIY (do-it-yourself) and DIWO(do-it-with-others) approaches as well as an open-source-based “hacker spirit” into soil ecology. Participants are invited to reflect on current scientific discourses and critical societal challenges through hands-on tinkering and curiosity-driven research.

Far more than just the dirt under our feet, soil is a truly complex and dynamic ecosystem. It is a constantly changing mix of minerals, living organisms, decaying organic matter, air, and water. It is the living skin of our planet, allowing new forms of life to come into being, incorporating the nutrients left there by organisms of the past. Soil is bursting with life and can be vastly different from one square centimeter to the next. From plants, earthworms, insects, and fungi to invisible amoeba, nematodes, algae, and bacteria – each creature provides their own essential role in the soil ecosystem. The shared nature of the soil habitat manifests not only through the highly interconnected so-called “soil food web” – which is mainly driven by microbial metabolism – but also in regard to humans and their dependence on the productivity of edible plants. It is this dependency that motivates Homo sapiens to manipulate natural ecosystems, while at the same time failing to understand them. Human impact on the soil, especially intensive agricultural practices (deforestation, overgrazing, use of agrochemicals, etc.) and urbanization, leads to compaction, loss of soil structure, nutrient degradation,and contamination – ultimately, the breaking down of these ecosystems and eroding of the soil to infertile desert.

HUMUS sapiens aims to reexamine these problems from an ecosystem's viewpoint and to support the paradigm shift from an anthropocentric ideology to a more biocentric philosophy of life.

talk on conference website

Forget look-alike domains, typosquatting and homograph attacks. In this talk we will discuss ways of forging perfect email counterfeits that (as far as recipients can tell) appear to be coming from well-known domain and successfully pass all checks on their way. Prime focus of this talk will be modern anti-spoofing strategies and the ways around them. Join us as we try to figure out answers to questions such as "Isn't SPF enough?", "Do I *really* need DMARC?" and "Does ticking all three (SPF, DKIM, DMARC) provide the best protection possible?" (answers to these questions are "no", "yes", "no" by the way).

Email security is poorly covered by a contemporary penetration testing curricula. In this talk I will argue that it leads to underreporting of email-related security issues during regular penetration tests or red team assignments. Getting clicks from (at least some) users is usually fairly easy, even with obviously fake domain names and email addresses, so penetration testers rarely need to do anything more fancy in order to achieve their objective. While this highlights the need for user education, it misses common misconfiguration issues that might lead to much more devastating compromises and could instill false sense of security in (rare) cases that regular phishing attacks fail. Technically inclined users (such as developers, tech support or even SIEM analysts) are less likely than others to fall for phishing email originating from fake domain, but they are actually more likely to fall for email seemingly originating from real known-good source due to overconfidence. In this talk we will see just how easy is it to send spoofed mail from arbitrary source address due to lack of protection for this scenario in original SMTP spec. We won't stop there however and our next object of focus will be contemporary anti-spoofing technologies (SPF, DKIM and DMARC). We will discuss motivation behind them, their technical limitations, weaknesses discovered in recent years as well as common misconfigurations. Attendees will gain knowledge about relevant protocols and technologies that should be applicable for identifying weaknesses in the architecture of their own email systems.

talk on conference website

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science. In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone, in particular by a non-technical audience. The talk will not require any understanding of maths or computer science. This talk will cover the following topics:

• What is encryption and what does it do?
• What are the different kinds of encryption?
• What is authenticity? Are authenticity and encryption related?
• How can authenticity be achieved?
• What are certificates for?
• What is TLS and what does it do?

talk on conference website

Modern grey-box fuzzers are the most effective way of finding bugs in complex code bases, and instrumentation is fundamental to their effectiveness. Existing instrumentation techniques either require source code (e.g., afl-gcc, ASan) or have a high runtime performance cost (roughly 10x slowdown for e.g., afl-qemu). We introduce Retrowrite, a binary rewriting framework that enables direct static instrumentation for both user-mode binaries and Linux kernel modules. Unlike dynamic translation and trampolining, rewriting code with Retrowrite does not introduce a performance penalty. We show the effectiveness of Retrowrite for fuzzing by implementing binary-only coverage tracking and ASan instrumentation passes. Our binary instrumentation achieves performance similar to compiler-based instrumentation.

Fuzzing is the method of choice for finding security vulnerabilities in software due to its simplicity and scalability, but it struggles to find deep paths in complex programs, and only detects bugs when the target crashes. Instrumentation greatly helps with both issues by (i) collecting coverage feedback, which drives fuzzing deeper into the target, and (ii) crashing the target immediately when bugs are detected, which lets the fuzzer detect more bugs and produce more precise reports. One of the main difficulties of fuzzing closed-source software is that instrumenting compiled binaries comes at a huge performance cost. For example, simple coverage instrumentation through dynamic binary translation already incurs between 10x and 100x slowdown, which prevents the fuzzer from finding interesting inputs and bugs. In this talk we show how we used static binary rewriting for instrumentation: our approach has low overhead (comparable to compile-time instrumentation) but works on binaries. There are three main techniques to rewrite binaries: recompilation, trampoline insertion and reassembleable assembly. Recompilation is the most powerful but it requires expensive analysis and type recovery, which is an open/unsolved problem. Trampolines add a level of indirection and increase the size of the code, both of which have a negative impact on performance. Reassembleable assembly, the technique that we use, suffers from neither problem. In order to produce reassembleable assembly, we first disassemble the binary and then symbolize all code and data references (replacing offsets and references with references to unique labels). The output can then be fed to a standard assembler to produce a binary. Because symbolization replaces all references with labels, we can now insert instrumentation in the code and the assembler will fix the references for us when reassembling the binary. Symbolization is possible because references to code and global data always use RIP-relative addressing in the class of binaries that we support (position-independent x86_64 binaries). This makes it easy to distinguish between references and integer constants in the disassembly. We present Retrowrite, a framework for static binary rewriting that can add efficient instrumentation to compiled binaries and scales to real-world code. Retrowrite symbolizes x86_64 position-independent Linux binaries and emits reassembleable assembly, which can be fed to instrumentation passes. We implement a binary version of Address Sanitizer (ASan) that integrates with the source-based version. Retrowrite’s output can also be fed directly to AFL’s afl-gcc to produce a binary with coverage-tracking instrumentation. RetroWrite is openly available for everyone to use and we will demo it during the presentation. We also present kRetrowrite, which uses the same approach to instrument binary kernel modules for Linux. While many devices can be used with open-source drivers, some still require binary drivers. Device drivers are an inviting target for attackers because they run at the highest privilege level, and a buggy driver could result in full system compromise. kRetrowrite can instrument binary Linux modules to add kCov-based coverage tracking and KASan instrumentation.

talk on conference website

Die GFF hat gemeinsam mit Reporter ohne Grenzen (ROG), dem European Center for Constitutional and Human Rights (ECCHR) und netzpolitik.org Strafanzeige gegen die Geschäftsführer der Unternehmen FinFisher GmbH, FinFisher Labs GmbH und Elaman GmbH erstattet.

Es liegen dringende Anhaltspunkte dafür vor, dass das Münchener Firmenkonglomerat die Spionagesoftware FinSpy ohne Genehmigung der Bundesregierung an die türkische Regierung verkauft und so zur Überwachung von Oppositionellen und Journalist*innen in der Türkei beigetragen hat. Der CCC hat die Schadsoftware analysiert und veröffentlicht.

talk on conference website

Der Diskurs um die "Digitalisierung" kann vor allem eines: Verheißen. Roboter befreien uns von mühsamer Arbeit, Effizienzsteigerungen sorgen von ganz allein für den Schutz von Umwelt und Ressourcen und Algorithmen erleichtern uns den Alltag. Dass diese Verheißungen vor allem Tech-Konzernen in die Tasche spielen und wir dank der datenraff(inier)enden Geschäftsmodelle des digitalen Kapitalismus auf ökologische und soziale Katastrophen zusteuern, soll in dem Vortrag gezeigt werden. Kann die Wirtschaft dank effizienterer Technologien weiter wachsen ohne dabei Ressourcen zu verbrauchen? Oder merken wir bei unseren immer voller werdenden Leben gar nicht, dass uns in Wahrheit die Rohstoffe ausgehen? Wenn wir schon sehr bald kein Material mehr haben, um Technik zu bauen, die alle Verheißungen erfüllt - was machen wir dann? Ist die Antwort dann reparieren, selber machen, vielleicht sogar kreativ werden?

Der Vortrag zeigt Daten und Grafiken zum aktuellen und prognostizierten Ressourcen- und Energieverbrauch digitaler Technologien. Der Mechanismus des Rebound-Effekts kann dabei helfen, die komplexen Folgen der aktuellen technischen Entwicklung z.B. in Bezug auf Wachstum zu verstehen. Degrowth ist eine politische Bewegung von Wissenschaftler*innen und Aktivist*innen, die gegen die Steigerungs- und Wachstumszwänge moderner Gesellschaften kämpfen. Mit welchen Argumenten begegnet die Degrowth Bewegung Wachstum aus einer ökologischen Perspektive? Und welche Anknüpfungspunkte für Ressourcenschonung gibt es in der Tech- und Maker-Bewegung?

talk on conference website

Kann künstliche Intelligenz Kunst erzeugen? Können Menschen von künstlich intelligenten Systemen erzeugte Kunst verstehen? Ist Kunst ein Weg zu neuen Stufen eines kybernetischen Verstandes? Der Stand der KI-Kunst ist keine Kunst oder keine KI. Aber wir werden mit unserer menschlichen Eitelkeit konfrontiert werden, nicht die Einzigen zu sein, die schöpferisch und auch künstlerische Relevanz in Betrachtern auslösen. Dies liegt mitunter an unseren bisherigen Kunstbegriffen und -verständnissen, die oftmals mit Intentionalität assoziiert sind. Eliza: Warum? Simon Hegelich widmen sich diesen Fragen und zeigt eigene (?) Werke (Videos, Bilder, Gedichte), die mit KI erzeugt wurden, wobei er seine großen Leidenschaften;- Kunst, maschinelles Lernen, Hegelsche Dialektik, Science Fiction, Kybernetik und Transhumanismus- der Erweiterung durch Diskurs unterzieht.

Künstlich intelligente Systeme werden seit den 70er Jahren zunehmend in künstlerischen Schaffensprozesse einbezogen. Ob Computer auch autonom Kunst generieren können, ist keine Frage der Leistungsfähigkeit solcher Systeme, es wirft vielmehr die Frage auf, inwieweit tradierte Kunstbegriffe neu gedacht werden können. Die Beschäftigung mit KI und Kunst birgt im Vergleich zu laufenden KI-Debatten eine Reihe zusätzlicher Denkfreiheitsgrade: Sie ist erfahrbar! Gerade weil Kunst als Konzept schwierig zu fassen ist, uns gleichzeitig Künstlerisches inspiriert, zum Spekulieren, Träumen und Empfinden anregt, lässt sich vor diesem Hintergrund ganz anders über KIs und ihre Potentiale diskutieren. Unter Einbezug des technischen Standes derzeitiger Deep Learning Systeme und der eigenen künstlerischen Erfahrung werden diese Potentiale aufgefächert. Wir stellen den Diskurs um Grundfragen zum Verhältnis Mensch-KI-Kunst neue Fragen diametral gegenüber: Kann künstliche Intelligenz Kunst erzeugen? Wie können wir Kunst von künstlich intelligenten Systemen verstehen? Kann Kunst KI erzeugen und versteht das noch jemand? Simon Hegelich (KI-Entwickler, Philosoph, Professor für Political Data Science, Videoartist und Synthinerd) widmet sich diesen Fragen in eine Präsentation und schmeißt seine großen Leidenschaften zusammen: Kunst, maschinelles Lernen, Hegelsche Dialektik, Science Fiction, Kybernetik und Transhumanismus. Es könnte explosiv werden.

talk on conference website

Five years ago I spoke about my work in quantum computing, building and running a tiny two qubit processor. A few weeks ago, Google announced a potentially groundbreaking result achieved with a 53 qubit quantum processor. I will therefore review the state of experimental quantum computing and discuss the progress we made in the last 5 years. I will explain quantum supremacy, surface code architecture and superconducting quantum processors and show which challenges we still have to overcome to build large scale quantum computers.

We will first dive into the basics of quantum computing and learn about quantum gates, fidelities, error correction and qubit architecture. We will then go through Google’s experiment and try to understand what they actually did and why it matters. We will then see what else we need to build a useful quantum computer, and discuss when that might happen.

talk on conference website

An update on the circumstances of Mr Snowden and the Snowden Refugees will be provided at the 36C3 event and venue in December 2019. There have been many significant events and incidents during 2019.

Of these significant events is the major success of Vanessa Rodel and her daughter Keana being granted refugee status by Canada and resettled in Montreal, Canada in late March 2019. Vanessa’s journey to Canada will be discussed. More significantly the issue of the Canadian government having left Supun and his family and Ajith behind in Canada has split up a family namely Keana in Montreal from her father Supun and siblings Sethumdi and Dinath in Hong Kong. In further context of the emerging police state that Hong Kong has become and its arbitrary and disproportionate use of violence against protesters and innocent civilian bystanders and breaches of constitutional rights and under international law, this has re-traumatized The Snowden Refugees in Hong Kong and has put them all at heightened risk. The lecture will cover the current global erosion and dismantling of international refugee and constitutional law by increasingly authoritarian democracies and loss of international protection for whistleblowers and those who protect whistleblowers. It will be discussed how this has impacted upon the cases of Mr Snowden and The Snowden Refugees.

talk on conference website

In this talk I will report on Databox, the focus of a UK-based research collaboration between the University of Cambridge, the University of Nottingham, and Imperial College, with support from industrial partners including the BBC. Databox is an open-source software platform that seeks to embody the principles of Human-Data Interaction by enabling individuals to see and exercise dynamic control over what is done with their personal data. The research project has melded computer systems design with ethnomethodological approaches to Human-Computer Interaction to explore how such a platform can make use of personal data accountable to individuals.

We are all the subjects of data collection and processing systems that use data generated both about and by us to support many services. Means for others to use such data -- often referred to possessively as "your data" -- are only increasing with the long-heralded advent of the Internet of Things just the latest example. Simultaneously, many jurisdictions have regulatory and statutory instruments to govern the use of such data. Means to enable personal data management is thus increasingly recognised as a pressing societal issue. In thinking about this complex space, we formulated the notion of Human-Data Interaction (HDI) which resulted in the Databox, a platform enabling an individual data subject to manage, log and audit access to their data by others. The fundamental architectural change Databox embodies is to move from copying of personal data by others for central processing in the cloud, to distribution of data analysis to a subject-controlled edge platform for execution. After briefly introducing HDI, I will present the Databox platform design, implementation and current status.

talk on conference website

Software bugs and timing leaks have destroyed the security of every Chromebook ECDSA "built-in security key" before June 2019, ECDSA keys from several popular crypto libraries, the Dilithium post-quantum software, the Falcon post-quantum software, and more. Will we ever have trustworthy implementations of the cryptographic tools at the heart of our security systems?

Standard testing and fuzzing catch many bugs, but they don't catch all bugs. Masochists try to formally prove that crypto software does its job. Sadists try to convince you to do your own proof work and to let them watch. After years of pain, a team of fifteen authors has now proudly announced a verified crypto library: fast but unportable implementations of a few cryptographic functions specifically for CPUs that aren't in your smartphone. This is progress, but the progress needs to accelerate. This talk will highlight a way to exploit the power of modern reverse-engineering tools to much more easily verify crypto software. This relies on the software being constant-time software, but we want constant-time software anyway so that we can guarantee security against timing attacks. Constant-time software is also surprisingly fast when cryptosystems are selected carefully. This talk is meant as an introduction for a general audience, giving self-contained answers to the following questions: What are timing attacks? What is constant-time software? What are some examples of constant-time crypto? How can we be sure that code is constant-time? What do these reverse-engineering tools do? How does constant-time code help these tools? How do we get from reverse engineering to guaranteeing correctness? The talk will be given as a joint presentation by Daniel J. Bernstein and Tanja Lange.

talk on conference website

In this talk we will see how chaos can be used to find very peculiar trajectories for space crafts within the Solar System. To understand this, we will also have a short look at the basics of orbital mechanics as well as three-body problems.

When traveling to Mars in a space craft, you want to find a compromise between flight duration and fuel consumption. One common trajectory for achieving this is the so-called Hohmann transfer which takes about 9 months from Earth and needs two maneuvers, both of which are accelerations!

Usually, when modeling movement of space crafts, one uses the Kepler model of two massive bodies attracting each other via gravitation. In case you have more time available for a space journey, however, you might consider a third body in your calculations. This introduces a very chaotic behavior, which you can use in turn to find very special trajectories that allow you to get to various places spending a lot less fuel. Unfortunately this will be much slower.

These special trajectories are called low-energy transfers and form a part of the so-called interplanetary transport network. There have been a handful of missions already using these trajectories, e.g. JAXA’s Hiten probe in 1990 and ESA’s BepiColombo which is en route to Mercury right now.

In this talk we will have a short introduction to the ever-surprising world of orbital mechanics followed by a discussion of the three-body problem including Lagrangian points. We will then see what the so-called weak stability boundary is and how chaos can help us understand why these strange trajectories exist. No math knowledge required!

talk on conference website

Seit 2018 betreibt Eventphone ein neues Telefonsystem auf den chaosnahen Events. Natürlich wird neue Soft- und Hardware sofort zum Forschungsgegenstand. Schnell gab es die üblichen Fragen: Wie funktioniert das genau? Ist das alles an Features? Kann man das updaten? Kann man nicht kompatible Geräte vielleicht kompatibel machen? Was kann man noch verbessern? Ist das sicher?

Natürlich haben wir Antworten und möchten unser Wissen mit euch teilen. Es gibt einen Überblick über DECT, kaputte Crypto™ und was man mit Kreativität daraus machen kann. Unser Anspruch ist, dass wir es so erklären, dass alle Zuschauerinnen und Zuschauer ein bisschen mehr über DECT wissen und mindestens einmal gelacht haben. Seit dem Easterhegg 2018 betreibt Eventphone das PoC (Phone Operation Center) mit neuer Hard- und Software. Wer ist Eventphone bzw. das PoC und was machen die? Neben vielen selbst entwickelten Komponenten nutzen wir eine DECT-over-IP-Lösung des kanadischen Telekommunikationsunternehmens Mitel. Wir geben euch eine Architekturübersicht der neuen Anlage und sprechen über Antennen, Software sowie Lizenzierung. Nachdem wir die größten Probleme, die wir mit dem alten System hatten, vollständig gelöst haben, schauten wir etwas genauer unter die Haube. Bei den ersten Analysen entdeckten wir einen unkritischen, aber witzigen Fehler, den wir euch zeigen wollen. Unser primäres Ziel war es, die Kompatibilität zu erhöhen, denn es gab einige Geräte, die trotz DECT-Standard nicht mit der Anlage funktionierten oder sich sehr sonderlich verhielten. Warum eigentlich? Wir fingen an, die Kommunikation der Geräte zu analysieren, und fanden heraus: Wer ein Byte verliert, hat acht Bit zu wenig. Es folgt: eine DECT-Anmeldung als Theaterstück. Aber halt! Ist das nicht alles verschlüsselt? Woher wisst ihr das? Es folgt: die Geschichte der Mitel Crypto und was daraus entstand: rfpproxy. Es folgt: eine DECT-Anmeldung mit rfpproxy als Theaterstück. Dann sammelten wir Metadaten und löschten sie wieder, mit Unterstützung der Feuerwehr. Und dann? Dann haben wir viel gespielt, analysiert und entwickelt. Weil die Zeit knapp ist zeigen wir euch 3 kleine Beispiele. Musik während des Telefonats über Vanity Number, die Akte AVM und Telefonbuchfunktionen. Am Ende geben wir euch Informationen zum Weitermachen sowie einen Ausblick. Außerdem wollen wir euch motivieren uns zu helfen. Wir hätten gern einen Wireshark Dissector. Stay connected!

talk on conference website

In September 2019, Privacy International released exclusive research on the data-sharing practices of menstruation apps. Using traffic analysis, we shed lights on the shady practices of companies that shared your most intimate data with Facebook and other third parties.

In this talk we will go over the findings of this research, sharing the tools we have used and explaining why this is not just a privacy problem, but also a cybersecurity one. This talk will also be a call to action to app developers whose tools have concrete impact on the lives of their users. Does anyone – aside from the person you had sex with – know when you last had sex? Would you like them to know if your partner used a condom or not? Would you share the date of your last period with them? Does that person know how you feel on any particular day? Do they know about your medical history? Do they know when you masturbate? Chances are this person does not exist, as there is only so much we want to share, even with our most intimate partner. Yet this is all information that menstruation apps expect their users to fill. With all this private information you would expect those apps to uphold the highest standards when it comes to handling the data they collect. So, Privacy International set out to look at the most commonly used menstruation apps to find out if that was the case. Using traffic analysis, we wanted to see if those apps were sharing data with third parties and Facebook in particular, through the Facebook SDK. Our research shed light on the horrific practices of some menstruation apps that shared their users’ most intimate data – about their sexual life, their health and lifestyle – with Facebook and others. In this talk, we will take you through the research we have conducted by using Privacy International’s publicly available and free testing environment. We will briefly explain how the testing environment work and we will showcase the menstruation apps that have the most problematic practices to show you how very granular and intimate data is shared with third parties and security implications.

talk on conference website

Everybody knows about the Boeing 737 MAX crashes and the type's continued grounding. I will try to give some technical background information on the causes of the crash, technical, sociological and organisational, covering pilot proficiency, botched maintenance, system design and risk assessment, as well as a deeply flawed certification processes.

On the surface of it, the accidents to two aircraft of the same type (Boeing 737 MAX), which eventually led to the suspension of airworthiness of the type, was caused by faulty data from one of the angle-of-attack sensors. This in turn led to automatic nose-down trim movements, which could not be countered effectively by the flight crew. Eventually, in both cases, the aircraft became uncontrollable and entered a steep accelerated dive into terrain, killing all people on board on impact. In the course of the investigation, a new type of flight assistance system known as the Maneuvering Characteristics Augmentation System (MCAS) came to light. It was intended to bring the flight characteristics of the latest (and fourth) generation of Boeing's best-selling 737 airliner, the "MAX", in line with certification criteria. The issue that the system was designed to address was relatively mild. A little software routine was added to an existing computer to add nose-down trim in situations of higher angles of attack, to counteract the nose-up aerodynamic moment of the new, much larger, and forward-mounted engine nacelles. Apparently the risk assessment for this system was not commensurate with its possible effects on aircraft behaviour and subsequently a very odd (to a safety engineer's eyes) system design was chosen, using a single non-redundant sensor input to initiate movement of the horizontal stabiliser, the largest and most powerful flight control surface. At extreme deflections, the effects of this flight control surface cannot be overcome by the primary flight controls (elevators) or the manual actuation of the trim system. In consequence, the aircraft enters an accelerated nose-down dive, which further increases the control forces required to overcome its effects. Finally I will take a look at certification processes where a large part of the work and evaluation is not performed by an independent authority (FAA, EASA, ...) but by the manufacturer, and in many cases is then simply signed off by the certification authority. In a deviation from common practice in the past, EASA has announced that it may not follow the FAA (re-) certification, but will require additional analyses and evidence. China, which was the first country to ground the "MAX", will also not simply adopt the FAA paperwork.

talk on conference website

Festivals and events are organized by a small group of deciders. But what would Eris do? (chaos!) We will look at some of our experiences with decentralised festivals where every participant can truly participate, reflect on how they influence our way of discussing and producing art and technology and discuss p2panda, an idea of a p2p protocol for (self-)organising resources, places and events, which is based on the SSB protocol.

This is a technical, artistic, theoretical reflection on how we use technology to run and experiment with decentralised festivals. VERANTWORTUNG 3000 (2016), HOFFNUNG 3000 (2017) and now p2panda are platforms and protocols to setup groups, festivals, gatherings, events or spaces in a decentralised, self-organised manner which allow us to raise questions on how we organise ourselves in our social, artistic & theoretical communities.

In this presentation we want to:

• Show work and reflection processes of BLATT 3000 and Liebe Chaos Verein e. V. i. G. in Berlin on how technology informs art production and how these systemic "meta"-questions can be made the actual means of art, theory and discussion.
• Introduce some technical key-concepts of the p2panda protocol and how offline-first, append-only data-types, user authorization through cryptographic keys are interesting for ephemerality, self-organization, non-individuality, decentralization and anonymity in art and theory production.
• Present fictional ideas for festivals of the future.
• Talk about pandas.

talk on conference website

This year the Nobel prize in physics was awarded to three astronomers changing the understanding of the Universe and finding the first exoplanet. This is a good reason to dive into astronomy, numerics, and programming and to learn how modern astronomy creates the pictures and models of the reality we observe in the night sky. Let’s find out together how we can simulate the Universe and grow new planets – computationally!

In all ages people have gazed at the stars and tried to grasp the dimensions of the Universe and of the teeny-tiny marble we call our planet and wondered how unique it actually is. From the ancient geeks to Johannes Kepler to modern times we slowly advanced our understanding of the sky and the laws necessary to describe the orbits and evolution of all its objects. Nowadays computational power has greatly increased. So we can further our understanding of the Universe from basic, analytically computable orbits to the challenge of turbulent gas flows – only accessible with numerical simulations. Let's go on a journey through space and compare the data we observe with breath-taking accuracy using instruments like ALMA, VLT, Gaia, and Hubble Space Telescope to numerical simulations now possible due to computer clusters, multi-core CPU and GPU-calculations. We want to explore the physics and numeric algorithms we need to comprehend the Universe and travel to the unexplained territory of problems we can not quite solve yet. We present three state-of-the-art hydrodynamics programs: PLUTO (by A. Mignone), FARGO3D (by P. Benítez Llambay and F. Masset) and AREPO (by V. Springel). All of them are free open source software and commonly used in research worldwide. Using their example, we demonstrate how hydrodynamics recreates many of the things we see in the sky, including planets. Simulations teach us how rare the formation of Earth was and show that there is no alternative planet in reach. In modern times we humans continue to gaze at the stars. Even without Planet B in sight, we are still fascinated with what we see. Numerical methods help us satisfy our thirst for knowledge and accelerate the research of the Universe.

talk on conference website

The Achilles heel of [your secure device] is the secure boot chain. In this presentation we will show our results from auditing commonly used boot loaders and walk through the attack surface you open yourself up to. You would be surprised at how much attack surface exists when hardening and defense in depth is ignored. From remote attack surface via network protocol parsers to local filesystems and various BUS parsing, we will walk through the common mistakes we've seen by example and showcase how realistic it is for your product's secure boot chain to be compromised.

talk on conference website

In diesem Beitrag stellen wir die von der tuwat Gruppe Bildung erarbeiteten "Welcome Pattern" zum Empfang und Integration von Neuankömmlingen und ihre Anwendung in Siegens Hackspace "HaSi" vor.

Das Chaos setzt sich für Informationsfreiheit ein und behandelt die Auswirkungen von Technologie auf die Gesellschaft. Dabei machen wir sie zum Beispiel erfahrbar, testen ihre Grenzen und erklären unseren Mitmenschen und Interessierten, was gut und nicht so gut funktioniert. Zwischenzeitlich kommt da aber auch der Besucher mit dem kaputten Windows Vista, die neue Person, die schon beim ersten Besuch den Lasercutter anschmeißen will oder jemand, der den feinen Unterschied zwischen "cool" und "gar nicht mal so geil" nicht ganz verstanden hat. Wir versuchen auf der einen Seite offen für neue Mitstreiter*nnen zu sein, müssen aber auch bestimmt auf unsere Regeln und ethischen Grundsätze hinweisen. Die tuwat Gruppe Bildung hat 2018 aus diesem Grund sogenannte 'Welcome Pattern' entwickelt. Schnell zu lesen sollen sie das Chaos unterstützen, sich offen zu zeigen, ohne davon überlastet zu werden. Sie sollen aber auch eine bessere Integration von Neuankömmlingen ermöglichen, ohne die Komplexität hinter der Hackerethik und Informationsfreiheit auszusparen. In diesem Vortrag stellen wir diese Muster vor und besprechen relevante Teile davon anhand ihre Anwendung im Chaos Siegen und seinen assoziierten Hackspaces. Chaos Siegen beschäftigt sich seit Anfang 2019 mit den Mustern. Sie legen sie zum Beispiel als zusätzliches Informationsmaterial aus. Außerdem führen sie einen 'Hodge Podge', eine Kontaktliste verschiedener Gruppen, um Neulinge peu-a-peu ins Chaos zu führen. Die bekannte Diskussion wie viel Ahnung von Technik man im Chaos mitbringen soll wird verkürzt, aber auch schwere Themen, wie die Homogenität in der Gruppe, können addressiert werden. Eure konkreten Fragen könnt ihr am Endes des Vortrags mitbringen. Vielleicht können wir euch in Richtung eines entspannteren Clubleben weiterhelfen.

talk on conference website

IT-Sicherheitsgesetz 2.0, Staatstrojaner für den Verfassungsschutz, Uploadfilter und Leistungsschutzrecht, Plattformregulierung und Terrorpropaganda-Verordnung, dazu die Suche nach der künstlichen Intelligenz in der Blockchain – 2019 war ein ereignisreiches Jahr in der Netzpolitik.

Was waren die Highlights aus digitaler Grundrechtsperspektive und wo gab es Einschnitte? Was haben wir im kommenden Jahr zu erwarten und auf welche Debatten und Gesetzesprozesse sollten wir uns als digitale Zivilgesellschaft konzentrieren? Ursula von der Leyen ist jetzt EU-Kommissionspräsidentin und hat bereits in ihrer Bewerbung verschiedene netzpolitische Gesetzesprozesse angekündigt, die nicht nur aufgrund ihres Track-Records beachtenswert sind. Was erwartet uns bei der Debatte um eine Reform der Haftungsprivilegien und welche Möglichkeiten gibt es zur Plattformregulierung, ohne das offene Netz mit kaputt zu machen?

talk on conference website

Checkm8 is an unfixable vulnerability present in hundreds of millions of iPhones' SecureROM. This is a critical component in Apple's Secure Boot model and allows security researchers and jailbreakers alike to take full control over the application processor's execution.

This talk will detail how we built an iOS jailbreak from the ground up - quite literally - by using an use-after-free in Apple's SecureROM. This is key code which is designed to bring up the application processor during boot but also exposes a firmware update interface over USB called DFU. By abusing this vulnerability it is possible to unlock full control of the application processor, including enabling debugging functionalities such as JTAG, helping security researchers look for security vulnerabilities in Apple devices more effectively. We will analyse the root-cause and techniques used for exploitation, as well mention some of the hurdles we encountered while trying to turn this into a reliable jailbreak and plans for the future of this project.

talk on conference website

Wo beginnt unsere Verantwortung bei der Gestaltung und Entwicklung einer Website und wo endet sie? Wusstest Du, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben? Beim Design einer Website oder Web-App denken die wenigsten an CO2-Emissionen. So ist auch dieser Fakt weitgehend unbekannt. Warum wir uns dringend über ein nachhaltigeres Web Gedanken machen sollten und wie wir das in unserem Alltag umsetzen können, erfahrt Ihr in diesem Vortrag.

Auf unserer Erde gibt es viele Probleme, die es für unsere und zukünftige Generationen zu lösen gilt: Die globale Erwärmung und weltweiter Hunger sind nur einige davon. In unserem privaten Alltag beschäftigen sich viele von uns schon sehr ausgiebig mit dem Thema Nachhaltigkeit und dem verantwortungsvollen Umgang mit Ressourcen. Wir achten darauf, dass unsere Schokolade FairTrade ist, dass unser Apfel vom Bauern aus der Region kommt oder das Fleisch aus verantwortungsvoller Tierhaltung stammt. Aber wer weiß schon, dass für ein modernes Smartphone über 80 Kilogramm Natur verbraucht wird? Und wie viele von euch, die aktiv das Web gestalten, beschäftigen sich damit, es auch nachhaltiger zu machen? Oder wusstet ihr, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben? In meinem Vortrag möchte ich euch zeigen, wie ihr auch im beruflichen Alltag, bspw. beim Konzipieren, Entwicklen, Designen oder Managen einer Website oder App, auf verantwortungsvollen Ressourcenverbrauch, besonders in Bezug auf den Energiebedarf, achten könnt. Auch die Fragen, wie ihr helfen könnt, das Web nachhaltiger zu machen, und was die Anforderungen an moderne Websites und Apps sind, damit sie nicht zu Lasten unserer Umwelt gehen, möchte ich euch beantworten.

talk on conference website

We will analyze the approach to tecnology (decisional method, mesh network and cloud) of a farming community near Bologna: Campi Aperti. Speaking about: human organization, connectivity, managing of a server, resources and incidents handler, femminism, maintaining and growing in a non-gerarchical organization. Technologies involved: humans, antennas, orchestrator of containers.

Summarize the experience of this last 15 years of a group of farmers, the strong political impact about take care of the near territory, decide what grow and what eat and share this decisions with the consumers in the city, settled a method that is called "shared warranty", garanzia partecipata, for the organic vegetables, refuse the big distribution of the food and how this principles, with also some femminist ideas, can bring us to think in a different way our tech organizations and our tools. In the last 3 years the group Campiaperti and Genuino Clandestino, the italian network of self-managed farmers, started to make questions and solution about tecnologies and started slowly to mantain their services.

talk on conference website

There is graffiti in the ruins of the feed and the event-info-capital is emigrating.

Currently Facebook has a tight grip on the cultural scene with its events-calendar and with Instagram as a spectacular image feed.
But an opposition is rising. Graffiti and net-art are merging with hacking. Activists are using facebook graffiti, through circulating UTF-8 textbombs that cross the layout of the feed.
The Berlin network Reclaim Club Culture meanwhile is calling for a Facebook Exodus. They want to motivate the club and cultural scene to support free alternatives, by moving their biggest information capital, which are the event announcements.

talk on conference website

'In meiner Jugend war mehr Schnee!' oder 'Früher war es auch schon heiß!' könnte man so glauben, je nach Vehemenz des Ausrufs, oder man schaut halt nach.

Moderne Klimamodelle werden aus den lokalen Beobachtungen des Wetters gespeist. Durch die Verwendung historischer Daten vergangener Jahrzehnte werden aktuelle Modelle auch auf diesen Zeitraum ausgedehnt. Wir können also nachsehen, wie heiß es war oder wie tief der Schnee auf dem Weg zur Schule denn wirklich war. Dies ist auch dann möglich wenn die lokalen Aufzeichnungen selbst nicht immer online verfügbar sind. Zahlreiche staatliche und überstaatliche Organisationen stellen inzwischen die Produkte ihrer Klimamodelle, mit Einstiegshürden unterschiedlicher Höhe, für die Öffentlichkeit bereit. Der Verbreitungsweg dieser Daten variiert irgendwo zwischen csv Dateien auf öffentlichen FTP Servern, API Schnittstellen zum maßgeschneiderten Datenabruf (auch gerne mal von Magnetband) und thematisch fertig aufbereiteten Visualisierungen. Dieser Beitrag zeigt eine kleine Auswahl an Diensten (z.B. Opendata des Deutschen Wetterdienstes, Land Data Assimilation System der NASA), die den Zugang zu globalen Klimadaten ermöglichen. Am Beispiel des European Centre for Medium-Range Weather Forecasts (ECMWF) und des Copernicus Climate Change Service werden sowohl API Zugriff zum Download der Daten als auch die Möglichkeit der Onlineberechung über ein Webinterface dargestellt. Schauen wir mal, was wir so finden.

talk on conference website

What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile.

Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned. Practicing their freedom of expression becomes especially dangerous under a regime that is constantly wary of attempts to spark a second revolution. Therefore, it would not be surprising to see surveillance-motivated attacks trying to go after those targets. This talk will discuss how an opsec mistake made by a state actor gave us a rare insight into their long-term malicious activity, and the methods they were using to keep a close eye on possible internal threats within Egypt. Among our findings were attempts to gain access to victims' inboxes and monitor their correspondences, mobile applications hosted on Google's Play Store and used to track victims' communications or location, and more. We will start by reviewing our investigation into the attackers' infrastructure, and will then go over the different attack vectors and previously undisclosed malicious artifacts used in this operation. Lastly, we will share how we were able to find and reveal the identities of this campaign's high-profile targets, and the location of the headquarters which we suspect the attackers are operating from.

talk on conference website

Die überwältigende Mehrheit der erfolgreichen Hacks in freier Wildbahn setzen auf menschliche Faktoren. Wie können wir Systeme und Interfaces gestalten, um diese Schwachstellen zu mindern?

Ob Ransomware oder Phishing, APT-Angriffe oder Stalking: Die am häufigsten ausgenutzte Schwachstelle ist der Mensch. Ein Problem, das nur wenig Forschung tatsächlich angehen will. Stattdessen begnügen wir uns damit, den Usern Dummheit zu unterstellen und menschliche Faktoren der IT-Sicherheit "out of scope" zu sehen. Zeit, anders über das Problem nachzudenken, denn es gibt einige Interessante Erkenntnisse zu entdecken. Neumann, Linus (2017): „Menschliche Faktoren in der IT-Sicherheit“ in: Ferri Abolhassan (Hg.) „Security Einfach Machen: IT-Sicherheit als Sprungbrett für die Digitalisierung“, p. 85-98 Neumann, Linus (2019): „Wenn Hacker Menschen hacken“ in: Report Psychologie 11/12.2018, p. 462-464

talk on conference website

Trusted Platform Modules (TPMs) are nowadays included in all consumer-grade devices. Whilst "the Trusted Platform Modules available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software" (Richard Stallman, GNU) they have yet to gain wide-ranged adoption, especially for the daily needs of your average nerd. This talk will introduce OpenSource software and use cases that are already supported and how your everyday nerd can benefit from those by security your personal credentials, securing your system credentials, encrypting your storage and detecting BIOS manipulations. This talk is based on the https://tpm2-software.github.io contributions. It will also give a quick rundown to debunk some myths and call for participation in the OpenSource efforts for supporting more use cases via TPMs.

TPMs provide several features. Most talked about are the capabilities to perform "attestations", i.e. to reliably determine the software (BIOS, OS, applications) that are running on a given system. Most commonly useful are its capabilities to act similar to a "built-in smartcard". It provides storage for keys and secrets on the device that can be protected by PINs, i.e. that are protected against bruteforce attacks. It further provides an encrypted swapping mechanism for such keys, enabling almost infinitely large storage for said keys. With this range of features available at your average nerd's disposal, it would be a shame not to use them. 1. Securing your personal credentials The most frequent application of TPMs stems from logging into other system. This includes ssh client logins or browser based https client certificates and becomes even more frequent when put into context with git+ssh, git+https, sftp or webdav. All these technologies and mostly all implementation support PKCS11 to allow storage of secrets on a smartcard. But SmartCards or Yubikeys require extra readers, occupy USB-slots, have to be carried around. The tpm2-pkcs11 library allows anyone to seamlessly use the TPM instead of an external smartcard. This approach provides much higher convenience compared to smartcards and even compared to passwords, since you merely need a short pin instead of a username+vErys3cur3passwor! combinations. It maps the smartcards property of possession to possession of the device, i.e. notebook. 2. Securing your system credentials Heartbleed is old but the principle problem of having keys lay around in RAM and disk is as relevant as it used to be. This is where the tpm2-tss-engine for OpenSSL comes into play. It allows the use of TPM-based keys for authentication via TLS (server and client side). Of course, if your system get's owned, it's owned, but once the attacker is gone (reboot, update, etc), you can be sure that he could not have copied the private key. Thus, no revocation or similar action is needed. 3. Encrypting your storage Basically "BitLocker for Linux" is the keyword. By extending LUKS(2) and cryptsetup, we're enabling anyone to encrypt their disk and protect there data from bruteforce password guessing if the device or disk ever got stolen. This even provides a lot more convenience, since the TPM operations can be faster than the typical KDF'ing and you can work with PINs and short passwords instead of vErys3cur3passwor! ones. 4. Detecting BIOS manipulations Talks and news about evil maids, government trojans installed at airport inspections and BIOS-based backdoors are present anywhere. The tpm2-totp project is a clone of Matthew Garrets tpm-totp that he presented at 32c3. It enable the user to authenticate not only the device to be theirs, but also if the BIOS and kernel are still in the same state as they were when they left it. Most use cases are actually running code shipping with more and more distros. The talk will give some deeper explanations into each of these and possibly some live demos.

talk on conference website

Louise Ashcroft will talk through strategies and tactics she uses to ‘hack’ public spaces and social conventions in order to suggest new ways of living which challenge rules and hierarchies.

Louise Ashcroft is a performance artist and filmmaker whose playfully disruptive fieldwork in public spaces like shopping centres, trade fairs and the street) seek to challenge the socio-economic status-quo and reveal the absurdity of the power systems that govern how we live. For example, mailing boxes of soil from former public land to its new overseas owners, leading 'backwards shopping' workshops, smuggling strange products into supermarkets and attempting to buy them, or running conceptual cleaning services for people's hopes and dreams. Such public interventions are humorously retold in the form of stage performances. Louise has exhibited widely including at Arebyte Gallery, BQ Berlin, Latitude Festival, Supernormal Festival, Wellcome Collection, Museum of London and on BBC radio; residencies include Tate Learning, Camden Arts Centre, and Z.U.T Lisbon. Louise cofounded the free art school AltMFA and teaches art at Goldsmiths College. She hates capitalism but loves sneakers.

talk on conference website

The quest towards a “cleaner” internet continues – with “censorship machines” included in the EU Copyright Directive, upload filters proposed in the Terrorist Content Regulation, and numerous other initiatives to push dominant platforms to police online content. This talk will present the next big battles for free speech online at the European level.

The next important battle for our rights and freedoms in the digital sphere is looming on the horizon. Policymakers wage war against “harmful” speech online, relying on the centralisation of the web around few platforms that function as “walled gardens”. Heated debates on upload filters recently took place around the copyright reform and the fight against online terrorist propaganda. The next challenge for our freedom of expression online is a planned update to rules that deal with illegal and “harmful” content: E-Commerce Directive. E-Commerce was adopted two decades ago, but the way the internet looks like has drastically changed since. The amount of user-uploaded content has exploded, and few dominant platforms have an increasing impact on people’s rights and freedoms. How does the current online landscape look like? What are the policy options the EU is facing in terms of platform regulation? How can we achieve human rights-compliant content moderation rules?

talk on conference website

Seit spätestens 2005 wird in Deutschland an der Einführung der Telematik Infrastruktur, kurz die TI, gearbeitet. Diese soll nicht weniger als die komplette Digitalisierung der deutschen Medizinbranche bedeuten. Vom Arzt, Krankenhaus, Psychotherapeut bis hin zum Apotheker sollen alle Heilberufler miteinander vernetzt werden. Der Patient soll dabei die Datenhoheit behalten, und seine Daten mittels elektronischer Gesundheitskarte, sowie alternativ per mobiler Smartphone App steuern.

Mit Gründung der Gematik GmbH am 11. Januar 2005 begann die offizielle Entwicklung der Telematik-Infrastruktur (TI). Ziel war die Einführung einer elektronischen Gesundheitskarte mitsamt einer Infrastruktur, die langfristig alle Teilnehmer der Medizinischen Versorgung miteinander vernetzen sollte. Der Arzt speichert alle Befunde samt Röntgen Bilder in der elektronischen Patientenakte (ePA) ab, kommuniziert verschlüsselt mit anderen Ärzten über die „Sichere Kommunikation zwischen Leistungserbringer“ (KOM-LE), der Medikationsplan ist digital verfügbar (eMP), das Rezept wird beim Apotheker digital eingelöst (E-Rezept) und im Notfall sind relevante Gesundheitsdaten (NFDM) auf der elektronischen Gesundheitskarte (eGK) des Patienten abgespeichert. So soll der digitale Arztbesuch der Zukunft aussehen. Allerdings ist nach 15 Jahren Entwicklung und 2 Milliarden Euro Investitionen nur ein Dienst der TI online, das Versichertenstammdatenmanagement (VSDM). Damit können die Stammdaten des Patienten, bspw. Adresse und Krankenkasse online beim Arzt aktualisiert werden, ohne Austausch der elektronischen Gesundheitskarte. Nachdem dieser Dienst nun eingeführt wurde sollen zeitnah die nächsten oben aufgeführten Dienste online gehen. Die Spezifikationen, Zulassungsunterlagen sowie Feldtestkonzepte für diese Dienste sind dafür weitestgehend fertig. Parallel zu der von der Politik und Gematik getriebenen Entwicklung setzten sich technik-affine Personen wie bspw. Thomas Maus mit der Technik auseinander und zeigten potentielle Probleme und ungelöste Fragestellungen. Nachdem die TI nun größtenteils online ist und die ersten Dienste in der Praxis genutzt werden ist es an der Zeit sich die konkrete Umsetzung anzuschauen, zu evaluieren und bei Bedarf entsprechend zu verbessern. Dieser Vortrag soll einen aktuellen Überblick auf die Telematikinfrastruktur geben. Es werden die bestehenden Dienste (VSDSM) sowie die schon spezifizierten Dienste wie KOM-LE oder ePA vorgestellt. Insbesondere wird auf die Sicherheit der verschiedenen Systeme eingegangen. Die Schutzziele sowie die spezifizierten Methoden um diese Ziele zu erreichen werden dargestellt und grob analysiert. Dabei zeigt sich dass die TI vor allem ein sehr komplexes System mit aktuell knapp 8000 Seiten Spezifikationen plus gute 1000 Seiten Konzepten ist. Dazu ist das Projekt ein sogenanntes Running Target mit regelmäßigen Updates der Spezifikationen. Diese werden entweder durch Änderungen der Stand der Technik, oder durch Wünsche von Seiten der Politik, meist durch Gesetzte, in das Projekt hereingetragen.

talk on conference website

3D-gedruckte Kleidungsstücke finden sich mittlerweile auf immer mehr Laufstegen in der Modebranche. Der Herstellungsprozess erlaubt gänzlich neue Abläufe und die Chance, durch mehrfache Materialverwendung und Abfallreduzierung nachhaltiger zu produzieren. Aber wie alltagstauglich und bequem sind diese Teile eigentlich? Wann ist ein Kleidungsstück überhaupt bequem? Welche Funktionen können 3D-gedruckte textile Flächen übernehmen – und welche nicht?

Die Bekleidungsbranche ist eine der schädlichsten Industrien für unseren Planeten und unsere Gesellschaft. Additive Fertigungsverfahren scheinen eine Alternative zu umweltschädlicher Massenfertigung zu sein. Der Talk beantwortet Fragen nach Qualität und Nutzen 3D-gedruckter textiler Flächen und ob diese tatsächlich das Potential haben, die Bekleidungsindustrie nachhaltiger zu gestalten. Und ist es wirklich realistisch, dass wir bald alle zuhause einen 3D-Drucker stehen haben und uns morgens einen Pullover drucken?

talk on conference website

So wie Farnpflanzen ihre Sporen aus der Kapsel mit bis zu 10m/s heraus in die Welt katapultieren, auf dass sie dort auf fruchtbaren Boden fallen, werden unsere 8 Expert*innen ihr Nerd- und Fach-Wissen weitergeben – spektakulär, wirkungsvoll und unterhaltsam. So bunt wie die besten Slams, so dicht wie die besten Lightning Talks: 8 Antworten auf die Frage, warum Techies und Ökos zusammengehören.

Bei der Bits&Bäume 2018 kamen Aktivist*innen der Tech-Community und jene der Nachhaltigkeitsrichtungen zusammen, um einander ihre Fragen und Lösungsansätze zu erklären, sie zu diskutieren und gemeinsam eine bessere Zukunft zu erdenken. Wichtiger Teil war dabei auch einzutauchen in die jeweilig anderen Mikrokosmen, einander abzuholen und die Schnittstellen zu finden. Das erste „Sporangium“ hat in diesem Sinne wichtige Themen beider Bereiche aufgegriffen. Für den C3 liegt nun der Fokus auf der Verbindung von Technologie und Nachhaltigkeit: Wie kann digitale Nachhaltigkeit, wie nachhaltige Digitalisierung aussehen? Speaker*innen (A-Z...äh...V!): * Anja Höfner – Das Märchen von der Dematerialisierung durch Technik * Carina Haupt: Nachhaltige Softwareentwicklung (für weniger explodierende Raketen) * Elenos Manifesti & der Chor der Vermummten: Wir fordern! Das Bits&Bäume-Manifest * Isabella Hermann: Utopia Outer Space? Die Zukunft der Menschheit in Science-Fiction-Filmen * joliyea – Raum für Wissen. Wo wir uns treffen, um die Welt zu retten * Kathrin Henneberger – Ja, Klimakrise! Immernoch!! * Lisa Passing: Ökostrom != Ökostrom. Down the green energy rabbit hole * Viktor Schlüter: Datenschutz? Klimaschutz? Zukunft! * Durchs Sporangium katapultieren wie immer julika & Rainer

talk on conference website

Want to run Linux on open hardware? This talk will explore Open Source Hardware projects capable of that task, and explore how RISC-V and free software FPGA projects can be leveraged to create libre systems.

This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. Drew will also talk about the importance of the RISC-V instruction set and free software FPGA toolchains. He will explore the options for running Linux on open source chip designs.

talk on conference website

Three and a half years after Europe enshrined net neutrality in law, the protections for the open internet are being renegotiated. Europe finds itself in the middle of an immense lobbying battle about the legality of internet blocking, zero-rating and the internet as a common carrier for everyone. All this while the EU is also the first world region trying to fit the next mobile network standard 5G into the net neutrality framework as we currently know it. This talk will give a brief summary about the past years of regulatory enforcement, how the internet has developed in Europe and what to expect from the ongoing reform.

The Body of European Regulators for Electronic Communication (BEREC) is currently reforming the net neutrality framework of the EU. The reform started in late 2018 and will come to a conclusion in March 2020. The talk will outline the full reform process and explain the issues the digital rights community is fighting for. A particular focus will be on the challanges that the next mobile network standard 5G brings to the net neutrality debate and what to expect from new technology aspects like network slices and edge computing. Additionally, we will give insights into net neutrality enforcement throughout the European Union in the past three and a half years. This section of the talk is based on a comprehensive study which epicenter.works has conducted in 2019. The Austrian digital rights NGO epicenter.works is a leading net neutrality advocate in the EU. Their campaign www.savetheinternet.eu followed the policy debate to enshrine net neutrality in law in the European Union and lasted from 2013 until 2016. Since then, the organisation has become a public watchdog on the regulatory enforcement of the rules and published extensive legal and technical analysis on net neutrality violations. They try to shape the regulatory and public debate by speaking at annual shareholder meetings of Deutsche Telekom and participate in expert consultations from telecom regulators. With the ongoing reform, the net neutrality debate in Europe is heating up once again, with an uncertain outcome.

talk on conference website

Der Vortrag gibt auf der Basis umfangreicher korpuslinguistischer Analysen einen Überblick über den Fundus herabwürdigender und ausgrenzender Ausdrücke, die in rechten und rechtsextremen Onlinediskursen geprägt wurden. In den tiefensemantischen Strukturen des invektiven Wortschatzes der neuen Rechten wird ein stark schematisiertes Weltbild sichtbar, das von der grundlegenden Verachtung nicht nur des Fremden, sondern auch des eigenen Landes, seiner Institutionen, seiner Werte und seiner Bevölkerung geprägt ist.

Das gesteigerte Maß an Ausgrenzung und gesellschaftlicher Polarisierung, das seit dem Wiedererstarken rechter Parteien und Denkweisen in Deutschland zu verzeichnen ist, ist nicht die einzige Errungenschaft, die wir den neuen Rechten zu verdanken haben. Sie haben auch den Wortschatz um ein schier unerschöpfliches Repertoire an Schimpfwörtern bereichert. Deren Spektrum reicht von unüblichen Verknüpfungen von Wortbestandteilen wie bei "Journhalunke" oder "GEZStapo", über die produktive Verfremdung von Eigennamen wie im Fall von "K(r)amp(f)-K(n)arrenbauer" oder "Merkill", Hyperbolisierungen wie "Superübergutbestmenschen" oder Satzkomposita wie "IchseheauswieeinkonservativerCSUKatholikundwerdedeshalbvondenganzenDeppengewähltweildasjanichtsoeinGrünerist" (Winfried Kretschmann) bis hin zu Gleichsetzungen zur Denunziation von Kritik wie in "Waffen=Rassismus=rächtz=Nazi=Gefahr=Erderwärmung". Im Vortrag sollen zunächst die wichtigsten sprachlichen Strategien zur Bildung herabwürdigender Ausdrücke vorgestellt werden, ehe in einem zweiten Schritt der invektive Wortschatz zu einzelnen Politik- und Gesellschaftsbereichen in Auswahl präsentiert wird. Basis der Untersuchung bildet eine umfangreiche korpuslinguistische Analyse einschlägiger rechter und rechtsextremer "Nachrichten"-Seiten, Blogs, Kommentarspalten und Foren aus den Jahren von 2012 bis 2019, die mehr als 25.000 Schimpfwörter zutage färderte. Der Vortrag will nicht nur das Offensichtliche zeigen: Dass für die neuen Rechten herabwürdigendes und ausgrenzenden Sprechen zentrales Medium der politischen Auseinandersetzung ist. Vielmehr wird in den vielfältigen Formen herabwürdigenden Sprechens ein Weltbild sichtbar, das von wenigen Grundunterscheidungen geprägt ist. Auch wird sich zeigen, dass die neuen Rechten sich als eine Schmähgemeinschaft konstituieren und das Land, in dem sie leben, seine Bürger_innen und seine Institutionen nachhaltig verachten.

talk on conference website

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

talk on conference website

In den gegenwärtigen Debatten um die Digitalisierung werden systemische und strukturelle Auswirkungen der Digitalisierung auf Entwicklungs- und Schwellenländer und damit verbundene potentielle Risiken und Herausforderungen bislang kaum betrachtet und diskutiert. Ein schwerwiegendes Versäumnis, hatte doch bereits die Weltbank, einer der größten Förderer von IKT in den Ländern des Globalen Südens, in ihrem Weltentwicklungsbericht ‚Digital Dividende‘ (2016) selbstkritische eingeräumt, der digitale Wandel bleibe nicht nur hintern, sondern verschärfe die soziale Ungleichheit. Der Vortrag setzt sich mit der Frage auseinander, inwiefern die Digitalisierung zur Überwindung von Armut und sozialer Ungleichheit in den Ländern des Südens beitragen können. Erweitern sie die Chancen auf gesellschaftliche und ökonomische Teilhabe von benachteiligten Menschen oder verengen sie diese? Schwerpunkt der Analyse bildet die Auseinandersetzung mit dem digitalen Handel. Fast unbemerkt hat sich in der Handelspolitik eine neue Dynamik entwickelt. Führende Tech-Konzerne, allen voran die aus dem Silicon Valley, instrumentalisieren zunehmend das Handelsrecht für ihre Interessen. Dabei geht es längst nicht mehr nur um die Reduzierung von Zöllen auf digitale Produkte wie Software oder einheitliche Standards für Telekommunikationsdienste. Patente auf Künstliche Intelligenz sowie die (Nicht)Regulierung von Datenflüssen sind inzwischen auch Bestandteil handelsrechtlicher Regelungen und Gegenstand kontroverser Debatten in der Welthandelsorganisation WTO. Für die Länder des Globalen Südens – aber nicht nur für sie – steht dabei viel auf dem Spiel, einschließlich der Gefahr eines neuen, digitalen Kolonialismus. Im Vortrag zeigt zudem erste Ansätze zum Aufbau einer fairen und menschenwürdigen Digitalisierung auf.

Vom E-Commerce zum digitalen Handel Vor 25 Jahren kaufte ein Internetnutzer aus Philadelphia, mit seiner Kreditkarte am Computer eine Audio-CD des Musikers Sting. Der elektronische Handel war geboren. Ein Jahr später ging Amazon mit seinem ersten Buch an den Start. Während in der Frühphase des E-Commerce vor allem materielle Güterverkauft wurde, kamen in der Folgezeit, aufgrund technischer Fortschritte, neue Produkte und Vermittlungswege hinzu. Eine Welt ohne digitale Dienstleistungen (wie der Fahrkartenkontrolle per App) und digital übermittelt Produkte (wie z. B. Video-Streaming) ist heutzutage nicht mehr vorstellbar. Mit der Verlagerung der gehandelten Güter von materiellen Produkten zu immateriellen wandelte sich auch die Begrifflichkeit. So verdrängte der Terminus des „digitalen Handels“ zunehmend den des „elektronischen Handels“. Asymmetrische Einbindung des globalen Südens Mit dem digitalen Handel und der Digitalwirtschaft werden häufig große Hoffnungen für den Globalen Süden verknüpft. Die Schaffung neuer, digitaler Märkte sei mit hohen Wachstumsraten verbunden, einhergehend mit einer Steigerung des Wohlstandes, behaupten nicht nur Tech-Konzerne, sondern auch Akteure aus der Entwicklungszusammenarbeit. Ein Bericht der Vereinten Nationen kommt jedoch zu einem anderen Ergebnis. Demnach verteilt sich der Handel mit digitalen, immateriellen Gütern noch ungleicher, als beim traditionellen, analogen Handel. Auch beim Handel mit IT-Produkten, wie Laptops oder GPS-Geräten, geraten die Entwicklungsländer ins Hintertreffen. Die ökonomischen Folgen für die Länder des Südens sind schwerwiegend: Viele Entwicklungsländer leiden unter (1) Handelsbilanzdefiziten, (2) geringeren Staatseinnahmen und (3) erschwerten Bedingungen zum Aufbau einer eigenen, lokalen Digitalwirtschaft. Daten – Der Zankapfel in neuen Handelsabkommen Ein Anfang 2019 in Kraft getretenes Mega-regionales Handelsabkommen, dem elf Staaten angehören, darunter wichtige OECD-Länder (Japan, Kanada, Neuseeland, Australien, Chile, Mexiko), geht weit über bisherige Verträge zum digitalen Handel hinaus. Gleiches gilt für das von Trump vor drei Monaten abgeschlossene Handelsabkommen mit Japan. Beide verfolgen die Nicht-Regulierungsagenda des Silicon Valley, die seit 2000 zur offiziellen Handelspolitik der USA erklärt wurde. Demnach sollen in Handelsabkommen der USA folgenden Verbote hineinverhandelt werden: • Verbot von Zöllen • Verbot einer Digitalsteuer • Verbot lokaler Datenspeicherung • Verbot Quellcodes zu öffnen Digitalisierung von Wertschöpfungsketten Neben den hohen Wachstumsraten beim digitalen Handel, setzen viele Akteure aus der Entwicklungszusammenarbeit auch große Hoffnungen auf die Digitalisierung globaler Lieferketten. Sie versprechen sich davon gleich mehrere positive Impulse: Eine verbesserte Effizienz, mehr Produktivität und Transparenz sowie dem, aus entwicklungspolitischer Perspektive entscheidenden Faktor: Eine erhöhte Wertschöpfung für jene Menschen, die am Anfang der Lieferkette stehen, wie beispielsweise Kleinbauern in Kamerun Erste Untersuchungen, u. a. am Beispiel ostafrikanischer Teeproduzenten, bestätigen diese Hoffnungen, allerdings nur zum Teil. Durch die Anbindung an das Internet hat sich die Kommunikation der Teepflücker mit anderen Akteuren aus der Lieferkette verbessert; auch können sie ihre Arbeit effizienter und transparenter gestalten. Trotz dieser Fortschritte hat sich jedoch die Einkommenssituation der Teepflücker*innen nicht verbessert, da die Anzahl potentieller Lieferant*innen mit gleichwertiger Qualitätsteigt an, wodurch diese verstärkt miteinander in Konkurrenz treten. Faire Gestaltung der Digitalisierung „There is no time to lose in taming the power of the digital. We can either surrender our digital future, or we can take ownership of it.” (‘Digital Justice Manifesto’, Just Net Coalition, November 2019). Zum Schluss stell ich die einige Eckpfeiler für die Gestaltung einer Digitalisierung zugunsten der Menschen im Globalen Süden vor.

talk on conference website

Electronic gadgets come not just with an ecological footprint, but also a human cost of bad working conditions and human rights violations. To support hardware makers who want to design fairer devices, we are building a software tool to easily discover social risk hotspots and identify measures for improvement.

The issue of human rights violations in the supply chains of electronics products is nowadays being broadly discussed. However, from the point of view of a hardware maker, it is difficult to exclude the possibiltiy of harm being done to workers in their supply chains due to their complexity and lack of transparency. At the same time, projects such as Fairphone and NagerIT demonstrate that improvements are, in fact, possible. At FairLötet and the Fairtronics project, we try to support those who would like to improve the social impact of their products in taking the first step towards improvement. To this end, we are building a software tool which will provide a first estimate of the risks contained within a given design: circuit diagram in, analysis out. The analysis shows the main social risks associated with the product, due to which components and materials they arise, and in what regions of the world the risks are located. This enables the user to understand where efforts towards sustainability should be concentrated, e.g. by making informed purchasing decisions or engaging with suppliers. In this talk, you will learn about the risks associated with electronics, how they are estimated, and what data we gather to compute them. No deep background in sustainability or hardware is required.

talk on conference website

Since the Snowden revelations the fear of stealthy hardware manipulations is no longer regarded as far fetched. This fear is also reflected in the massive discussions sparked by last year's Bloomberg allegations on a supposed hardware spy implant on Supermicro serverboards or the recent USA ban on Huawei telecommunication equipment. Hardware reverse engineering (HRE) is a promising method to detect such manipulations or hidden backdoors. However, HRE is a highly complex and cumbersome task. It takes months of work as well as expensive equipment to even obtain the netlist of a chip, the equivalent to the binary in software reverse engineering (SRE). In contrast to SRE where various paid or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis were available - neither commercial, nor free. To close this gap, researchers from the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. In this talk, we start with a basic introduction into the challenges of HRE. Then, we demonstrate the capabilities of HAL before giving a brief overview on our current research with HAL.

Hardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system. Use cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting. However, HRE is a notably complex and cumbersome task which consists of two phases: In the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device. Such a netlist is equivalent to the binary in software reverse engineering (SRE). In the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality. However, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise. Even with a recovered netlist, understanding its functionality is an enormously challenging task. This is partly due to the lack of proper tools for netlist analysis: While in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free. To close this gap, researchers from the Embedded Security group of the Horst-Görtz Institute for IT-Security at the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. Inspired by the modularity of its SRE equivalents, HAL can be extended through optimized C++ plugins or directly used as a Python library, while at the same time offering a GUI for explorative and interactive analysis. The project is supposed to give hardware analysts a common platform for the development of new algorithms with a portable design, ultimately aiding both professionals in their daily work as well as researchers in their efforts to publish reproducible results. In this talk, we will first introduce the foundations and main challenges of HRE, before giving a live demonstration of HAL and some of its capabilities on selected case studies. We conclude the talk with a glimpse at our associated research at the university that spans both, technical research as well as cross-disciplinary work with psychologists. Our talk requires only minimum prior knowledge on digital hardware.

talk on conference website

The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019.

In the aftermath of Assange's expel from the ecuadorian embassy in London and his arrest based on a US extradition warrant evidence appeared that the "Security" measures of the embassy had at some point switched from protecting Assange and the embassy to an extremely detailled surveillance operation both against Assange and his visitors. The Spanish company "Undercover Global" that has been in charge of the embassy between 2015 and April 2018 and its owner and CEO is under investigation for spying on behalf of the CIA. Material from the second company that has taken over the embassy "Security" in April 2018 has found its way into an attempted extortion and is also subject to a legal investigation. The talk will contain material both documenting the surveillance measures installed as well as audio and video material obtained by the surveillance gear. It will also briefly touch on surveillance measures experienced elsewhere by friends, lawyers, media partners and associates of Assange and Wikileaks in the context of the ongoing man hunt.

talk on conference website

The Next Generation Internet initiative is the first concerted effort in Europe to put significant public funding to hands-on work to really fix the internet. The long term vision of the initiative is to make the internet what we need and expected it to be in the first place: Resilient. Trustworthy. Sustainable. The concrete mission of the Next Generation Internet initiative is to "re-imagine and re-engineer the Internet for the third millennium and beyond". With new projects starting all the time, the density of awesome open source, open hardware, new science and new standards in-the-making is already intense: about 200 projects are currently on their way. These range from encrypted synchronisation for calendars and address books to symbolical protocol verification, from an open hardware RISC-V SoC to removing binary seeds from operating systems, from ethical search to the Fediverse etc.

NGI Zero offers funding to independent researchers and FOSS developers working on free and open projects in the area of privacy and trust enhancing technologies and on search, discovery and discoverability. It also offers an elaborate 'pipeline' of supporting activities that live up to high standards (sometimes called 'walk the talk') in terms of security, privacy, accessibility, open source licensing, standardisation, packaging, etc. The talk will provide an overview of the awesome R&D that is now in the pipeline, how the programme is organised and everything you need to know about the various opportunities to 'come and work for the internet'.

NGI Zero Discovery and NGI Zero PET are a significant effort and ambitious effort by a large group of organisations led by NLnet foundation (that was instrumental in pioneering the early internet in Europe):

• Accessibility Foundation - Center of expertise on accessibility of internet and other digital media for all people, including the elderly and people with disabilities
• Association for Progressive Communications - A global network and organisation that strives towards easy and affordable access to a free and open internet to improve the lives of people and create a more just world
• Center for the Cultivation of Technology - A charitable non-profit host organization for international Free Software projects
• Commons Caretakers - A not-for-profit service provider for the development of Commons
• Network Security Group of Eidgenössische Technische Hochschule Zürich - Academic research institute focused on building secure and robust network systems
• Free Software Foundation Europe - Association charity that aims to empower users to control technology.
• ifrOSS - Provides not-for-profit legal services and studies in the context of free and open source software
• NixOS Foundation - Foundation supporting development and use of purely functional configuration management tools, in particular NixOS and related projects
• NLnet Foundation (NL) - Grantmaking public benefit organisation founded by pioneers of the early European internet
• Petites Singularités - Non profit organisation working with free sofware and focusing on collective practices
• Radically Open Security - Not-for-profit open source security company
• TIMIT - Experts in secure software
• Translate House - Develops and implements open source localization solutions

The budget for the effort is kindly provided by the European Commission.

talk on conference website

The talk will address how passenger name records (PNR) of flight passengers are currently used by law enforcement throughout the European Union to track and identify suspects of a variety of crimes, how this is likely to be only a first step by the security state to surveil our every movement. Two NGOs have joined forces to stop this new form of indiscriminate mass surveillance in the courts and build safeguards against future infringements of our fundamental right to privacy.

The PNR directive obliges all EU member states to process and save for five years all PNR data of passengers entering or exiting the European Union by plane. All member states have agreed to voluntarily extend this practice to all intra-EU flights as well. Subsequently, the data of hundreds of millions flight passengers are being checked against databases, generating vast amounts of false positives and futile infringements on passengers’ right to privacy. The data are also processed against “pre-determined criteria” which allows law enforcement to define “suspicious flight patterns”. The goal of this profiling of our travel movements is to find suspects among flight passengers that the authorities have never even heard of before. The system has no effective safeguards to prevent vast numbers of people from being falsely labeled as potential terrorists. Member states are already planning to extend this practice to international buses, trains and ferries – even though the effectiveness of processing flight passengers’ PNR data has yet to be proven. By this logic, the next step would be to track rental cars, then all cars, then mobile phones, and finally getting rid of the criterion “international”, enabling the state to surveil our every movement and to identify those of us who seemingly move around in suspicious patterns. But there is hope. The Court of Justice of the European Union (CJEU) has proven before to be critical of indiscriminate mass surveillance affecting people that are not even on the authorities’ radar yet. Therefore, the Gesellschaft für Freiheitsrechte, a German NGO focused on strategic litigation, and epicenter.works, an Austrian NGO focused on protecting human rights in the digital age, have started legal proceedings against the PNR directive, aiming to have German and/or Austrian courts ask the CJEU whether the PNR directive and national transposition laws violate the Charta of Fundamental Rights. This talk will explain how law enforcement currently processes PNR data, how this violates fundamental rights, how these surveillance systems may soon extended to other means of transportation, and what strategy civil society is pursuing to stop this from happening.

talk on conference website

Reverse Engineering of integrated circuits is often seen as something only companies can do, as the equipment to image the chip is expensive, and the HR costs to hire enough reverse engineers to then understand the chip even more so. This talk gives a short introduction on the motivation behind understanding your own or someone else’s chip (as a chip manufacturing company), and why it might be important for the rest of us (not a chip manufacturing company). The focus is on understanding what millions of logical gates represent, rather than the physical aspect (delayering, imaging, image processing…), because everyone can do this at home. I will introduce some proposed countermeasures (like logic encryption) and explain if, how and why they fail.

The talk will give a general overview of the research field and explain why companies are interested in reverse engineering ICs (IP overproduction, Counterfeits, Hardware Trojans), as well as why it’s important for an end user (IC trust, chip failure). Then, I will very shortly introduce the reverse engineering workflow, from decapsulating, delayering, imaging, stitching, image processing and then come to the focus: netlist abstraction. The idea is to show some methods which are currently used in research to understand what netlists represent. Some theory will be explained (circuit design, formal verification of circuits, graph theory…), but I want to keep this to a minimum. Finally, I will show some current ideas on how to make reverse engineering difficult, as well as some attacks on these ideas. The talk does not give insights into how large companies do reverse engineering (i.e. throw money at the problem), but rather show the research side of things, with some of the methods published in the last couple of years, which is something everyone can do at home.

talk on conference website

At the center of Clemens Schöll's latest art project is the "Wohnungsbot" (flat-bot), which automates flat searching in Berlin. But it doesn't only try to search flats for everybody, it fundamentally questions power-relationships in (flat-searching) online platforms. Where are the utopias about public automation? Who should be able to automate what, and how?

With increasing urbanization and financial speculation on the housing market the search for a flat in any big city has become an activity that consumes a lot of resources for people in need of housing: beyond the emotional load a significant share of your supposed leisure time is being consumed by repetitive tasks. Online platforms force us to refresh pages, scroll, click here, click there, look at a few pictures and eventually copy-paste our default text over and over again. If you're ambitious you maybe adjust the lessor's name or the street. But honestly, why do we do this? It could be so easily automated.

The 'automation drama in three acts' by media artist Clemens Schöll titled "Von einem der auszog eine Wohnung in Berlin zu finden" (Of someone who went forth to find a flat in Berlin) speculates about alternative strategies and narratives for both the housing market as well as automation itself. At the center of the multi-exhibition project stands the Wohnungsbot (literally: flat-bot), a free open source software to automate flat-searching and applications in Berlin, released to the public in June 2019.

But the Wohnungsbot is about much more than just rejecting the out-of-control housing situation. There are no technological fixes for social problems. By reclaiming de-facto working time a fundamental utopia of automation is opened once again. Who should be able to automate, what should they be able to automate, and how?
But even if these tools are publicly available – who is aware of them and who is able to use them?

Looking back in history we find that automation has always been accompanied with struggles of power and labor. How have we reached a state where only institutions, be it private companies (usually for-profit) and the state, are allowed or able to automate? Why has automation become a synonym to nightmares of many people, such as mass unemployment? If we're not asked for consent (or don't want to give it) to being dehumanized by automated processes, how can we oppose these practices?

Ultimately, we can look at ourselves (at Congress) and ask: where do we stand in this? With many of us being "people who write code" (title of a previous artistic research project by Clemens Schöll) we must reflect if and how we shape this tension with our work and existence.

talk on conference website

In diesem Vortrag nehmen wir euch mit auf eine Reise durch das Haecksenjahr 2019.

Wir streifen kurz die deutsche Statistik über Femizide in Deutschland, bei der Deutschland sechst-schlechtestes Land im europäischen Vergleich ist. Femizide führen direkt zur Hexenverbrennung um ca. 1550. Viele Belege weisen darauf hin, dass die Verfahren zur Unterdrückung von Aufständen in der Bevölkerung gedacht und nicht einfach Effekte von Massenhysterien waren. Dann schwenken wir auf die positive Seite unseres Jahres um. Wir geben euch eine Führung durch unsere Kunstgalerie (Briefmarken, Postkarten Memorials und mehr), zeigen Einblicke in ein Haecksen-Geekend und wie wir unsere 100 neuen von 292 Haecksen insgesamt integrieren und aktivieren. Außerdem verraten wir euch, in welchen Chaos-nahen Gruppen sich Haecksen-Gruppen befinden und was sie dort in 2019 gemacht haben. Zusätzlich dazu haben sich Haecksen dezentral zu den Themen Klimawandel und die Effekte von Bias in Trainigsdatensätzen zusammengeschlossen. Wir schließen mit der Vorstellung von NIFTI http://nifti.org als der neue zentrale Knotenpunkt der Gemeinschaft aller FNIT-Gruppen mit Interesse an Technik. Und wir werden dabei unser 30jähriges Jubiläum feiern.

talk on conference website

Der Talk wird eine wilde Fahrt, vorbei an umfallenden Rollern, etwas Kunst mit Sharing-Daten, einer Shoppingtour aus Recherchegründen auf asiatischen Großhandelsplattformen, Sicherheitslücken in Fahrradschlössern, welche einen deutschen Bikesharer dazu bringen, seine 6000 Räder weltweit wieder einzusammeln, der Analyse von risikokapitalgetriebenen Sharingsystemen bis hin zum Gegenentwurf: Wie angewandte Lobbyarbeit für mehr offene Mobilitätsdaten aussieht. Und wie man es selbst in die Hand nehmen kann.

Der Markt der Mobilitätsangebote ist in den letzten Jahren immer schneller immer größer geworden. Von einfachen Bikesharing-Rädern über E-Bikes, Lastenrädern hin zu Scootern bekommen wir in Großstädten immer mehr Möglichkeiten, ohne eigenes Gefährt trotzdem mobil zu sein. Aber warum nur in Großstädten? Wie nachhaltig ist das? Warum brauche ich immer noch 20 Apps für jede Stadt? Wie sehen diese Sharingsysteme eigentlich technisch aus? Was passiert mit den Daten und was lässt sich mit ihnen anfangen? Und warum sollten wir Mobilität eigentlich risikokapitalgetriebenen Technologieunternehmen überlassen? Daher bauen wir ein Open Source Bikesharingsystem: nicht profitorientiert und offen für alle, erprobt auf dem CCCamp19.

talk on conference website

Aadhaar is India's national biometric identity database, with over one billion records comprising fingerprints, iris scans and basic demographic information. It is presented as identity technology, allowing an individual to identify themselves, but also as an identification technology, allowing the state to see an individual, identify fraudulent welfare beneficiaries, and thus realise savings. These claims are not complementary. They are in fact contradictory, compromising each other. If one must be true, the other must somehow be false, and this is the reality of Aadhaar.

This talk will demonstrate how Aadhaar's attempt to be a cure for all kinds of ailments has in fact resulted in large scale exclusion and fraud. We will look at a series of design assumptions in Aadhaar's architecture, the gaps in them, and then examples of how these gaps were exploited, from public news reports. Aadhaar is often touted as a revolutionary technology that has simultaneously given identity to billions and realised substantial savings from fraud for the government. These utopian visions are finding buyers around the world. Jamaica, Morocco and Kenya have all adopted projects inspired by Aadhaar, and more countries are following suit. Unfortunately, Aadhaar is not magic, and there is now an urgent need for a sober understanding to be taken worldwide. The Kaarana project began in 2017 as a collaboration between programmers and lawyers, to document architectural assumptions and their impact on human rights. The project's findings were presented as evidence to the Supreme Court of India in 2018, and are acknowledged in a scathing dissent by Justice Chandrachud (September 2018). This dissent was in turn cited by the Supreme Court of Jamaica to shut down a biometric identity program in that country (April 2019). In September 2019, Kaarana member Anand Venkatanarayanan also appeared as a witness in the Supreme Court of Kenya in a petition against Huduma Namba, the Kenyan biometric identity program. We hope that this presentation at CCC will help public interest technologists from around the world prepare for a critical examination of similar programs in their countries.

talk on conference website

Wir müssen jetzt entscheiden, in welcher digitalen Welt wir leben wollen.

Im Bereich des Datenschutzes und der Informationsfreiheit werden schwer umkehrbare Weichenstellungen vorgenommen, die weitreichende Konsequenzen für unsere Zukunft haben. Als Bundesdatenschutzbeauftragter setze ich mich mit der Durchsetzung der Datenschutz-Grundverordnung, der Regulierung von Verbraucher-Scoring und -Profiling und der Weiterentwicklung des europäischen Datenschutzrechts auseinander. Besonders beschäftigen mich dabei auch die Debatten um digitale Überwachung und massiv ausgeweitete Befugnisse der Sicherheitsbehörden.

talk on conference website

I will explore the ways in which music is influenced by making and hacking, including a whistle-stop tour of some key points in music hacking history.

This starts with 1940s Musique Concrete and Daphne Oram’s work on early electronic music at the BBC, and blossoms into the strange and wonderful projects coming out of the modern music hacker scenes in London and Berlin, including a pipe organ made of Furbies, a sound art marble run, robotic music machines, gesture controlled moon cellos, and singing circuit sculptures. I'll also be sharing some of own work, plus my favourite new ways to make embedded instruments, including plenty of amazing Open Source hardware and software.

talk on conference website

Ausgehend von den behördlichen Messnetz für Stickoxide soll der Aufbau einer preisgünstigen Open Source Messstation für Stickstoffdioxid, inklusive Kalibrierung und der behandlung von Störenden einflüssen behandelt werden. Zusätzlich soll eine Webanwendung vorgestellt werden welche die Daten aus einem Messnetz der NO2-Messstationen sammelt, auf Karten visualisiert und somit dem Citizen Science Ansatz Rechnung trägt.

Spätestens seit dem Abgasskandal (Dieselgate) und den daraus resultierenden Fahrverboten für Dieselfahrzeuge ist eine öffentliche Debatte um Stickoxide (insbesondere Stickstoffdioxid (NO2)) als Luftschadstoff entstanden. Die Stickstoffdioxidbelastung in Städten und Gemeinden verunsichert viele Bürgerinnen und Bürger, denn einerseits ist der Schadstoff nicht wahrnehmbar und andererseits kann Stickstoffdioxid eine erhebliche Gefahr für die Gesundheit darstellen. In Deutschland existieren derzeit nur ca. 350 offizielle Messstationen für Stickstoffdioxid, so dass ortsspezifische oder sogar flächendeckende Angaben zur Luftschadstoffbelastung nicht möglich sind. Ein flächendeckendes Messnetz ist laut Gesetz auch nicht vorgesehen. Folglich können politische oder gerichtlich durchgesetzte Maßnahmen zur Verbesserung der Luftqualität auch nur dort stattfinden, wo Messwerte existieren. Da es gegenwärtig keine Bestrebungen gibt das öffentliche Netz an Messstationen auszuweiten, möchten wir mit diesem Vortrag einen Vorstoß unternehmen, die technischen Grundlagen zur Errichtung eines bürgerschaftlichen Messnetzes zu eruieren und für diesen Zweck konkrete Bauanleitungen und Informationsdienste vorstellen. Im Gegensatz zu den mehrere tausend Euro teuren und eignungsgeprüften Messstationen zeigen wir eine hinreichend akkurate und preisgünstige (<50 Euro) Alternative auf. In dem Vortrag erklären wir euch zunächst wie Stickstoffdioxid durch offizielle Stellen gemessen wird und wie die Grenzwerte definiert sind. Anhand des Status Quo der Datenerhebung erläutern wir bestehende Defizite und Potentiale für eine genauere und flächendeckendere Messung von Luftschadstoffen wie Stickstoffdioxid. Im zweiten Teil des Vortrags beschreiben wir den Aufbau einer preisgünstigen Open Source Messstation für Stickstoffdioxid. Dabei werden Kriterien für die Auswahl von Komponenten und die Durchführung einer Vergleichsuntersuchung mit einem eignungsgeprüften Messgerät vorgestellt. Außerdem werden Kalibrierungsmethoden und die Behandlung von störenden Einflüssen durch Luftfeuchtigkeit und Temperaturschwankungen thematisiert. Im dritten Teil des Vortrags wird eine Web-Anwendung vorgestellt, die Daten aus einem Messnetz der NO2-Messstationen sammelt, auf Karten visualisiert und somit dem Citizen Science Ansatz Rechnung trägt. Dabei diskutieren wir auch Vor- und Nachteile unterschiedlicher kartenbasierten Darstellungsformen von Luftschadstoffmesswerten.

talk on conference website

Weltweit verlaufen die Entwicklungstrends des Markthochlaufs der Elektromobilität und die Weiterentwicklung relevanter Batteriefertigungs- und Recyclingtechnologien hoch dynamisch. Maßgebliche Faktoren für die Entstehung eines industriellen Batterierecycling-Marktes nehmen dabei erst langsam Gestalt an, der regulatorische Rahmen ist noch modellierbar. Zugleich ist der Technologiepfad Elektromobilität als eingeschlagen zu begreifen - die Notwendigkeit einer Verkehrswende zur Reduzierung des CO2-Ausstoßes begründet Umbrüche in der Automobilbranche, die mittelfristig zu steigenden Verkehrsanteilen von Fahrzeugen mit rein elektrischem oder hybridem Antrieb an den PKW-Neuzulassungen führen werden. Damit steigt der Bedarf an geeigneten Traktionsbatterien und die Nachfrage nach den zu ihrer Herstellung erforderlichen, endlichen Rohstoffen. Im Energiesektor stellt der Beschluss zum Kohleausstieg 2038 eine Zäsur dar: Mit der Zielstellung, die Lausitz – bislang Braunkohlerevier - als Energieregion zu erhalten und die Angleichung der Lebensverhältnisse in der strukturschwachen Region zu schaffen, gehen wir der Frage nach, ob durch die Errichtung einer Recyclingstrecke für Traktionsbatterien der Elektro-Mobilität ein Beitrag zur Gestaltung einer „Energieregion der Zukunft“ geleistet werden kann. Dies einerseits im Hinblick auf die Schaffung von Beschäftigung, um die im Kontext des Braunkohleausstiegs drohenden Verluste von Industriearbeitsplätzen zu kompensieren. Andererseits unter Maßgabe der Etablierung einer nachhaltigen, regional verankerten Kreislaufwirtschaft.

Um nachhaltige Entwicklungschancen für die Lausitz im Zuge des Aufschwungs der Elektro-Mobilität abzuleiten, werden • die endogenen Potentiale der Region analysiert, • das zukünftige Altbatterie-Aufkommen und der technologische Entwicklungsstand des Li-Io-Batterierecycling aufgezeigt sowie • die regulatorischen Rahmenbedingungen auf den Prüfstand gestellt. Wir zeigen die offenen Flanken der Lithium-Ionen-„Batterierevolution“ auf, indem wir auch ihre Risiken diskutieren: Das Recycling der Lithium-Ionen-Batterien stellt sich demnach zukünftig als dringliche Notwendigkeit dar, denn • die zu ihrer Herstellung erforderlichen Rohstoffe sind endlich, • sie werden zum Teil unter Menschen unwürdigen Arbeitsbedingungen und mit erheblichen ökologischen Folgeschäden abgebaut, • es ist eine sichere und verantwortungsvolle Entsorgung bzw. Wiederverwertung der Batterien, die hochgiftige Substanzen enthalten, zu gewährleisten. Schließlich werden Handlungsempfehlungen für ein integriertes Entwicklungskonzept formuliert, die auf die Etablierung einer Kreislaufwirtschaft und Bottom-up Partizipation der Bevölkerung abstellen. Sie vermitteln Ideen, wie sich die Ansiedlung einer Zukunftstechnologie – wie des industriellen Batterierecycling - in „Regionen mit hohen Zukunftsrisiken“ unterstützen lässt und wie sich Strukturwandel so gestalten lässt, dass ökologische und soziale nicht gegen ökonomische Interessen ausgespielt werden.

talk on conference website

Mit immer neuen Gesetzen gewinnt die Exekutive in Deutschland an Macht und Ressourcen. Die öffentliche Kontrolle von Ministerien und Geheimdienste gerät ins Hintertreffen. Wir sprechen darüber, warum dank Anfragen und Klagen nach dem Informationsfreiheitsfreiheitsgesetz in diesem Jahr der Kampf noch nicht verloren ist, wie wir gegen den BND vor Gericht gewonnen haben und wann das Zensurheberrecht endlich abgeschafft wird. Plus: Das Beste aus 100.000 Anfragen über FragDenStaat in diesem Jahr.

Error 451

talk on conference website

36C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales. All graphs will be pointing up and to the right.

talk on conference website

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Was werden die nächsten Buzzwords sein und welche neuen Trends sind schon heute absehbar?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2020 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Wer hat sich letztes Jahr mit seiner AI gestritten? Und wie entwickelt sich das Berufsbild des Blockchain-Exorzisten weiter? Gibt es bald IT-Sicherheits-Wettervorhersagen im Fernsehen?

talk on conference website