Version mkdir

Events


Friday 11:00


Opening Ceremony

Ada (de)

Welcome!

Friday 11:30


The Case for Scale in Cyber Security

Security Track Keynote - Ada (en)

The impact of scale in our field has been enormous and it has transformed the tools, the jobs and the face of the Infosec community. In this talk we discuss some of the ways in which defense has benefitted from scale, how the industry might be tra...

Open Source is Insufficient to Solve Trust Problems in Hardware

How Betrusted Aims to Close the Hardware TOCTOU Gap - Clarke (en)

While open source is necessary for trustable hardware, it is far from sufficient. This is because “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive ...

The inconvenient truth is that open source hardware is precisely as trustworthy as closed source hardware. The availability of design source only enables us to agree that the designer’s intent can be trusted and is likely correct, but there is no essential link between the hardware design source and the piece of hardware on your desk. Thus while open source is necessary for trustable hardware, it is far from sufficient. This is quite opposite from the case of open source software thanks to projects like Reproducible Builds, where binaries can be loaded in-memory and cryptographically verified and independently reproduced to ensure a match to the complete and corresponding source of a particular build prior to execution, thus establishing a robust link between the executable and the source.

Unfortunately, “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. Even if you thoroughly inspect the design source, the factory could modify the design. Even if you audit the factory, the courier delivering the hardware to your desk could insert an im...

I am system: breaking the security boundary in windows OS.

Borg (en)

Nowadays, Windows is still the most popular OS used in the world. It's very important for red teams / attackers to maintain the authority after they get into the OS by penetration test. So they need a vulnerability to hide in windows to escalate t...

In this presentation, we will share the methodology about how we started this work to analyze Windows internals. We will explain the inner workings of this technique and how we analyzed ALPC and Component Object Model(COM) in Windows OS. By analyzing historical bugs, we are able to extract their features from multiple vulnerabilities.

We will develop an IDA plugin to analyze the execution path of target interfaces. Through this way we could find out the interface that called the specified sensitive operation.
In fact, we found a large number of vulnerable modules in the ALPC and COM object, which allows the attacker to cross the security boundary and directly access the system.

Leaving legacy behind

Reducing carbon footprint of network services with MirageOS unikernels - Dijkstra (en)

Is the way we run services these days sustainable? The trusted computing base -- the lines of code where, if a flaw is discovered, jeopardizes the security and integrity of the entire service -- is enormous. Using orchestration systems that contai...

Starting with an operating system from scratch is tough, lots of engineering hours have been put into the omnipresent ones. Reducing the required effort by declaring certain subsystems being out of scope -- e.g. hardware drivers, preemptive multitasking, multicore -- decreases the required person-power.

The MirageOS project started as research project more than a decade ago at the University of Cambridge, as a minimal guest for Xen written in the functional programming language OCaml. Network protocols (TCP/IP, DHCP, TLS, DNS, ..), a branchable immutable store (similar and interoperable with git) are available. The trusted computing base is roughly two orders of magnitude smaller than contemporary operating systems. The performance is in the same ballpark as conventional systems. The boot time is measured in milliseconds instead of seconds.

Not only the binary size of a unikernel image is much smaller, also the required resources are smaller: memory usage easily drops by a factor of 25, CPU usage drops by a factor of 10.

More recently we focused on deployment: integration of logging, metrics (influx, grafana), an orchestration system (remote deployment via a TLS handsha...

Friday 12:50


Katastrophe und Kommunikation am Beispiel Nord-Ost-Syrien

Humanitäre Hilfe zwischen Propaganda, Information und Spendenwerbung - Borg (de)

Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setze...

Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien.

Fand Live-Berichterstattung aus Kriegsgebieten zu Zeiten des 2. Golfkrieges noch überwiegend durch ein paar wenige Journalist*innen, oft “embedded” statt, die für CNN&Co im grünlichen Nachtsicht-Look aus dem Panzer berichteten, kann in den sozialen Medien heute jede*r zur Quelle werden. Auf diese Weise gelangt die Öffentlichkeit an Informationen die vorher nur sehr schwer zu bekommen gewesen wären & schon gar nicht in Echtzeit.

Die Quellenvielfalt birgt große Chancen für die Bewertung einer Lage und auch zur Überprüfung von Informationen durch mehrere Quellen oder Image Reverse Suche. Gleichzeitig verbreiten sich Gerüchte und Falschinformationen ebenfalls sehr viel schneller. Zudem können soziale Medien auch gezielt, etwa v...

The Ultimate Acorn Archimedes talk

Everything about the Archimedes computer (with zero 'Eureka!' jokes) - Dijkstra (en)

This talk will cover everything about the Acorn Archimedes, a British computer first released in 1987 and (slightly) famous for being the genesis of the original ARM processor.

The Archimedes was designed by Acorn in the UK in the mid-1980s, and was released in late 1987 with massive performance for its medium price (and, with the first OS, a hangover-coloured GUI). The machine isn't widely known outside Europe. Even in the UK, it was released just as the IBM PC was taking over, so remained niche. It was built from scratch with four purpose-designed chips, the ARM, the VIDC, the MEMC and the IOC. Looking at each chip, we'll take a hardware and software tour through what is one of the most influential yet little-known modern computers. The talk will detail the video, sound, IO and memory management hardware, alongside the original ARM processor which is quite different to what we have today. The Arc was a pleasure to program, both simple and fast, and we'll look at its software including the quirky operating systems that made the Arc tick, from Arthur to RISC OS and Acorn's mysterious BSD4.3 UNIX, RISCiX. The first models were followed by the lower-end A3000 in 1989, which looked similar to the the Amiga 500 or Atari STE but had around eight times the CPU performance: no sprites, no blitter, no Copper, no problem! ;-) This talk will also share ...

Wie klimafreundlich ist Software?

Einblicke in die Forschung und Ausblick in die Umweltzertifizierung! - Clarke (de)

Das Umweltbundesamt hat in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es erm...

Das Zusammenwirken von Hard- und Software, also zum Beispiel von Computer und Betriebssystem, ist vergleichbar mit einem Buch und dem Inhalt des Buches. Fehlt ein Teil dieser Einheit, ist der Bestimmungszweck nicht mehr gegeben. Ein Computer ist zusammengesetzt aus verschiedenen Komponenten, die unterschiedliche Aufgaben wahrnehmen. Die Software ist die Logik, die das Ausführen dieser Aufgaben ermöglicht. Zwar ist Software, ähnlich wie Wissen, immateriell, jedoch benötigt sie die Hardwareressourcen, um existieren zu können. Softwareprodukte sind somit ein wesentlicher Bestandteil der Informations- und Kommunikationstechnik (IKT).
In den letzten Jahren wurden einige Anstrengungen unternommen, um die IKT nachhaltiger zu gestalten. Beispielsweise wurden die Energieeffizienz der IKT-Produkte gesteigert, Anforderungen an das Energiemanagement der Geräte gestellt und neue ressourcenschonende Hardwarearchitekturen entwickelt. Konkrete Anforderungen an das Design und die Programmierung von Soft-ware, die die Energieeffizienz der Hardware unterstützen, sind bisher nicht vorhanden. Obwohl Hardware und Software, wie oben erläutert, eine Einheit bilden und die Art und Weise der Softwarear...

What's left for private messaging?

Ada (en)

It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp have led a broader recognition of the importance of end-to-end encryption. There's still plenty of work to be d...

This introduction to secure messaging will lay out the different risks that are present in communications, and talk about the projects and techniques under development to do better.

The talk will begin with a threat modeling exercise to be able to concretely talk about the different actors and potential risks that a secure messaging system can attempt to address. From there, we'll dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal (and now the noise framework).

The bulk of the talk will focus on the rest of the problem which is more in-progress, and in particular consider the various metadata risks around communication. We'll survey the problems that can arise around contact discovery, network surveillance, and server compromise. In doing so, we'll look at the forays into communication systems that attempt to address these issues. Pond offered a novel design point for discovery and a global network adversary. Katzenpost adapts mixnets to limit the power of network adversaries and server compromise in a different way. Private Information Retrieval (PIR) trades off high server costs for a scheme that could more realisticall...

Tales of old: untethering iOS 11

Spoiler: Apple is bad at patching - Eliza (en)

This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution.

This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are.

Friday 14:10


Vom Ich zum Wir

Gesellschaftlicher Wandel in den Reden im Bundestag - Borg (de)

Ein von Zeit Online entwickeltes Tool macht es möglich, die Plenarprotokolle des Bundestags grafisch und inhaltlich auszuwerten, und zwar seit seiner ersten Sitzung 1949 bis heute. In den 200 Millionen Wörtern zeigen sich historische Zäsuren, sie ...

Die Protokolle des Bundestags decken einen Zeitraum von siebzig Jahren ab. In dieser Zeit hat sich die Bundesrepublik stark verändert und damit natürlich auch die im Bundestag verwendete Sprache. Manche Dinge sind trivial, z.B. dass Flüchtlinge einst Vertriebene waren oder dass mit Computernetzen zusammenhängende Wörter erst in neuerer Zeit auftauchen. Andere überraschen, z.B. dass seit der Wiedervereinigung mehr von Ostdeutschen als von Westdeutschen gesprochen wird. Anhand von einschlägigen Beispielen wollen wir erläutern, wie sich Sprache und mit ihr Politik verändert hat. Wir untersuchen die Rhetorik alter und neuer Rechter, die Rhetorik des "Marktes", der Krisen und natürlich auch die des gepflegten Beschimpfens.

Mit dem Tool lässt sich zeigen, welche Debatten groß und wortreich geführt wurden, welche klein und unbedeutend blieben, obwohl es vielleicht wichtig gewesen wäre, über die Themen zu debattieren. Die Sprache ist somit der Zugang zur Analyse der Politik des Parlaments.

Woher stammen unsere Daten?
Wir haben die Protokolle aller Sitzungen des Deutschen Bundestages analysiert: 4.217 Protokolle aus 19 Legislaturperioden, insgesamt rund 200 Millionen Wörter. Sie ...

phyphox: Using smartphone sensors for physics experiments

An open source project for education, research and tinkering - Eliza (en)

Modern smartphones offer a whole range of sensors like magnetometers, accelerometers or gyroscopes. The open source app "phyphox", developed at the RWTH Aachen University, repurposes these sensors as measuring instruments in physics education.

When put into a salad spinner, the phone can acquire the relation of centripetal acceleration and angular velocity. Its barometer can be used to measure the velocity of an elevator. And when using two phones, it is easy to determine the speed of sound with a very simple method.

In this talk, I will show these possibilities in demonstration experiments, discuss available sensors and their limitations and introduce interfaces to integrate phyphox into other projects.

In this talk, the developer of the app "phyphox" at the RWTH Aachen University will first introduce how sensors in smartphones can be used to enable experimentation and data acquisition in physics teaching with several demonstrations on stage. Available sensors and their limitations will be discussed along with interfaces allowing the integration of phyphox into other project, either as a means to access sensor data or to display data from other sources.

The app is open source under the GNU GPLv3 licence and available for Android (>=4.0) and iOS (>=8.0). It is designed around experiment configurations for physics education at school and university, allowing for a quick setup with a single tap. At the same tim...

Energiespeicher von heute für die Energie von morgen

Wohin eigentlich mit all der erneuerbaren Energie? - Clarke (de)

Wir verlassen uns in unserem Alltag permanent auf die Verfügbarkeit von elektrischer Energie. Aber wenn wir vom dauerhaften Betrieb von Kraftwerke, die fossile Energieträger verbrennen, wie stellen wir die Versorgung sicher, wenn nachts kein Wind ...

Als eins der größeren Probleme stellt sich die Bereitstellung elektrischer Energie für unsere hoch technologisierte Welt dar. Der Beitrag der aus erneuerbaren Energiequellen gewonnenen elektrischen Energie ist in den letzten Jahrzehnten beständig gestiegen, aber dennoch bleibt ein Problem: wie stellen wir Energie bereit, wenn keine Sonne scheint und kein Wind weht?
Ein Überblick über bekannte und weniger bekannte Energiespeicher soll erleichtern, aktuelle Diskussionen der Energie- und Klimapolitik zu verstehen und einzuordnen.
Batterien und Akkus liefern seit vielen Jahrzehnten den Strom für vor allem tragbare Geräte: Die allgegenwärtige, nicht wiederaufladbare Alkali-Mangan-Batterie speist Uren, Fernbedienungen, Taschenlampen und Geräte aller Art. Speziell die wiederaufladbare Lithium-Ionen-Batterie hat unsere moderne Welt revolutioniert, aus gutem Grund wurde diese Entwicklung dieses Jahr mit dem Nobelpreis in Chemie ausgezeichnet. Wird diese Technologie die Zukunft der Elektromobilität sein, und den überschüssigen Solarstrom speichern, um ihn nachts wieder zur Verfügung zu stellen?
Oder sollte die kaum bekannte Natriumsulfid Batteriechemie der bessere Kandidat sein? Wie ...

Messenger Hacking: Remotely Compromising an iPhone through iMessage

Ada (en)

So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such ex...

This talk will dive into the internals of an iMessage exploit that achieves unsandboxed remote code execution on vulnerable devices (all iPhones and potentially other iDevices up to iOS 12.4) without user interaction and within a couple of minutes. All that is necessary for a successful attack in a default configuration is knowledge of the target’s phone number or an email address. Further, the attack is also possible without any visible indicators of the attack displayed to the user.

First, an overview of the general iMessage software architecture will be given, followed by an introduction of the exploited vulnerability. Next, a walkthrough of the exploitation process, including details about how the various exploit mitigations deployed on iOS were bypassed, will be presented. Some of the exploitation techniques are rather generic and should be applicable to exploit other vulnerabilities, messengers, and even other platforms such as Android. Along the way, some advice will be shared with the audience on how to bootstrap research in this area. The talk concludes with a set of suggestions for mobile OS and messenger vendors on how to mitigate the demonstrated exploit technique...

It's not safe on the streets... especially for your 3DS!

Exploring a new attack surface on the 3DS - Dijkstra (en)

The 3DS is reaching end of life but has not revealed all its weaknesses yet. This talk will go through the process of reverse engineering an undocumented communication protocol and show how assessing hard-to-reach features yields dangerous results...

Embedded Devices are all around us, talking to each other in ways we often don't even realize. In this talk, we discuss how one such communication mechanism in the 3DS remained unexplored for over seven years as well as the vulnerabilities that were lying dormant as a result.


We will explore specific features of the 3DS and talk about their low-level implementation details and about why they were not tested before. Besides, we will walk through the (lengthy) dev process involved in putting together this exploit, and the significant risks involved in devices (even game consoles) having this kind of vulnerability.


Finally, we will demonstrate the attack in action.


Since the talk will be a bit technical some basic knowledge about network protocols and software exploitation techniques is recommended, but it is aimed to be enjoyable for non-technical audiences as well.
One might also take a look at previous talks (32c3 and 33c3) about the 3ds for more in-depth background knowledge.

Friday 16:10


Was hat die PSD2 je für uns getan?

Pleiten, Pech und Pannen in der Zahlungsdiensteregulierung - Dijkstra (de)

Seit dem 14. November ist die letzte Schonfrist zur Umsetzung der Europäischen Richtline 2015/2366 über Zahlungsdienste im Binnenmarkt (neudeutsch PSD2) verstrichen. Das hat erst vielen Banken viel Arbeit gemacht, und macht jetzt vielen Kunden vie...

Dieser Vortrag gibt einen Überblick über die Hintergründe der Zahlungsdiensterichtlinie, das was sie bewirken sollte, und das was sie tatsächlich bewirkt. Der Sicht aus der Regulierungsperspektive wird die tatsächliche Erfahrung als Anwender, und als Entwickler von Open-Source-Software gegenübergestellt.

The Large Hadron Collider Infrastructure Talk

Clarke (en)

The Large Hadron Collider (LHC) is the biggest particle accelerator on Earth. It was built to study matter in more detail than ever before and prove physical theories like the Standard Model of Particle Physics. This talk will focus on the enginee...

During previous CCCs, several talks described what kind of data the experiments of LHC look out for, how the data is stored, how physicists are analysing data and how they extract their huge discoveries. Often times though, the presence of the particle accelerator itself is taken for granted in light of these findings.
That's why this talk will give an in-depth engineering summary about that 'particle accelerator'. We'll shed light on the big technology and engineering problems that had to be solved before being able to build a machine that we take for granted these days. Among other things, we will describe how to cool down several thousand tons of magnets to -271.25°C, how to safely dissipate ~500 MegaJoule of energy in just a fraction of a second, or how to bend a beam of particles around a corner while it's moving along with ~99,9999991% of the speed of light. Of course, we'll also touch on the bits that make collecting the data gathered in all the physics detectors possible in the first place.

"Hacker hin oder her": Die elektronische Patientenakte kommt!

Ada (de)

Herzstück der digitalen Gesundheitsversorgung für 73 Millionen Versicherte ist die hochsichere, kritische Telematik-Infrastruktur mit bereits 115.000 angeschlossenen Arztpraxen. Nur berechtigte Teilnehmer haben über dieses geschlossene Netz Zugang...

Schon in 12 Monaten können 73 Millionen gesetzlich Versicherte ihre Gesundheitsdaten in einer elektronischen Patientenakte speichern lassen. Dazu werden zurzeit alle Arztpraxen, Krankenhäuser und Apotheken Deutschlands über die neu geschaffene kritische Telematik-Infrastruktur verbunden.

Dieses hochverfügbare Netz genügt "militärischen Sicherheitsstandards", bietet ein "europaweit einzigartiges Sicherheitsniveau" und verspricht ein "Höchstmaß an Schutz für die personenbezogenen medizinischen Daten" wie Arztbriefe, Medikamentenpläne, Blutbilder und Chromosomenanalysen.

"Wir tun alles, damit Patientendaten sicher bleiben."

"Selbst dem Chaos Computer Club ist es nicht gelungen, sich in die Telematik-Infrastruktur einzuhacken."

"Nach den Lehren aus PC-Wahl, Ladesäulen und dem besonderen elektronischen Anwaltspostfach brauchen wir kein weiteres Exempel."

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs

Eliza (en)

A deep dive investigation into Siemens S7 PLCs bootloader and ADONIS Operating System.

Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 PLC series is one of the most widely used PLCs in the industry. In recent years, Siemens integrated various security measures into their PLCs. This includes, among others, firmware integrity verification at boot time using a separate bootloader code. This code is baked in a separated SPI flash, and its firmware is not accessible via Siemens' website. In this talk, we present our investigation of the code running in the Siemens S7-1200 PLC bootloader and its security implications. Specifically, we will demonstrate that this bootloader, which to the best of our knowledge was running at least on Siemens S7-1200 PLCs since 2013, contains an undocumented "special access feature". This special access feature can be activated when the user sends a specific command via UART within the first half-second of the PLC booting. The special access feature provides functionalities such as limited read and writes to memory at boot time via the UART interface. We discovered that a combination of those protocol features could be exploited to execute arbitrary code in the PLC and dump the en...

How to Break PDFs

Breaking PDF Encryption and PDF Signatures - Borg (en)

PDF is the most widely used standard for office documents. Supported by many desktop applications, email gateways and web services solutions, are used in all sectors, including government, business and private fields. For protecting sensitive info...

The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. It is used to store sensitive information like contracts and health records. To protect this information PDF documents can be encrypted or digitally signed. Thus, confidentiality, authenticity, integrity, and non-repudiation can be achieved. In our research, we show that none of the PDF viewers achieve all of these goals by allowing an attacker to read encrypted content without the password or to stealthily modify the signed content.

We analyze the PDF encryption specification and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted docum...

Friday 17:30


From Managerial Feudalism to the Revolt of the Caring Classes

David Graeber - Borg

One apparent paradox of the digitisation of work is that while productivity in manufacturing is skyrocketing, productivity in caring professions (health, education) is actually declining - sparking a global wave of labour struggle. Existing econom...

How (not) to build autonomous robots

Fables from building a startup in Silicon Valley - Eliza (en)

Over the past 2 years we've been building delivery robots - at first thought to be autonomous. We slowly came to the realization that it's not something we could easily do; but only after a few accidents, fires and pr disasters.

We've all seen the TV show Silicon Valley, but have you actually peered underneath the curtain to see what's happening? In this entertaining talk, Sasha will share his first hand experience at building (and failing) a robotics delivery startup in Berkeley.

Over the course of 2.5 years this startup built hundreds of robots, delivered thousands of orders, and had one robot stolen. The talk will look over the insanity that's involved with building an ambitious startup around a crazy vision; sharing the ups and downs of the journey. It will also touch up lightly on the technology that drives it and the simplistic approach to AI/machine learning this company took.

Server Infrastructure for Global Rebellion

Clarke (en)

In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning d...

An extension of an earlier talk at C-Base Berlin, Julian will give an overview of his own discoveries, platform choices, successes and mistakes meeting the needs of 5-figure at-risk server memberships, from geo-political and legal challenges, to arrest opsec and uptime resilience in the face of powerful adversaries driving attacks on infrastructure and seized activist devices spanning many countries before and during periods of mass civil disobedience. In particular the talk is a call for all sysadmins, opsec and infosec professionals and enthusiasts to rise up and join the fight for current and future generations of all life.

Climate Modelling

The Science Behind Climate Reports - Dijkstra (en)

When climate activists say you should listen to the science they usually
refer to reports by the Intergovernmental Panel on Climate Change (IPCC). The IPCC is an Intergovernmental organization (IGO) providing an objective summary of scienctific r...

This lecture aims at answering these questions. In particular, it
provides an overview about some basic nomenclature for
a better understanding of what climate modelling is about.

The following topics will be addressed:


  • Who does climate modelling?

    Which institutes, infrastructures, universities, initiatives are
    behind it and which are the conferences climate scientists go to. What
    background do climate scientists have?
  • What is the difference between climate projections and weather
    predictions? Why is it called a climate projection
    and not climate prediction? While climate scientists are not able to
    predict weather at a specific date in a decade, why does it
    still make sense to propose general trends under certain conditions?
  • What is a climate model, what is an impact model and what is the
    difference between these? What are components and features
    of the different kind of models? Here, some examples will be shortly
    presented (e.g.atmosphere, ocean, land, sea ice).
  • Quite a few models are open source and freely accessible. If there is
    time I will shortly show you how you
    could install an impact model (exa...

Plundervolt: Flipping Bits from Software without Rowhammer

Ada (en)

We present the next step after Rowhammer, a new software-based fault attack primitive: Plundervolt (CVE-2019-11157).

Many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate proc...

Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (BlackHat USA 2015, CCC 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again.

In this CCC talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt.

Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and ope...

Friday 18:50


The Internet of rubbish things and bodies

A review of the best art & tech projects from 2019. With a focus on e-waste - Clarke (en)

Once you start looking at electronic trash you see it everywhere: in laptops of course but also increasingly in cars, fridges, even inside the bodies of humans and other animals. The talk will look at how artists have been exploring the e-junk inv...

Régine Debatty is a curator, critic and founder of http://we-make-money-not-art.com/, a blog which has received numerous distinctions over the years, including two Webby awards and an honorary mention at the STARTS Prize, a competition launched by the European Commission to acknowledge "innovative projects at the interface of science, technology and art".
Régine writes and lectures internationally about the way artists, hackers, and designers use science and technology as a medium for critical discussion. She also created A.I.L. (Artists in Laboratories), a weekly radio program about the connections between art and science for Resonance104.4fm in London (2012–14), is the co-author of the “sprint book” New Art/Science Affinities, published by Carnegie Mellon University (2011) and is currently co-writing a book about culture and artificial intelligence.

Geheimdienstliche Massenüberwachung vs. Menschenrechte

Ada (de)

Der Europäische Menschenrechtsgerichtshof beschäftigt sich nun schon seit Jahren mit der Frage, ob die durch Edward Snowden öffentlich bekanntgewordene geheimdienstliche Massenüberwachung mit der Europäischen Menschenrechtskonvention kompatibel is...

Dieses Jahr gab es zwei neuerliche Anhörungen in Straßburg, die sich mit der britischen und schwedischen Massenüberwachung durch die Geheimdienste auseinandersetzten. Im Vortrag werden die bisher gefällten Urteile und die neuen vorgetragenen Argumente beleuchtet.

Insbesondere der britische Fall ist das erste Mal, dass der Gerichtshof nicht nur die Massenüberwachung an der Menschenrechtskonvention misst, sondern auch das Datenkarussell zwischen den Geheimdiensten, namentlich dem GCHQ und der NSA.

Wegen der schon Mitte Januar vom Bundesverfassungsgericht anberaumten mündlichen Anhörung zum BND-Gesetz wird sich ein Teil des Vortrags auch mit der deutschen geheimdienstlichen Massenüberwachung beschäftigen. Der CCC hat eine Stellungnahme zur Ausland-Ausland-Fernmeldeaufklärung abgegeben, deren Inhalt kurz zusammengefasst wird.

Offenlegung: Ich bin eine der Beschwerdeführerinnen in dem britischen Fall.

Mathematical diseases in climate models and how to cure them

Dijkstra (en)

Making climate predictions is extremely difficult because climate models cannot simulate every cloud particle in the atmosphere and every wave in the ocean, and the model has no idea what humans will do in the future. I will discuss how we are usi...

Climate models are usually written in Fortran for performance reasons at the expense of usability, but this makes it hard to hack and improve existing models.

Bigger supercomputers can resolve smaller-scale physics and help improve accuracy but cannot resolve all the small-scale physics so we need to take a different approach to climate modeling.

In this talk I will discuss why modeling the climate on a computer is so difficult, and how we are using the Julia programming language to develop a fast and user-friendly climate model that is flexible and easy to extend.

I will also discuss how we can leverage GPUs to embed high-resolution simulations within a global climate model to resolve and learn the small-scale physics allowing us to simulate the climate more accurately, as the the laws of physics will not change even if the climate does.

(Post-Quantum) Isogeny Cryptography

Eliza (en)

There are countless post-quantum buzzwords to list: lattices, codes, multivariate polynomial systems, supersingular elliptic curve isogenies. We cannot possibly explain in one hour what each of those mean, but we will do our best to give the audie...

It is the year 2019 and apparently quantum supremacy is finally upon us [1,2]. Surely, classical cryptography is broken? How are we going to protect our personal communication from eagerly snooping governments now? And more importantly, who will make sure my online banking stays secure?

The obvious sarcasm aside, we should strive for secure post-quantum cryptography in case push comes to shove. Post-quantum cryptography is currently divided into several factions. On the one side there are the lattice- and code-based system loyalists. Other groups hope that multivariate polynomials will be the answer to all of our prayers. And finally, somewhere over there we have elliptic curve isogeny cryptography.

Unfortunately, these fancy terms "supersingular", "elliptic curve", "isogeny" are bound to sound magical to the untrained ear. Our goal is to shed some light on this proposed type of post-quantum cryptography and bring basic understanding of these mythical isogenies to the masses. We will explain how elliptic curve isogenies work and how to build secure key exchange and signature algorithms from them. We aim for our explanations to be understandable by a broad audience without ...

Intel Management Engine deep dive

Understanding the ME at the OS and hardware level - Borg (en)

Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC.

The Intel Management Engine, a secondary computer system embedded
in modern chipsets, has long been considered a security risk
because of its black-box nature and high privileges within the
system. The last few years have seen increasing amounts of
research into the ME and several vulnerabilities have been found.

Although limited details were published about these vulnerabilities,
reproducing exploits has been hard because of the limited information
available on the platform.

The ME firmware is the root of trust for the fTPM, Intel Boot Guard
and several other platform security features, controlling it allows
overriding manufacturer firmware signing, and allows implementing
many background management features.

I have spent most of past year reverse engineering the OS, hardware
and links to the host (main CPU) system. This research has led me
to create custom tools for manipulating firmware images, to write
an emulator for running ME firmware modules under controlled
circumstances and allowed me to replicate an unpublished exploit to
gain code execution.

In this talk I will share the knowledge I have gathered so far, document
my methods and also e...

Friday 20:50


Digitalisierte Migrationskontrolle

Von Handyauswertung, intelligenten Grenzen und Datentöpfen - Clarke (de)

Die sogenannten digitalen Assistenzsysteme des BAMF, „intelligente Grenzen“ in der EU und immer größer werdende Datenbanken: Wer ins Land kommt und bleiben darf, wird immer mehr von IT-Systemen bestimmt. Davon profitiert die Überwachungsindustrie,...

Deutschland hat in den letzten Jahren massiv in Technik investiert, um Asylverfahren zu digitalisieren. Biometrische Bilder mit Datenbanken abgleichen, Handys ausgelesen und analysieren, Sprache durch automatische Erkennungssysteme schleifen. Ganz abgesehen von der Blockchain, die alles noch besser machen soll. Doch nicht nur in Deutschland werden zum Zweck der Migrationskontrollen immer mehr Daten genutzt. In Norwegen werden Facebook-Profile Geflüchteter ausgewertet, in Dänemark sogar USB-Armbänder. Die Grenzagentur Frontex soll für „intelligente Grenzen“ sorgen, Datenbanken werden EU-weit ausgebaut und zusammengelegt. Rechtschutzmechanismen versagen größtenteils. Worum es dabei geht? Schnellere Abschiebungen. Wer davon profitiert? Die Überwachungsindustrie.

In Vorbereitung von Klageverfahren bringt die Gesellschaft für Freiheitsrechte e.V. (GFF) gemeinsam mit der Journalistin Anna Biselli im Laufe des Dezembers eine Studie heraus, die sich diesem Thema genauer widmet. Die Ergebnisse der Studie wollen Lea Beckmann und Anna Biselli gemeinsam vorstellen und kontextualisieren.

Anna Biselli ist Informatikerin und Journalistin und arbeitet seit Jahren zu Fragen der Digitalisie...

What the World can learn from Hongkong

From Unanimity to Anonymity - Ada (en)

The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from fr...

This is the story of how and why Hongkongers have been able to sustain their movement so long, even faced with an overwhelming enemy like China. The protestors have developed a range of tactics that have helped them minimise capture and arrests and helped keep the pressure up for five months: They include enforcing and maintaining anonymity, both in person and online, rapid dissemination of information with the help of the rest of the population, a policy of radical unanimity to maintain unity in the face of an overwhelming enemy and Hongkongers’ famous “be water” techniques, through which many of them escaped arrest.

LibreSilicon's Standard Cell Library (de)

show + tell - Eliza (de)

(en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing.

(de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. W...

(en) LibreSilicon develops a free and open source technology to fabricate chips in silicon and provides all information to use them - or technical spoken - a Process Design Kit (PDK).
On one abstraction level higher, user always using with their design compile tools a Standard Cell Library (StdCellLib) with basic blocks like logic gates, latches, flipflops, rams, and even pad cells.
From a programmers point of view, as a PDK is comparable to a language like C, the Standard Cell Library becomes comparable to libc.
All commercial available Standard Cell Libraries containing a small subset of all useful cells only, limited just by the manpower of the vendor. They are hand-crafted and error-prone. Unfortunately Standard Cell Libraries are also commercial exploited with Non-disclosure agreement (NDAs) and heavily depend on the underlying PDKs. Our aim is to become the first free and open source Standard Cell Library available.
The lecture shows, how far we are gone, with makefile controlled press-button solution which generates a substantial number of Standard Cells by automated processing and respecting the dependencies in the generated outputs.

(de) LibreSilicon entwickelt e...

Science for future?

What we can and need to change to keep climate change low - the scientist view - Dijkstra (en)

This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic quest...

The climate crisis is already existing and it is going to become worse. Looking at the pure facts of the changing climate, the acidication of the oceans, the slowly but steady rising of the sea level and the strengthening earth response effects, which make thing worse, it is hard to stay optimistic on the development of human kind on this planet. This lead to the largest social movement in Germany since the second world war fighting for a limitation of climate change to a maximum average temperature increase of 1.5°C.
On the other hand, this movement is often disputed. Since the necessary changes are not liked by everyone, the engagement of especially students was attacked also by politicians – even declaring that they should leave such issues to the professionals. At this point scientist for future joined together to support the demands of the students and declare, „they are right“.
This support is urgently needed. People have many open questions. The necessary changes are involving all societies in the world. In Germany, one of the most disputed topics is the field of energy, its generation, distribution and use. Is it actually possible to go for 100% renewable energies? Wha...

The Great Escape of ESXi

Breaking Out of a Sandboxed Virtual Machine - Borg (en)

VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervisor of VMware vSphere, which is the world's most prevailing, state-of-the-art private-cloud software, ESXi pla...

During the presentation, we will first share the fundamentals of ESXi hypervisor and some of its special features, including its own customized bootloader, kernel, filesystem, virtual devices and so on. Next, we will demonstrate the attack surfaces in its current implementations and how to uncover security vulnerabilities related to virtual machine escape. In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2018-6981 and CVE-2018-6982, and give an exhaustive delineation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context. Meanwhile, due to the existence of sandbox mechanism in ESXi, code execution is not enough to pop a shell. Therefore, we will underline the design of the sandbox and explain how it is adopted to restrict permissions. We will also give an in-depth analysis of the approaches leveraged to circumvent the sandbox in our escape chain. Finally, we will provide a demonstration of a full chain escape on ESXi 6.7.

Friday 22:10


The KGB Hack: 30 Years Later

Looking back at the perhaps most dramatic instance of hacking of the 1980s and the role it had in shaping the public image of the CCC. - Clarke (en)

This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present.

This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present.
The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).

This talk aims to focus on the uncovering of the KGB Hack, which began in 1986 when Clifford Stoll, a systems administrator at the University of California in Berkeley, noticed an intruder in his laboratory’s computer system – and, unlike other admins of the time, decided to do something about it. It took three more years of relentless investigation on Stoll’s part and laborious convincing of the authorities of the United States and the Federal Republic of Germany to trace back the intruder to a group of young men loosely connected to the CCC who worked with the KGB, selling information gained from breaking into ...

Warum die Card10 kein Medizinprodukt ist

Was müssen Medizinproduktehersteller einhalten (und was nicht)? - Dijkstra (de)

Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln,...

Dieser Vortrag gibt Antworten auf die folgenden Fragen:


  • Was ist denn überhaupt ein Medizinprodukt?

  • Was steht dazu im Gesetz?

  • Was haben Normen damit zu tun?

  • Was tun die Hersteller überlicherweise um diese Anforderungen umzusetzen?

  • Wie sieht ein typischer Entwicklungsprozess aus?

  • Wie sieht es mit Security und Safety aus?

  • Warum sind Innovationen so schwer?

  • Was passiert nach der Entwicklung?

  • Wer überwacht das alles?

Es wird Schwerpunktmäßig die EU betrachtet um die Dauer des Vortrags nicht zu sprengen.

Kritikalität von Rohstoffen - wann platzt die Bombe?

Ein nicht nuklearer Blick auf das Ende der Welt - Eliza (de)

Einführung in das Forschungsfeld der Kritikalitätsanalysen. Anhand der Rohstoffe Tantal, Wolfram, Zinn und Gold werden exemplarisch die quantitativen und qualitativen Indikatoren für eine Versorgungsengpassanalyse vorgestellt.

Moderne High-Tech-Produkte benötigen chemische Elemente, die in spezifischen Rohstoffen (z. B. Erze) vorkommen. Dabei unterliegen Verfügbarkeit und Preis dieser Rohstoffe in hohem Maße den Einflussfaktoren der Konzentrationsrisken, politischen Risiken, Angebotsreduktions- und Nachfrageanstiegsrisiken. Da Unternehmen oftmals über Jahre hinweg an bestimmte Rohstoffe gebunden sind, müssen sie den Unsicherheiten mit vielfältigen Strategien begegnen. Vom Abbau und der Verarbeitung bis zur Nutzung und Entsorgung wird die gesamte Wertschöpfungskettenkritikalität bewertet. Dadurch können Verwundbarkeiten von Unternehmen und Ländern durch Rohstoffengpässe objektiv identifiziert und Handlungsempfehlungen definiert werden. Die Kritikalitätsanalyse wird am Beispiel der 3TG-Materialien (Tantal, Wolfram, Zinn und Gold) veranschaulicht.

Uncover, Understand, Own - Regaining Control Over Your AMD CPU

Borg (en)

The AMD Platform Security Processor (PSP) is a dedicated ARM CPU inside your AMD processor and runs undocumented, proprietary firmware provided by AMD.

It is a processor inside your processor that you don't control. It is essential for system s...

Our talk is divided into three parts:

The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot.

The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output.

The talk concludes with a security analysis of the PSP firmware.
We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP.

This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP.

Friday 22:30


Practical Cache Attacks from the Network and Bad Cat Puns

Ada (en)

Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual ma...

Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card.

In this talk, we present the first security analysis of DDIO. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server. netcat is also a famous utility that hackers and system administrators use to send information ov...

Friday 23:30


Hack_Curio

Decoding The Cultures of Hacking One Video at a Time - Eliza (en)

Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such image...

Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us (Chris Kelty, Gabriella Coleman, and Paula Bialski) have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders, will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world.

We will begin our talk by telling the audience what drove to build this website and what we learned in the process of collaborating with now over fifty people to bring it into being. After our intro...

Let’s play Infokrieg

Wie die radikale Rechte (ihre) Politik gamifiziert - Clarke (de)

Manche Spiele will man gewinnen, andere will man einfach nur spielen. Bei vielen Spielen will man beides. Spielen macht Spaß. Gewinnen auch. Warum also nicht immer und überall spielen? Warum nicht Politik spielen wie einen Multiplayer-Shooter? Mit...

Wir sprechen von “Spielifizierung”, wenn typische Elemente von Spielmechaniken genutzt werden, um in spielfremden Kontexten motivationssteigernd zu wirken. Während diese Strategie vor allem wirtschaftlich genutzt wird, um Kundenbindung und Mitarbeiterproduktivität zu erhöhen, ist sie auch zu einem zunehmend wichtigen Teil politischer Kultur geworden. Insbesondere Online-Communities verwenden Spielelemente, Memes/Lore und spielnahe Unterhaltungsformate, um ihre sozialen Beziehungen und jene zur Realität zu gestalten und zu strukturieren.

Innerhalb solcher Beziehungen war es nur eine Frage der Zeit, bis archetypische NPCs wie der gewöhnliche Troll sich zu Lone-Wolf-Spielercharakteren entwickeln, Rudel bilden und sich in einem stetig wachsenden und ausdifferenzierenden System von Gilden und meritokratischen Jagdverbänden organisieren würden. Die Politisierung solcher neuer Stammesgesellschaften ist eine logische Konsequenz dieser Evolution.

Der Vortrag beleuchtet einerseits den US-kulturellen Hintergrund des Feldes: von der Spielmetapher als legitimierenden Rahmen in der “Manosphere”, “#Gamergate” und Operationen der chan-übergreifenden /pol/-Community. Andererseits sucht er...

Inside the Fake Like Factories

How thousands of Facebook, You Tube and Instagram pages benefited from purchased likes and how we reverse engineered facebooks user IDs - Borg (en)

This talk investigates the business of fake likes and fake accounts: In a world, where the number of followers, likes, shares and views are worth money, the temptation and the will to cheat is high. With some luck, programming knowledge and persis...

When you hear about fake likes and fake accounts, you instantly think of mobile phones strung together in multiple lines in front of an Asian woman or man. What if we tell you, that this is not necessarily the whole truth? That you better imagine a ordinary guy sitting at home at his computer? In a longterm investigation we met and talked to various of these so called “clickworkers” - liking, watching, clicking Facebook, You Tube and Instagram for a small amount of money the whole day in their living room.
Fortuitously we could access thousand campaigns, Facebook Fanpages, You Tube videos or Instagram accounts. Thousands of websites and accounts, for which somebody bought likes in the past years.
But we did not stop the investigation there: We dived deeper into the Facebook Fake Accounts and Fake Likes universe, bought likes at various other Fake Likes sellers. To get the big picture, we also developed a statistical method to calculate the alleged total number of Facebok User IDs, with surprising results.

SIM card technology from A-Z

Ada (en)

Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview.

Today, billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. If at all, people know that once upon a time, they were storing phone books on SIM cards.


Every so often there are some IT security news about SIM card
vulnerabilities, and SIM card based attacks on subscribers.


Let's have a look at SIM card technology during the past almost 30 years and cover topics like


  • Quick intro to ISO7816 smart cards

  • SIM card hardware, operating system, applications

  • SIM card related specification bodies, industry, processes

  • from SIM to UICC, USIM, ISIM and more

  • SIM toolkit, proactive SIM

  • eSIM

SELECT code_execution FROM * USING SQLite;

--Gaining code execution using a malicious SQLite database - Dijkstra (en)

SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg.
In our long...

Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe.

How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database…

The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system.

In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitatio...

Friday 00:50


Hacker Jeopardy

Zahlenraten für Geeks - Ada (de)

The Hacker Jeopardy is a quiz show.

The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;)

Three initial rounds will be played, the winners will compete with each other in the final.

The event will be in German, we hope to have live translation again.


Saturday 11:30


Lightning Talks Day 2

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

Was tun bevor es brennt - wie gründe ich eigentlich einen Betriebsrat?

Wie gründe ich einen Betriebsrat, bevor die Kacke dampft? - Eliza (de)

Aktiv werden zur rechten Zeit - Stand up for Your Right!

Betriebsrat - klingt für viele IT-ler*innen doch nach letztem Jahrtausend. Dabei ist dies ein hart erkämpftes und wichtiges Instrument, um der Stimme der Beschäftigten bei der Geschäftsle...

Das deutsche Arbeitsrecht in Form des Betriebsverfassungsgesetzes garantiert die Mitsprache der Belegschaft in jeder Firma mit mehr als fünf Arbeitnehmer*innen. Dabei ist vieles zu beachten - und ohne eine professionelle Begleitung z.B. durch eine Gewerkschaft kaum zu schaffen.

In unserer Firma geht es ab: Massenentlassungen aufgrund ökonomischer Turbulenzen. Die Geschäftsleitung spielt dirty und schaut, womit sie durchkommt. Höchste Zeit für einen Betriebsrat!

• Um zu erfahren, dass man gemeinsam stark sein kann.
• Um der Gechäftsleitung klarzumachen. was geht und was nicht.
• Um bei Einstellungen und Entlassungen Fairplay zu gewährleisten.
• Um die verbrieften Rechte der Beschäftigten durchzusetzen.

Am Beispiel einer Berliner Großraumdiskothek und einem ebenso in Berlin ansässigen Musikinstrumenteherstellers, welches kürzlich einem Fünftel seiner Belegschaft betriebsbedingt gekündigt hat, zeigen wir wie das geht mit der Betriebsratsgründung, worauf unbedingt zu achten ist und wo Interessierte professionelle Unterstützung für dieses organisatorischen Kraftakt finden können.

Den Talk halten wir zu viert: eine Beschäftigte der Diskothek, ein Beschäftigter des...

How to Design Highly Reliable Digital Electronics

Clarke (en)

There's a variety of places - on Earth and beyond - that pose challenging conditions to the ever-shrinking digital circuits of today. Making those tiny transistors work reliably when bombarded with charged particles in the vacuum of space, in the ...

This talk will introduce the audience to the class of problems that digital circuits are faced with in challenging radiation environments. Such environments include satellites in space, the electronics inside particle accelerators and also a variety of medical applications. After giving an overview of the various effects that may cause malfunctions, different techniques for detection and mitigation of such effects are presented. Some of these techniques concern the transistor-level design of digital circuits, others include triple modular redundancy (TMR) and correction codes. Some open source software solutions that aid in the design and verification of circuits hardened against such problems are presented, and of course a 'lessons learned' from our experiences in the field of particle detector electronics will be shared.

Der Pfad von 4G zu 5G

Die Luftschnittstelle und das Core im Wandel der Zahlen - Ada (de)

Mit 4G wurde gegenüber früheren Mobilfunktechnologien das Air-Interface komplett neu gestaltet. Mit 5G wird dieses nun auf mögliche Zukunftstechnologien erweitert. Wir stellen die Neuerungen und die Möglichkeiten auf dem 5G-Air-Interface und im Co...

Die folgenden Themen werden behandelt:

Die 5G-Luftschnittstelle:

- Subcarrier, Subcarrierspacing, Symbolzeit
- OFDMA bei 4G
- Guard Period
- Resource Block und Referenzsignal
- Resource Grid und die Aufgaben der physikalischen Kanäle
- Grenzen von 4G und Möglichkeiten mit 5G
- Kanalbandbreiten und Frequenzbereiche 5G
- Subcarrier-Spacing und Änderungen im Resource Block (MBMS, NBIoT, Data, Low Latency, etc.)
- Beispiele von Resource Grids
- 5G auf 3,5 GHz und 700 MHz
- Berechnung der maximalen Datenrate
- TDD und dessen Vorteile und Einschränkungen (Sync, Laufzeit)
- Massive MIMO, Multi-User MIMO
- statische Beams und Traffic Beams
- Mixed Mode - Dynamic Spectrum Sharing
- Messung von Antennen bei 5G

Netzarchitektur:

- Aktueller Stand von 5G (NSA, Anker bei 4G, TDD, CA mit 4G)
- 5G NSA und SA
- Core-Netzelemete, Schnittstellen und deren Aufgaben
- Radionetzwerk, eNB, gNB, Schnittstellen ((e)CPRI, S, X, ...)
- Backhaul, 10 Gbit/s Fiber und Richtfunk
- Vorstellung 3GPP Specs

On the insecure nature of turbine control systems in power generation

A security study of turbine control systems in power generation - Dijkstra (en)

A deep dive into power generation process, industrial solutions and their security implications. Flavoured with vulnerabilities, penetration testing (security assessment) methodology and available remediation approaches.

The research studies a very widespread industrial site throughout the world – power generation plants. Specifically, the heart of power generation – turbines and its DCS – control system managing all operations for powering our TVs and railways, gaming consoles and manufacturing, kettles and surveillance systems. We will share our notes on how those systems are functioning, where they are located network-wise and what security challenges are facing owners of power generation. A series of vulnerabilities will be disclosed along with prioritisation of DCS elements (hosts) and attack vectors. Discussed vulnerabilities are addressed by vendor of one of the most widespread DCS on our planet. During the talk we will focus on methodology how to safely assess your DCS installation, which security issues you should try to address in the first place and how to perform do-it-yourself remediation. Most of the remediation steps are confirmed by vendor which is crucial for industrial owners.

Saturday 12:50


Reducing Carbon in the Digital Realm

How to understand the environmental impact of the digital products you build, and take measurable steps to “green your stack” - Clarke (en)

In this talk, you'll learn about the environmental impact of the digital products and services you build, why this matters. You’ll be introduced to a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotsp...

You might have heard stories about how bitcoin, or the internet itself, is responsible for an ever-growing share of global carbon emissions.

But it doesn’t need to be this way.

Did you know that just by switching AWS regions in the US, you can wipe out a huge chunk of the carbon footprint from running your tech infrastructure? Most people don't, and we need stuff like this to be common knowledge in our industry - we need to know how to build digital products without needing to emit carbon, the same way we expect people in automotive industries to how to build cars with without needing lead in the fuel.

In this talk, you'll learn about the environmental impact of the digital products and services you build, and a about a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotspots in the way you build them.

You’ll also see how to use skills you already have to make meaningful, measurable improvements to the environmental impact of the digital products and services you build, and the open source tools available to support you in your efforts to green your stack.

An ultrashort history of ultrafast imaging

Featuring the shortest movies and the largest lasers - Eliza (en)

Did you ever wonder what happens in the time period it takes light to cross the diameter of your hair? This is the femtosecond, a millionth of a billionth of a second. It is the time scale of electron and nuclear motion, and therefore the most fun...

Investigating ultrafast processes is challenging. There simply are no cameras that would be fast enough to image a molecule in motion, so we need to rely on indirect measurements, for example by ultrashort light pulses. Such ultrashort pulses have been developed for several years and are widely applied in the study of ultrafast processes by, e.g., spectroscopy and diffraction. Depending on the specific needs of the investigation, they can be generated either in the laboratory or at the most powerful light sources that exist today, the x-ray free-electron lasers.

With ultrafast movies, a second idea comes into play: once we understand the dynamics of matter on the femtosecond time scale, we can use this knowledge to control ultrafast motion with tailored light pulses. This is promising as a means to trigger reactions that are otherwise not accessible.

In my talk, I will give a brief introduction to the rapidly developing field of ultrafast science. I will summarize main findings, imaging techniques and the generation of ultrashort pulses, both at lab-based light sources and large free-electron laser facilities. Finally, I will give an outlook on controlling ultrafast dynami...

TamaGo - bare metal Go framework for ARM SoCs.

Reducing the attack surface with pure embedded Go. - Dijkstra (en)

TamaGo is an Open Source operating environment framework which aims to allow deployment of firmware for embedded ARM devices by using 0% C and 100% Go code. The goal is to dramatically reduce the attack surface posed by complex OSes while allowing...

TamaGo is a compiler modification and driver set for ARM SoCs, which allows bare metal drivers and applications to be executed with pure Go code and minimal deviations from the standard Go runtime.

The presentation explores the inspiration, challenges and implementation of TamaGo as well as providing sample applications that benefit from a pure Go bare metal environment.

TamaGo allows a considerable reduction of embedded firmware attack surface, while maintaining the strength of Go runtime standard (and external) libraries. This enables the creation of HSMs, cryptocurrency stacks and many more applications without the requirement for complex OSes and libraries as dependencies.

SigOver + alpha

Signal overshadowing attack on LTE and its applications - Ada (en)

As Long-Term Evolution (LTE) communication is based on over-the-air signaling, a legitimate signal can potentially be counterfeited by a malicious signal. Although most LTE signaling messages are protected from modification using cryptographic pri...

In detail, we talk about the implementation of the SigOver, the first practical realization of the signal overshadowing attack on the LTE broadcast signals, using a low-cost Software Defined Radio (SDR) platform and open-source LTE library. The SigOver attack was tested against 10 smartphones connected to a real-world network, and all were successful. The experimental result shows that the SigOver overshadows the target signal and causes the victim device to decode it with 98% success rate with only 3 dB power difference from a legitimate signal. On the other hand, attacks utilizing an FBS have only 80% success rate even with 35 dB power difference. This implies that the SigOver can inconspicuously inject any LTE message and hand over victims to FBS for the Man-in-the-Middle attack.
Presentation Snapshot :
1. Overview on LTE Architecture including structure, security aspects, and types of messages. Broadcast messages and some of the unicast messages are unprotected; thus they have a fundamental weakness.
2. Introduction of SigOver Attack, attack vectors, detailed implementational design, and issues on performing the attack. SigOver attack can manipulate unprotected LTE signal...

Saturday 14:10


Schweiz: Netzpolitik zwischen Bodensee und Matterhorn

E-ID, E-Voting, Netzsperren und andere netzpolitische Schauplätze - Eliza (de)

Die Intensität des Kampfes um die Freiheit im digitalen Raum lässt auch in der Schweiz nicht nach. Wir blicken auf das netzpolitische Jahr 2019 zwischen Bodensee und Matterhorn zurück. Wir behandeln jene Themen, die relevant waren und relevant ble...

Weiter zeigen wir, was von der Digitalen Gesellschaft in der Schweiz im neuen Jahr zu erwarten ist.

Themen sind unter anderem:

Elektronische Identifizierung (E-ID): Das Gesetz, welches die elektronische Identifizierung regelt, ist verabschiedet worden. Der digitale Ausweis soll von privaten Unternehmen herausgegeben werden. Wir haben das Referendum gegen das Gesetz ergriffen.

E-Voting: Ein öffentlicher Test des letzten sich im Rennen befindenden Systems war vernichtend. Wie es nun weitergeht im Kampf für das Vertrauen in die direkte Demokratie in der Schweiz.

Netzsperren: Das erste Gesetz, in dem Netzsperren explizit verankert sind, ist dieses Jahr in Kraft getreten. Wie es in der Umsetzung aussieht

Leistungsschutzrecht: Was es ins neue Urheberrechtsgesetz geschafft hat - und wie das Leistungsschutzrecht bezwungen wurde.

Datenschutz: Wo in der Schweiz besonders viel «Datenreichtum» zu beobachten war und was es mit der Login- bzw. Tracking-Allianz auf sich hat.

Netzneutralität: Nach einem langen Kampf erhält die Schweiz eine gesetzlich verank...

TrustZone-M(eh): Breaking ARMv8-M's security

Hardware attacks on the latest generation of ARM Cortex-M processors. - Dijkstra (en)

Most modern embedded devices have something to protect: Whether it's cryptographic keys for your bitcoins, the password to your WiFi, or the integrity of the engine-control unit code for your car.

To protect these devices, vendors often utilise...

Modern devices, especially secure ones, often rely on the security of the underlying silicon: Read-out protection, secure-boot, JTAG locking, integrated crypto accelerators or advanced features such as TrustZone are just some of the features utilized by modern embedded devices.

Processor vendors are keeping up with this demand by releasing new, secure processors every year. Often, device vendors place a significant trust into the security claims of the processors. In this talk, we look at using fault-injection attacks to bypass security features of modern processors, allowing us to defeat the latest chip security measures such as TrustZone-M on the new ARMv8 processors.

After a quick introduction into the theory of glitching, we introduce our fully open-source FPGA platform for glitching: An FPGA-based glitcher with a fully open-source toolchain & hardware, making glitching accessible to a wider audience and significantly reducing the costs of getting started with it - going as far as being able to integrate glitch-testing into the Secure Development Lifecycle of a product.

Then, we look at how to conduct glitching attacks on real-world targets, beyond academic environm...

Der Deep Learning Hype

Wie lange kann es so weitergehen? - Ada (de)

Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden - und einiger anderer auch. Aber wie gut ist dieser Trend wirklich? Und wie nachhaltig?

Wir setzen uns mit wissenschaftlicher Nachhaltigkeit, s...

Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden. Die Sinnhaftigkeit und die Qualität der Lösung scheinen dabei jedoch immer mehr vom Buzzword Bingo verschluckt zu werden.

Ist es sinnvoll, weiterhin auf alle Probleme Deep Learning zu werfen? Wie gut ist sind diese Ansätze wirklich? Was könnte alles passieren, wenn wir so weiter machen? Und können diese Ansätze uns helfen, nachhaltiger zu leben? Oder befeuern sie die Erwärmung des Planetens nur weiter?

Wir setzen uns im Detail mit drei Fragestellungen auseinander:

1. Wissenschaftliche Nachhaltigkeit: Wie gut sind die Ergebnisse wirklich? Was können die modernen neuronalen Netze und was können sie nicht? Und vor allem: Wo werden sie eingesetzt und wie sinnvoll ist das? KI Systeme, deren Beschreibung beeindruckend sind, produzieren nicht immer die besten Ergebnisse, und Reproduzierbarkeit, Evaluation, und Reflexion leiden unter Konkurrenzdruck und dem Publikationszyklus. Außerdem, welche Lösungen und Ansätze gehen im Deep Learning Hype unter? Dafür, dass sich so viele Forscher*innen mit dem Thema beschäftigen, zahlen wir damit, dass andere Themen, Ideen und Ansätze ignor...

The search for anonymous data

Attacks against privacy-preserving systems - Clarke (en)

Data is core to the digital economy. Scandals such as Cambridge Analytica, however, serve as a reminder that large-scale collection and use of data raise serious privacy concerns. In this talk, I will discuss past and current research in data anon...

Data is a core element of modern society but its collection and use also raise serious privacy concerns. To allow data to be used while preserving privacy, GDPR and other legal frameworks rely on the notion of “anonymous data”.

In this talk, I will first show how historical anonymization methods fail on modern large-scale datasets including how to quantify the risk of re-identification, how noise addition doesn't fundamentaly help, and finally recent work on how the incompleteness of datasets or sampling methods can be overcomed. This has lead to the development of online anonymization systems which are becoming a growing area of interest in industry and research. Second, I will discuss these the limits of these systems and more specifically new research attacking a dynamic anonymization system called Diffix. I will describe the system, both our noise-exploitation attacks, and their efficiency against real-world datasets. I will finally conclude by discussing the potential of online anonymization systems moving forward.

Das nützlich-unbedenklich Spektrum

Können wir Software bauen, die nützlich /und/ unbedenklich ist? - Borg (de)

Eine Software ist unbedenklich, wenn man sie auf ungefilterte Daten aus einem Webformular aufrufen kann, ohne prüfen zu müssen, ob dann etwas schlimmes passieren kann. In der Praxis lässt sich ein Kontinuum zwischen Nützlichkeit und Unbedenklichke...

Die Kernidee dieses Vortrages ist es, von reaktiver Security ("wir packen einfach alles in eine VM / einen Container / eine Sandbox") wegzukommen hin zu einer vertrauenswürdigen Software-Infrastruktur, der man auch ohne Einsperren trauen kann.


Die offensichtliche Frage ist, wie man sowas konstruieren würde. Noch wichtiger ist aber die Frage, woran wir vertrauenswürdige Software überhaupt erkennen können.

Diese Metrik wäre dann auch hilfreich, um zu erkennen, ob unsere Einsperr-Methode überhaupt vertrauenswürdig war.

Saturday 16:10


Polizei-Datenbanken und Minderheiten: Staatliche Stigmatisierung und Diskriminierung von Sinti und Roma

Dijkstra (de)

Für Sinti*zze und Roma*nja gehören Anfeindungen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt...

Für Sinti*zze und Roma*nja gehören auch in Deutschland Anfeindungen in allen Lebenslagen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt und veröffentlicht. In Pressemitteilungen der Polizei tauchen immer wieder Hinweise auf die ethnische Herkunft auf, vor allem bei Tatverdächtigen, seltener bei Opfern oder Zeug*innen. Die Berliner Polizei hat in der Kriminalstatistik 2017 den Hinweis veröffentlicht, dass die Mehrheit der Tatverdächtigen von „Trickdiebstahl in Wohnungen“ Angehörige der Volksgruppe Sinti und Roma seien: Dass es rechtswidrig ist, wenn die Polizei die zugrunde liegenden Daten tatsächlich erhebt, ist unstreitig.

In Kooperation mit dem Zentralrat hat die Gesellschaft für Freiheitsrechte e.V. (GFF) im Fall der Berliner Polizeikriminalstatistik bei der Berliner Landesdatenschutzbeauftragten ein Beschwerdeverfahren wegen des Verdachts auf Diskriminierung von Sinti*zze und Roma*nja lanciert. Beide Organisationen prüfen gemeinsam weitere rechtliche Möglichkeiten.

Warum ist es so gefährlich, ethnische Herkunft in Pol...

The ecosystem is moving

Challenges for distributed and decentralized technology from the perspective of Signal development - Ada (en)

Considerations for distributed and decentralized technologies from the perspective of a product that many would like to see decentralize.

Amongst an environment of enthusiasm for blockchain-based technologies, efforts to decentralize the internet, and tremendous investment in distributed systems, there has been relatively little product movement in this area from the mobile and consumer internet spaces.

This is an exploration of challenges for distributed technologies, as well as some considerations for what they do and don't provide, from the perspective of someone working on user-focused mobile communication. This also includes a look at how Signal addresses some of the same problems that decentralized and distributed technologies hope to solve.

Fridays for Future (de)

Schule schwänzen für das Klima - Clarke (de)

Der Diskurs hat sich von Klimaschutz als Aufgabe von Individuen hinzu einer strukturellen, systemischen Frage verschoben. Welche Veränderungen brauchen wir und warum lohnt es gemeinsam und aktivistisch gegen fossile Energieträgern und Co. vorzugeh...

Nach einem Jahr Klimastreik redet die Gesellschaft in einem Ausmaß wie nie zuvor über die Klimakrise. Lösungsansätze dieser Krise werden auch in der Öffentlichkeit immer öfter auf einer strukturelle und systemischen Ebene diskutiert. 1,4 Millionen Menschen waren am 20. September beim Global Climate Strike in Deutschland auf der Straße. Die institutionalisierte Politik, Parteien & vor allem die Bundesregierung machen weiterhin nur mit ihrer Blockadehaltung auf sich aufmerksam. Welche Rolle spielt eigentlich die Digitalisierung beim Ausstoß von Treibhausgasen und welche bei der Reduzierung dieses Ausstoß. Mit anderen Worten, welche Digitalsierung ist klimazerstörend und wie müssen wir sie gestalten in Zeiten der Klimakrise.
Die wöchentlichen Streiks und viele weitere Veranstaltungen sowie die Organisation des Ganzen prägten viele junge Menschen das vergangenge Jahr. Digitale Kommunikation spielt in der Vernetzung der einzelnen Arbeits- und Ortsguppen eine essentielle Rolle. Diese Organisationsform bedeutet nicht nur schnelle Reaktionsfähigkeit, sondern oft auch die Verbrennung sämtlicher personeller Ressourcen.
Die Digitalisierung sorgt in vielen Bereichen für mehr Emissionen....

Psychedelic Medicine - Hacking Psychiatry?!

Psychedelic Therapy as a fundamentally new approach to mental health issues - Borg (en)

Psychedelic research constitutes a challenge to the current paradigm of mental healthcare. But what makes it so different? And will it be able to meet the high expectations it is facing? This talk will provide a concise answer.

Psychedelic Therapy is evolving to be a game changer in mental healthcare. Where classical antidepressants and therapies e.g. for Posttraumatic Stress Disorder often have failed to provide relief, substance assisted psychotherapies with Psilocybin, LSD and MDMA show promising results in the ongoing clinical trials worldwide.

A challenge to the current paradigm: Unlike the conventional approach of medicating patients with antidepressants and other psychotropic drugs on a daily basis for months and years at a time, Psychedelic Therapy offers single applications of psychedelics or emotionally opening substances such as Psilocybin, LSD and MDMA within the course of a limited number of therapeutic sessions. The clinical trials conducted in this kind of setting are currently designed around depression, substance abuse, anxiety and depression due to life threatening illnesses, PTSD, anorexia and social anxiety in Autism.
Though the results look promising, it is important not to take these therapies for a “magic bullet cure” for all and very patient will mental issues. This talk will outline the principles of psychedelic therapy and research and provide a concise overview of what ps...

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

Eliza (en)

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to t...

Presentation Outline
1. Introduction to IoT/Embedded firmware [~7 min]
* A brief intro to the IoT landscape and the problems caused by insecure IoT devices.
* Overview of the peculiarities that characterize embedded firmware.
* Strong dependence from custom, unique environments.
* Firmware samples are composed of multiple binaries, in a file system fashion (e.g., SquashFS).
* Example of how a typical firmware sample looks like.

2. How to Analyze Firmware? [~5 min]
* Overview on the current approaches/tools to analyze modern firmware and spot security vulnerabilities.
* Description of the limitations of the current tools.
* Dynamic analysis is usually unfeasible, because of the different, customized environments where firmware samples run.
* Traditional, single-binary static analysis generates too many false positives because it does not take into account the interactions between the multiple binaries in a firmware sample.

3. Modeling Multi-Binary Interactions [~5 min]
* Binaries/processes communicate through a finite set of communication paradigms, known as Inter-Process Communication (or IPC) paradigms.
* An instance of an IPC is identified th...

Saturday 17:10


Extinction Rebellion

Jahresrückblick 2019 - Clarke (de)

Extinction Rebellion (XR) ist eine global agierende, schnell wachsende, klimaaktivistische Graswurzel-Bewegung, die mit gewaltfreien Aktionen zivilen Ungehorsams auf die drohende Klimakatastrophe hinweist und Regierungen zum Handeln bewegen will. ...

Extinction Rebellion (XR) hat ein turbulentes erstes Jahr hinter sich. Im letzten Herbst wurden in London die fünf wichtigsten Brücken über die Themse besetzt und die drohende Klimakatastrophe begann – endlich! – ins öffentliche Bewusstsein zu rücken. In diesem Herbst gab es koordinierte Aktionen und Blockaden mit Zehntausenden Teilnehmer:innen bereits in über 60 Metropolen auf der ganzen Welt. Über zweitausend Menschen sind dabei verhaftetet worden.

Klimapolitisch hat sich dennoch so gut wie nichts getan. Während Regierungen entweder regungslos verharren oder aber den Klimanotstand ausrufen und zugleich neue Infrastruktur für fossile Brennstoffe bewilligen, arbeitet die Leugner:innenmaschinerie auf Hochtouren und bemüht sich um die Konstruktion alternativer Fakten.

Gleichzeitig erleben wir immer wieder, dass unsere wissenschaftlichen Prognosen nicht stimmen und sich der Klimawandel in seinem Verlauf schneller und heftiger vollzieht als vorhergesagt. Hitzewellen, Waldbrände, Dürren, Ernteausfälle, Wasserknappheit sind nicht mehr zu ignorieren.

Es ist daher unumgänglich, den politischen Druck zu erhöhen, indem mehr Aktionen an mehr Orten mit noch viel mehr Menschen und ...

Die Zukunft grenzüberschreitenden Datenzugriffs und politischer Verfolgung

Dijkstra (de)

In Brüssel wird über eine Verordnung verhandelt, die es allen EU-Staaten ermöglichen soll, Provider zur Herausgabe von Inhalten oder Metadaten zu verpflichten – egal wo die Daten gespeichert sind, egal ob die Tat, um die es geht, dort eine Strafta...

Strafverfolger hierzulande würden gern möglichst schnell alle möglichen Daten von allen möglichen Online-Diensten über ihre Kunden erhalten. Juristisch stehen dem bisher einige Hürden im Weg, wenn die Anbieter nicht im Inland sitzen oder wenn sie Daten auf Servern im Ausland speichern. Hinter der Auskunft, mit welcher IP eine Morddrohung auf Facebook gepostet wurde, verbergen sich Diskussionen über die großen Themen des Völkerrechts: Souveränität und Territorialität. Weil Daten oft auf der ganzen Welt gespeichert werden, wird das etablierte System der gegenseitigen Rechtshilfe in Frage gestellt.

Während die EU noch über die eEvidence-Verordnung berät, haben die USA schon mit UK ein Abkommen für unbegrenzten Direktzugriff geschlossen und verhandeln mit Australien.

Warum diesen neuen Regeln jeder Grundrechtsschutz fehlt und wie grenzüberschreitende Repression politische Verfolgung verändern könnte, erfahrt ihr in diesem Talk.

Hackerparagraph § 202c StGB // Reality Check

Cybercrime-Ermittlungen: Vorsicht vor der Polizei! Oder: Nicht im falschen Forum posten - Borg (de)

Der Hackerparagraph § 202c StGB ist seit August 2007 in Kraft. Das Bundesverfassungsgericht nahm eine dagegen gerichtete Verfassungsbeschwerde nicht an, wies aber darauf hin, dass er verfassungskonform auszulegen sei. Wie ist also die Rechtslage? ...

Wie war das nochmal mit diesem umstrittenen Hackerparagraphen? Welche Rolle spielt er in der Praxis der Strafverfolgung? Kann mich so ein Ermittlungsverfahren am Ende selber betreffen?
Und wie gehen die Strafverfolgungsbehörden bei Ermittlungen wegen des Verdachts auf Straftaten nach § 202c StGB vor? Dies wird anhand eines von einer Schwerpunktstaatsanwaltschaft für Cybercrime geführten Strafverfahrens beantwortet. Der Vortrag stellt Rechtslage und Realität gegenüber. Um es vorweg zu nehmen: Sowas kann man sich gar nicht ausdenken.

All wireless communication stacks are equally broken

Ada (en)

Wireless connectivity is an integral part of almost any modern device. These technologies include LTE, Wi-Fi, Bluetooth, and NFC. Attackers in wireless range can send arbitrary signals, which are then processed by the chips and operating systems o...

Wireless exploitation is enabled by the technologies any smartphone user uses everyday. Without wireless connectivity our devices are bricked. While we can be more careful to which devices and networks we establish connections to protect ourselves, we cannot disable all wireless chips all the time. Thus, security issues in wireless implementations affect all of us.

Wireless chips run a firmware that decodes wireless signals and interprets frames. Any parsing error can lead to code execution within the chip. This is already sufficient to read data passing the chip in plaintext, even if it would be encrypted while transmitted over the air. We will provide a preview into a new tool that enables full-stack Bluetooth fuzzing by real-time firmware emulation, which helps to efficiently identify parsing errors in wireless firmware.

Since this kind of bug is within the wireless chips' proprietary firmware, patching requires assistance of the manufacturer. Often, fixing this type of security issue takes multiple months, if done at all. We will tell about our own responsible disclosure experiences, which are both sad and funny.

Another risk are drivers in the operating system, whi...

Breaking Microsoft Edge Extensions Security Policies

Eliza (en)

Browsers are the ones who handle our sensitive information. We entirely rely on them to protect our privacy, that’s something blindly trusting on a piece of software to protect us. Almost every one of us uses browser extensions on daily life, for ...

But what is the reality when we talk about security of browser extensions.

Every browser extensions installed with specific permissions, the most critical one is host access permission which defines on which particular domains your browser extension can read/write data.

You might already notice the sensitivity of host permissions since a little mistake in the implementation flow would lead to a massive security/privacy violation.

You can think of this way when you install an extension that has permission to execute JavaScript code on https://www.bing.com, but indeed, it allows javaScript code execution on https://mail.google.com. Which means this extension can also read your google mail, and this violates user privacy and trust.

During the research on edge extensions, we noticed a way to bypass host access permissions which means an extension which has permission to work on bing.com can read your google, facebook, almost every site data.

we noticed using this flow we can change in internal browser settings, Further, we ware able to read local system files using the extensions. Also in certain conditions, it allows you to execute javaScript on reading mode which is...

Saturday 18:10


No roborders, no nation, or: smile for a European surveillance propagation

How an agency implements Fortress Europe by degrading Non-Europeans to second-rate people - Eliza (en)

Robots, Satellites and biometrical traps - more than a Billion Euro will be spent in 2021 for what they call "Border Security." The European Border and Coastguard, formerly Frontex, dreams of a fully automomus border surveillance system.

As a humanitarian & human rights organisation involved in sea rescue, we recognise however that the shift towards new technologies correlates with a shift away from basic human rights standards. The robots, satellites & co. are not used to make society safer & life easier but to spy on us and to deport people to torture in Libya.

At Sea-Watch e.V. we are involved in a non-profit initiative dedicated to the civilian rescue of refugees at sea. In view of the humanitarian disaster on the Mediterranean Sea-Watch provides emergency aid, demands and forces at the same time the rescue by the responsible European institutions and stands publicly for legal escape routes and open borders. We are politically and religiously independent and finance ourselves exclusively through donations.

At sea, we formerly cooperated with Frontex ships in rescues when they were still involved in live saving operations. Now we regularly observe them actually being involved in illegal refoulements, especially with our surveillance aircraft Moonbird.

Frontex was formerly an agency that advised governments on border control and did risk assessments on border crossings, it had basically a coordinating...

Offene Sensordaten für Jedermann - Ein Citizen Science Projekt basierend auf Open Source und Open Hardware

Dijkstra (de)

Der Talk soll die Geschichte der senseBox von Beginn bis jetzt wiedergeben. Dabei möchte ich vor allem auf unsere Arbeit im Bereich Open Source, Open Data, Open Hardware und Open Educational Resources eingehen. Die Motivation von Teilnehmern des s...

Mithilfe der senseBox, einem DIY Citizen Science Baukasten, kann jeder an der Forschung und Wissenschaft teilnehmen. Sei es durch die Messung von Umweltdaten, Analyse und Auswertung dieser Daten oder durch die Teilnahme an Diskussionen einer großen Community. Außerdem können Schülerinnen und Schüler durch die Nutzung von Open Educational Resources und einer visuellen Entwicklungsumgebung das Programmieren spielend erlernen. Dadurch wird nicht nur das Umweltverständnis, sondern auch die digitale Bildung gefördert.
Die Hardware der senseBox basiert auf dem Konzept von Arduino und enthält neben dem Microcontroller noch weitere Umweltsensoren. Jegliche Projekte, von einer einfachen Wetterstation über ein intelligentes Bewässerungssystem für den Garten bis hin zu einer Wasserqualität-Boje in der Nordsee, sind durch die offene Arduino Plattform umsetzbar. Das Rückgrat der senseBox ist die openSenseMap. Das Backend sammelt die gesendeten Daten der senseBoxen aber auch anderer Geräte. Sensoren zur Luftqualität von Luftdaten.info oder HackAIR sowie alle anderen Geräte können ihre Sensordaten zur offenen API der openSenseMap senden. Die Webanwendung ermöglicht Visualisierungen und Analys...

Framing digital industry into planetary limits and transition policies

The environmental costs of digital industry and pathways to sustainability - Clarke (en)

A lecture on the environmental impacts of digital industry today and how to think about and design digital tools with limited energy and resources.

In his lecture Gauthier Roussilhe summarises what we know today about the environmental impacts of digital industry. He addresses the sustainability of the current trajectory and how to think differently about digital industry.

Contesting the myths of dematerialisation and of the global village, he gives examples of digital web design based on CO2/energy budget rather than monetary budget. He also gives examples of digital tools that accept the materiality of their territory (geographical, infrastructures) to think of new digital uses.

Harry Potter and the Not-So-Smart Proxy War

Taking a look at a covert CIA virtual fencing solution - Ada (en)

In this talk we will take a look at the 'Vault 7' Protego documents, which have received very little attention so far, and challenge the assertion that Protego was a 'suspected assassination module for [a] GPS guided missile system ... used on-boa...

In March 2017, WikiLeaks published the 'Vault 7' series of documents detailing 'cyber' activities and capabilities of the United States' Central Intelligence Agency (CIA). Among a wide variety of implant & exploit frameworks the final documents released as part of the dump, related to a project code-named 'Protego', stood out as unusual due to describing a piece of missile control technology rather than CNO capabilities. As a result, these documents have received comparatively little attention from the media and security researchers.

While initially described by WikiLeaks as a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft', a closer look at the documents sheds significant doubt on that assertion. Instead, it seems more likely that Protego was part of an arms control solution used in covert CIA supply programs delivering various kinds of weapons to proxy forces while attempting to counteract undesired proliferation.

In this talk we will take a look at the Protego documents and show how we can piece quite a bit of information together from a handful of block diagrams, some build instructions and a few news articl...

Saturday 19:10


Listening Back Browser Add-On Tranlates Cookies Into Sound

The Sound of Surveillance - Eliza (en)

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. By translating internet cookies into sound, the ‘Listening Back’ browser add-on provides an audible presence for h...

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised. Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture. By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transpare...

Reflections on the New Reverse Engineering Law

Dijkstra (en)

Individuals conducting reverse engineering for research purposes face several legal issues arising from IP and competition law. The legislation has reacted by introducing a new law on trade secrets specifically allowing reverse engineering. While ...

Hardware Reverse Engineering (HRE) is common practice for security researchers in order to detect vulnerabilities and assure integrity of microchips. Following last years talk “Mehr schlecht als Recht: Grauzone Sicherheitsforschung” and from the standpoint of a research group regularly applying HRE, we asked ourselves about potential negative legal implications for our personal lives. Therefore, we consulted an expert who assesses the legal implications of our work.

For a long time, our law has solely protected the inventor of a product. Discovering the underlying technical details and mechanisms of, e. g. microchips, has been deemed illegal due to intellectual property (IP) protection laws. Only lately, the legislation has recognized the importance of cybersecurity that heavily relies on reverse engineering to find security gaps and malfunctions. Subsequently, Germany introduced a new trade secret allowing for the “observation, study, disassembly or testing of a product or object” in 2018. However, at this stage, several questions remain unanswered: Is it possible to restrict this freedom by, e. g. contractual agreements? How may the gained knowledge (not) be used? How do c...

The Inside Story: There are Apps in Apps and Here is How to Break Them

Break Isolation and Sandbox in the Instant Apps - Clarke (en)

With the rapid development of mobile internet, apps become more and more complex. However, their most used functions are limited to a few pages.

Enters instant app. It has many advantages over normal apps, such as click-to-play and concise desi...

In this talk, we will dive into a common architecture of instant app framework, and demonstrate attack models for it. Based on these attack models, we have reverse engineered top instant app frameworks. We will show how to bypass various kinds of sandboxing and restriction technologies to break isolations between instant apps.

These vulnerabilities could lead to sensitive information leakage, identity theft, account takeover and other severe consequences. During the study of Google Instant app, we also bypassed component access restrictions, which greatly expands attack surface.

These vulnerabilities and attack models affects more than 60% of Android devices and at least 1 billion users.

Finally, we summarize the root causes of these vulnerabilities at the architectural level and point out the potential attack points. We will also propose practical mitigation measures for specific vulnerabilities.

We hope we could make users and developers aware of the potential security risks while enjoying the convenience of instant apps. We also hope to make security community aware of this emerging new attack surface.

The sustainability of safety, security and privacy

Ada (en)

What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?

Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones. So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect. In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects. As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists.

Saturday 20:50


Die Mittelmeer-Monologe

Mediterranean Migration Monologues - Dijkstra (de)

Von Menschen, die den riskanten Weg übers Mittelmeer auf sich nehmen, in der Hoffnung, in Europa Sicherheit zu finden.

Nach 700 Aufführungen der Asyl-Monologe, Asyl-Dialoge und NSU-Monologe das neue Theaterstück von Autor und Regisseur Michael ...

Die MITTELMEER-MONOLOGE erzählen von den politisch widerständigen Naomie aus Kamerun und Yassin aus Libyen, die sich auf einem Boot nach Europa wiederfinden, von brutalen 'Küstenwachen' und zweifelhaften Seenotrettungsstellen und von Aktivist*innen, die dem Sterben auf dem Mittelmeer etwas entgegen setzen.

Diese Aktivist*innen überzeugen beim 'Alarmphone' die Küstenwachen, nach Menschen in Seenot zu suchen oder lernen auf der Seawatch, Menschen vor dem Ertrinken zu bewahren – kurzum sie tun das eigentlich Selbstverständlichste, was im Jahr 2019 alles andere als selbstverständlich ist: menschliches Leben zu retten!

"Die Monologe berühren, schaffen Nähe, machen wütend und benennen Wege, um sich persönlich zu engagieren. (...) Sie widersetzen sich der Entmenschlichung der Tragödie. (...) Im Mittelpunkt stellen sie die Geschichten der Betroffenen."

die tageszeitung, taz

Die Mittelmeer-Monologe sind dokumentarisches, wortgetreues Theater, basierend auf mehrstündigen Interviews. Dadurch werden reale Fälle der Seenotrettung rekonstruiert, erzählt aus der Perspektive von Betroffenen und Aktivist*innen.

Eines dieser realen Ereignisse zeigt die besondere Brutalität der "lib...

Algorithm | Diversion

Eliza (en)

Before media art has emerged, traditional art and dance are already applying algorithms to make sophisticated patterns in their textures or movements. Hieda is researching the use of algorithm through creation of media installations and dialog wit...

The Case Against WikiLeaks: a direct threat to our community

How to understand this historic challenge and what we can do to defend ourselves - Clarke (en)

The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant d...

We've been warning you about it for years, and now it's here. The talk will dissect the legal and political aspects of the US case against Wikileaks from an international perspective. It will describe the threats this prosecution poses to different groups and the key issues the case will raise. Most importantly, we will explain how we are still in time to act and change the course of history.

The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant dangers to the technical community, the trans community, to human rights defenders and anti-corruption campaigners everywhere.

If we don't take action now, the ramifications of this case will be global, tremendously damaging and potentially irreversible in times when the need to hold the powerful to account has never been more obvious. This is a historic moment and we need to rise to its challenge.

This talk will explain the legal and political aspects of the case against WikiLeaks, the reasons why Chelsea Manning...

Megatons to Megawatts

Military warheads as a source of nuclear fuel - Borg (de)

Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work?

Concerns during the cold war era mainly focused on the diversion of Uranium intended for commercial nuclear power towards usage in weapons. During the 1990s, these concerns gave way to a focus on the role of military Uranium as a major source of fuel for commercial nuclear power.

Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work?

In the late 1980s the United States and countries of the former Soviet Union signed a series of disarmament treaties to reduce the world's nuclear arsenals. Since then, lots of nuclear materials have been converted into fuel for commercial nuclear reactors.

Highly-enriched uranium in US and Russian weapons and other military stockpiles amounts to about 1500 tonnes, equivalent to about seven times the annual world Uranium mine production. These existing resources can be used instead of exploiting natural Uranium reserves, which are as limited as all other non-renewable energy sources. Uranium mining is a dirty, polluting, hazardous business which possibly could be stopped altogether if existing resources would be used instead.

This talk is a primer in nuclear physics with focus ...

KTRW: The journey to build a debuggable iPhone

Ada (en)

Development-fused iPhones with hardware debugging features like JTAG are out of reach for many security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones. We'll look at a way to break KTRR...

This talk walks through the discovery of hardware debug registers on the iPhone X that enable low-level debugging of a CPU core at any time during its operation. By single-stepping execution of the reset vector, we can modify register state at key points to disable KTRR and remap the kernel as writable. I'll then describe how I used this capability to develop an iOS kext loader and a kernel extension called KTRW that can be used to debug the kernel with LLDB over USB.

Saturday 22:10


BahnMining - Pünktlichkeit ist eine Zier

Ada (de)

Seit Anfang 2019 hat David jeden einzelnen Halt jeder einzelnen Zugfahrt auf jedem einzelnen Fernbahnhof in ganz Deutschland systematisch gespeichert. Inklusive Verspätungen und allem drum und dran. Und die werden wir in einem...

Die Bahn gibt ihre Verspätungen in "Prozent pünktlicher Züge pro Monat" an. Das ist so radikal zusammengefasst, dass man daraus natürlich nichts interessantes lesen kann. Jetzt stellt euch mal vor, man könnte da mal ein bisschen genauer reingucken.

Stellt sich raus: Das geht! Davids Datensatz umfasst knapp 25 Millionen Halte - mehr als 50.000 pro Tag. Wir haben die Rohdaten und sind in unserer Betrachtung völlig frei.

Der Vortrag hat wieder mehrere rote Fäden.

1) Wir vermessen ein fast komplettes Fernverkehrsjahr der deutschen Bahn. Hier etwas Erwartungsmanagement: Sinn ist keinesfalls Bahn-Bashing oder Sensationsheischerei - wer einen Hassvortrag gegen die Bahn erwartet, ist in dieser Veranstaltung falsch. Wir werden die Daten aber nutzen, um die Bahn einmal ein bisschen kennenzulernen. Die Bahn ist eine riesige Maschine mit Millionen beweglicher Teile. Wie viele Zugfahrten gibt es überhaupt? Was sind die größten Bahnhöfe? Wir werden natürlich auch die unerfreulichen Themen ansprechen, für die sich im Moment viele interessieren: Ist das Problem mit den Zugverspätungen wirklich so schlimm, wie alle sagen? Gibt es Orte und Zeiten, an denen es besonders hapert?...

Confessions of a future terrorist

A rough guide to over-regulating free speech with anti-terrorist measures - Eliza (en)

We will examine the European Commission’s proposal for a regulation on preventing the dissemination of terrorist content from as a radical form of censorship. Looking at the rationale and arguments of policy-makers in Brussels, we will discuss nor...

Fear of terrorism as a tool for dissent management in the society is utilised almost everywhere in the world. This fear facilitates the emergence of laws that give multiple powers to law enforcement, permanently raising threat levels in cities around the world to “code yellow”. A sequel of that show is now coming to a liberal democracy near you, to the European Union. The objective of the terrorist content regulation is not to catch the bad guys and girls, but to clean the internet from images and voices that incite violence. But what else will be cleaned from in front of our eyes with this law with wide definitions and disproportionate measures?

In the Brussels debate, human rights organisations navigate a difficult landscape. On one hand, acts of terrorism should be prevented and radicalisation should be counteracted; on the other, how these objectives can be achieved with such a bad law? Why are Member States ready to resign from judicial oversight over free speech and hand that power to social media platforms? Many projects documenting human rights violations are already affected by arbitrary content removal decisions taken by these private entities. Who will be next?

...

Creating Resilient and Sustainable Mobile Phones

Be prepared for the coming Digital Winter. And play Impossible Mission. - Clarke (en)

Civil society depends on the continuing ability of citizens to communicate with one another, without fear of interference, deprivation or eavesdropping. As the international political climate changes alongside that of our physical climatic environ...

In the humanitiarian sector we talk about how without energy there is no communications, and without communications there is no organisation, and how without organisation people die. As we see increasing frequency of natural disasters, man-made disasters like wars and unrest, and the distressing intersection of these events, we have been convinced that we need to be able to create mobile communications devices that can not only survive in such events, but be sustained in the long term, and into what we call the coming Digital Winter.

The Digital Winter is the situation where the freedoms to create and innovation digital systems will become impossible or highly limited due to any of various interrelated factors, such as further movement towards totalitarian governments, the failure of international supply systems (or their becoming so untrustworthy to be usable), the failure of various forms of critical infrastructure and so on.

Fortunately the Digital Winter has not yet arrived, but the signs of the Digital Autumn are already upon us: The cold winds chilling our personal freedoms can already be felt in various places. Thus we have the imperative to act now, while the fr...

Hacking Sony PlayStation Blu-ray Drives

Borg (en)

Xbox 360 video game console had a number of widely known hacks for firmware of its optical disc drives. However, it was never the case with Blu-ray disc drives of Sony PlayStation video game consoles. In fact, up until recently there was no much i...

In this presentation, I would like to share my journey of delving deep into internals and security of Sony PlayStation Blu-ray disc drives. As games are distributed within optical media, those embedded devices were intended to contain the best security possible. I will demonstrate a multiple hardware hacks and several software vulnerabilities that allowed to dump firmware and get code execution on multiple models of Sony PlayStation Blu-ray disc drives.

In this presentation, I will share the following:
1) I will provide in-depth analysis of vulnerabilities and their exploitation to achieve code execution on multiple models of Sony PlayStation Blu-ray disc drives
2) I will discuss problems that I’ve encountered while reverse engineering the firmware and how I solved (some of) them
3) I will talk about security features of Sony PlayStation Blu-ray disc drives
4) I will explain what engineers did right and how achieving code execution on the drive doesn’t lead to full compromise of security

Saturday 23:30


Open Code Verlesung

Lesung des öffentlichen Sourcecodes - Eliza (de)

Kommet zusammen Ihr Jüngerinnen der Bits und Bytes und hörtet die frohe Kunde des offenen Sourcecodes. Halleluhjaz!

Am Anfang stand das NOP.
Am Ende steht das NOPE.
Lasst euch verwirren von Interpunktion und Kommentaren.
Seid stark im Anblicke der zweiköpfigen Schlange!

Die Zeit ist reif den offenen Sourcecode zu predigen.
Kommet in Scharen! Bringet Kind und Kegel.
Für alle Altergruppen (geboren vor Greased Weasel, über Erotic Pickel Hering bis hin zu Sheep on Meth)

It’s alive! – Nach den Protesten gegen die Polizeigesetze ist vor den Protesten gegen die autoritäre Wende

Clarke (de)

Das Jahr 2018 stand ganz im Zeichen der bundesweiten Proteste gegen die Polizeigesetze. Und 2019? Es ist leiser geworden um noPAG, noPolGNRW & Co. Aber das Biest lebt!

Wir blicken zurück auf die Proteste, geben einen kurzen Überblick über Erfolge und Niederlagen unseres Widerstands und eine Vorschau auf die Schrecken, die sich am Horizont der Inneren Sicherheit abzeichnen. Außerdem erklären wir, warum die Bewegung gegen die Polizeigesetze auf keinen Fall sterben darf – und warum sie sich neuen Themen wie Klimaschutz, Antifaschismus und Antirassismus widmen muss.

Auf dem 3C35 rief Constanze Kurz dazu auf, auch 2019 gegen die bundesweit erfolgenden Verschärfungen der Polizeigesetze vorzugehen. Und tatsächlich sind dieses Jahr viele Menschen gegen die Gesetzesnovellierungen auf die Straße gegangen – aber das eigentliche Jahr der Proteste war 2018. Trotz der über Monate anhaltenden Demonstrationen und Aktionen in der gesamten Republik sind die Novellierungen in den wenigsten Bundesländern zurückgenommen wurden, und dort, wo Gesetzespassagen gestrichen und geändert wurden, handelte es sich meist um kosmetische Korrekturen. Dem allgemeinen Trend hin zu einer autoritären Wende in Sachen Innerer Sicherheit hat das keinen Abbruch getan, so unsere Ausgangsthese. Gleichzeitig sind viele der Bündnisse zerfallen, die Demonstrationen kleiner geworden, un...

ZombieLoad Attack

Leaking Your Recent Memory Operations on Intel CPUs - Ada (en)

The ZombieLoad attack exploits a vulnerability of most Intel CPUs, which allows leaking data currently processed by other programs. ZombieLoad is extremely powerful, as it leaks data from user-processes, the kernel, secure enclaves, and even acros...

The Meltdown attack published in 2018 was a hardware vulnerability which showed that the security guarantees of modern CPUs do not always hold. Meltdown allowed attackers to leak arbitrary memory by exploiting the lazy fault handling of Intel CPUs which continue transient execution with data received from faulting loads. With software mitigations, such as stronger kernel isolation, as well as new CPUs with this vulnerability fixed, Meltdown seemed to be solved.

In this talk, we show that this is not true, and Meltdown is still an issue on modern CPUs. We present ZombieLoad, an attack closely related to the original Meltdown attack, which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. Furthermore, we compare ZombieLoad to other microarchitectural data-sampling (MDS) attacks, such as Fallout and RIDL. The ZombieLoad attack can be mounted from any unprivileged application, without user interactions, both on Linux and Windows.

In the talk, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we d...

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

3 different RCE vulnerabilities on Ruckus Wireless access points devices. - Dijkstra (en)

Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and WiFi controllers, which resulted in 3 different pre-authentication remote co...

Presentation Outline:
This talk demonstrates 3 remote code executions and the techniques used to find and exploit them.
It overviews Ruckus equipment and their attack surfaces. Explain the firmware analysis and emulation prosses using our dockerized QEMU full system framework.
-Demonstrate the first RCE and its specifics. Describe the webserver logic using Ghidra decompiler and its scripting environment.
-Demonstrate the second RCE using stack overflow vulnerability.
-Lastly, demonstrate the third RCE by using a vulnerability chaining technique.
All Tools used in this research will be published.

Vehicle immobilization revisited

Uncovering and assessing a second authentication mechanism in modern vehicle immobilization systems - Borg (en)

Modern road vehicles are fitted with an electronic immobilization system, which prevents the vehicle from starting unless an authorized transponder is present. It is common knowledge that the security transponder embedded in the key fob should be ...

Nowadays, immobilizers play an essential role in the prevention of vehicle theft. Intended to raise the complexity of theft through the introduction of non-mechanical safety measures, immobilizers have always worked by the same basic principle: to disallow ignition until some secret is presented to the vehicle. Immobilizers gained popularity in the 1990s, as a consequence of legislation: the European Union, Australia and Canada adopted regulation in the nineties, mandating the use of electronic immobilization systems in passenger cars.

Immobilizers have shown to be highly effective in the effort to reduce theft rates. According to a 2016 study, the broad deployment of immobilization devices has lead to a reduction in car theft of an estimated 40% on average during 1995-2008. However, various tools are on the market to bypass electronic security mechanisms. Deployment of insecure immobilizer systems has real-world consequences: multiple sources report cars being stolen by exploiting vulnerabilities in electronic security, sometimes to extents where insurance companies refuse to insure models unless additional security measures are taken.

In modern cars, the ECM (Engine Con...

Saturday 00:50


Chaos Communication Slam

Ada (de)

Chaos meets Poetry Slam.
Der humoristische Dichterwettstreit mit Informatikhintergrund. Mitmachen ausdrücklich erwünscht.

Und keine Sorge, ein Poetry Slam hat nichts mit dem Ingeborg-Bachmann-Preis zu tun. Hierbei geht es um einen Wettkampf bei dem selbstgeschriebene Texte live vorgetragen werden. Prosa, Lyrik, lustige Geschichte, das ist eure Wahl. Erzählt von euren Sysadmin Lovestorys, WebDev-f*ckUps oder was auch immer euch auf der Seele liegt.
Für Kurzentschlossene bieten wir euch davor noch einen Crash Kurs in Slam Poetry an, damit auch ihr das Publikum begeistern könnt und mit in das Finale einzieht. Die Session findet ihr zeitnah im Event-Wiki. Auf dieser Seite findet ihr auch eine Adresse, um euch für das große Event anzumelden.
Durch den Abend begleitet euch das Slam-erfahrene Team der "Slamigans" aus dem Umfeld des Chaostreff Flensburg. Moderiert von Thorben Dittmar, früherer U20-Local aus dem Kühlhaus und ewiger zweiter Platz, stimmt das Publikum zusammen über die besten Beiträge ab. Das Siegertreppchen darf sich schon auf tolle Preise freuen.
Also schnell anmelden!


Sunday 11:30


Lightning Talks Day 3

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

Von Menschen radikalisiert: Über Rassismus im Internet

Ada (de)

Seit Jahren wird über den Einfluss des Internets auf die Gesellschaft diskutiert. Desinformationskampagnen in den sozialen Medien, russische Bots und Empfehlungs-Algorithmen hätten die Gesellschaft gespalten. Doch viele Unterstellungen lassen sich...

Connected Mobility hacken: digital.bike.23

Von E-Bikes in der Connected Mobility zur Entstehung eines nachhaltigen Open-Source-E-Bike-Projekts - Dijkstra (de)

Was haben E-Bikes mit Connected Mobility zu tun? Und ist so was wie LineageOS auch für Bike Computer möglich? Außerdem: wie lassen sich Cradle to Cradle Prinzipien auf E-Bikes anwenden? Der Vortrag gibt einen Einblick in die Rolle von E-Bikes in d...

Dank Vernetzung auf allen Ebenen soll Mobilität sicherer, umweltfreundlicher, humancentered etc. werden. Fokus ist natürlich der Automotive Bereich. Da wird entwickelt, was das Zeug hält. Aber was ist mit E-Bikes? Sie haben durch ihre On-Board-Komponentenvernetzung perfekte Voraussetzungen für Connected und Smart. Deshalb jagt ein Hardware- und Sofwareupgrade inzwischen das nächste. Detaillierte Userdaten landen auf den Servern der Hersteller, dank proprietärer Software aller relevanten Komponenten.
Der Vortrag beschäftigt sich im ersten Teil mit Connected Mobility und dem Stand der Technik bei E-Bikes - ein Fokus: Ihre Konnektivitätsoptionen und die Sensorvielfalt. Und es geht um Sinn und Unsinn des Technikeinsatzes.
Im zweiten Teil geht es um das eigentliche e-Bike-Projekt. Der Vortrag erzählt von den Eigenheiten der Fahrzeugkonstruktion inspiriert von Cradle to Cradle und den Stand der Dinge der IT – Open Source, Open Embedded und Open IoT - aus der Sicht einer Produktdesignerin, die keine Hackerin ist und gern alles offen und transparent entwickeln würde und anwender*innenfreundliche Applikationen sucht. Und er erzählt von der Idee den IT-Dschungel zu lichten: der Erstel...

Protecting the Wild

Conservation Genomics between Taxonomy, Big Data, Statistics and IT-Security - Eliza (en)

Conservation genomic approaches are crucial for establishing long-term sustainable conservation and management strategies for the protection of biodiversity and natural ecosystems. In this talk, the diverse and disparate fields of expertise and ac...

Natural ecosystems and biodiversity are lost at an alarming and accelerating rate due to anthropogenic (over-) exploitation, habitat destruction and climate change.

Conservation genomics promises to provide reliable and detailed insights into the current state of species and their interactions, as well as, the processes shaping their reactions to change. Such knowledge is urgently needed for forecasts of species’ responses under quickly and potentially unpredictably changing climatic and environmental conditions, as well as, sociopolitical changes and shifting patterns of economic (over-) exploitation. Conservation genomic insights will allow societies in dynamic contexts to come to adequate decisions and effective action in time.

Reliable, decisive and useful practical tools that are robust under real-world operational conditions are, for example, needed for genetic inventory and monitoring campaigns, by certification initiatives, for example in fisheries or forestry, and in forensic genetic case work enforcing legal protection.

The development and implementation of the building blocks for conservation genetic tools will involve the cooperation of experts, activists a...

A systematic evaluation of OpenBSD's mitigations

Clarke (en)

OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way.

OpenBSD's website advertises a secure and modern operating system, with cool and modern mitigations. But no rational analysis is provided: are those mitigations effective? what are their impacts on performances, inspectability and complexity? against what are they supposed to defend? how easy are they to bypass? where they invented by OpenBSD or by others? is OpenBSD's reputation warranted?

This talk aims at answering all those questions, for all OpenBSD's mitigations, because, in the words of Ryan Mallon:

Threat modelling rule of thumb: if you don’t explain exactly what you are securing against and how you secure against it, the answers can be assumed to be: “bears” and “not very well”.

All the research done for this talk is available on isopenbsdsecu.re

Sunday 12:50


Die Affäre Hannibal

Eine erste Bilanz - Ada (de)

Sie sollen den Staat schützen, sind aber selbst eine Gefahr: Soldaten und Polizisten, die sich in Chat-Gruppen organisieren und auf den „Tag X“ vorbereiten. Mit aufwändigen Recherchen hat ein Team der taz ein bundesweites konspiratives Netzwerk au...

Ein Elitesoldat des Kommando Spezialkräfte, der bundesweit Chatgruppen und einen Verein namens „Uniter e.V.“ gründet, in dem paramilitärische Trainings abgehalten werden.

Ein SEK-Polizist und Prepper, der knapp 60.000 Schuss Munition hortet, die aus Polizeibeständen entwendet wurden.

Männer, die Feindeslisten anlegen und offenbar planen, an einem „Tag X“ politische Gegner umzubringen.

Drei Schlaglichter auf die mehr als zwei Jahre andauernde „Hannibal“-Recherche der taz. Sie führte in viele Felder: Hinein in Verfassungsschutzbehörden und Bundeswehr; hinaus aufs Land zwischen Mecklenburg-Vorpommern und Baden-Württemberg; auf Facebook-Profile philippinischer Politiker und in Telegram-Chats deutscher Verschwörer.

Auf die Recherchen folgte Bestürzung, aber – zunächst – auch Belächeln. Sind diese Leute wirklich gefährlich oder doch bloß harmlose Spinner?

In diesem Talk geben zwei der ReporterInnen des taz-Teams einen Einblick in ihre Arbeit, berichten von Begegnungen mit Preppern mit Umsturzfantasien und Verfassungsschutzmitarbeitern, die im schwarzen Porsche Cayenne vorfahren. Sie berichten von Erfolgen bei der Online-Recherche und warum Hinfahren und an Türen klinge...

Build you own Quantum Computer @ Home - 99% of discount - Hacker Style !

Clarke (en)

Quantum technologies are often only over-hyped showed as threat for cybersecurity … But they also offer some opportunities to enhance the cybersecurity landscape . As an example, you may know that a quantum computer will be able to break RSA keys ...

Our goal : Bring the knowledge that Quantum computing works, explain how they make such power calculation at hardware level, is doable at home and will provide a new way to do secure computing and communication for the best of the humanity

Proposal Agenda
-Quantum computer 101 (one slide to be able to understand the basic of quantum mechanic w/o FUD)
-Why those Quantum computer are so powerful
-How to break things with quantum computers
-How to improve the security level of modern network with quantum technologies (Networking, blind quantum computing for 100%privacy in the cloud, cipher key security, quantum internet & more)
-How a Quantum computer based on Trapped ions technology works to do their magic super powerful calculation (at hardware level)
-How we build our own quantum computer hardware at home (in our military grade High Tech...Garage!) with hacker style & open source software
(Contain full video of the buildings of our Quantum computer)

Getting software right with properties, generated tests, and proofs

Evolve your hack into robust software! - Dijkstra (en)

How do we write software that works - or rather, how do we ensure it's correct once it's written? We can just try it out and run it, and see if it works on a few examples. If the program was correct to begin with, that's great - but if it's not,...

This talk is specifically about accessible techniques: Almost any program, function, or entity has a few interesting properties, and teasing them out will enhance your understanding of what is going on in your software. The next trick is to write out the property in your programming language. People with lots of time and budget can write down enough properties to form a complete specification of the security- and safety-critical parts of a system and prove that they hold for their system. In the talk, we'll instead focus on a dead-simple technique called QuickCheck. (Your programming language almost certainly has a QuickCheck library you can use.) QuickCheck - from the code describing the property - will automatically generate as many test cases as you want, run them, and produce counterexamples for failures. QuickCheck is amazingly effective at flushing out those corner cases that elude traditional unit tests. Finally, for simple properties of pure functions, we can also attempt a proof using simple algebra. The results are a wonderful feeling of satisfaction, and a sound sleep.

Provable Insecurity

where artifacts come from, and how constructive math may help - Eliza (en)

Cryptographic hash functions are everywhere, yet modeling the characteristics of their real-world occurrences is surprisingly complicated when trying to prove security. We argue how seemingly convenient features of doing classical math may make it...


Did you ever wonder why programmers use hash functions without keys while cryptographers only proved the implemented protocol secure for a hash function that is keyed? Did you ever want to have your passwords hashed using a random oracle for maximum security? If you are unhappy because it is possible to prove that a microkernel implementation can be proven to do what it is supposed to do, but your favourite cryptographic protocol cannot, then this talk may be for you.


We explore how the way we do classical math leads deviations between cryptographic functions and how they can be modeled in proofs, and what could be done about that.


We focus on questions like:



  • How we can be forced to worry about collisions that no one knows

  • How it can be that proofs in an exact science like math need to be interpreted

  • Why modern cryptographers cannot prove something under the assumption that "hash function X is secure" while programmers have to design their software like this

  • Whether "proving A" is always the same as "proving A"

  • How to reasonably measure precomputation complexity in cryptographic attack

  • And fina...

Sunday 14:10


Hacking the Media: Geflüchtete schmuggeln, Nazis torten, Pässe fälschen

Warum wir zivilen Ungehorsam und Subversion mehr brauchen denn je - Ada (de)

Ein lustiger Rückblick über die Aktionen des Peng Kollektivs.

Cop Map zu Polizeigewalt, MaskID zum Überwachungsstaat und Gesichtserkennung, Adblocker zur Werbeindustrie, CFRO zum Finanzsystem, Deutschland geht klauen zu Lieferketten und der Aufbau der Bewegung Seebrücke zur Entkriminalisierung der Seenotrettung sind nur ein Bruchteil der Aktionen, die seit dem letzten Besuch 2015 hier noch nicht präsentiert wurden.

Eine Tour de Force durch Momente zivilen Ungehorsams und Subversion, wobei wir uns selbst nicht zu ernst nehmen und vor allem darauf abzielen, mit den sozialen Bewegungen zusammen zu arbeiten.

Eine Stunde geballte Kommunikationsguerilla, lustige Medienaktionen, aber auch ein Einblick in mögliche Denkweisen und Aktionsmöglichkeiten, die andere machen können. Was ist heutzutage möglich und was ist vor allem nötig?

Wifibroadcast

How to convert standard wifi dongles into digital broadcast transmitters - Dijkstra (en)

This talk is about modifying cheap wifi dongles to realize true unidirectional broadcast transmissions that can transport digital data like HD drone video with guaranteed latency over a range of tens of kilometers. The talk will show the necessary...

Wifi as it is implemented in the 802.11 standard tries (as best as it can) to guarantee to a user the delivery of data and the correctness of the data.
To increase the chance of delivery, the standard includes techniques like automatic retransmission, automatic rate reduction, CSMA/CA. To guarantee correctness, the packets are using CRC sums. These measures are very useful in a typical 1-to-1 communication scenario. However, they do not adapt very well to a 1-to-n scheme (broadcast). Even in case of a 1-to-1 scenario the techniques mentioned above make it impossible to guarantee a latency and throughput of a transmission.

Wifibroadcast uses the wifi hardware in a mode that is very similar to the classic analog broadcast transmitters. Data will immediately be sent over the air, without any association of devices, retransmissions and rate reductions.
The data can be picked up by an arbitrary number of receivers that decode the data stream, repair damaged packages via software diversity and repair damaged bits via forward error correction.

The Wifibroadcast software is an easy to use Linux program into which arbitrary data can be piped. The same data will then appear on the...

HUMUS sapiens

Open Soil Research - Eliza (en)

HUMUS sapiens represents a compilation of soil explorations emerging from the networks of mikroBIOMIK, Hackteria, and Gasthaus – with the ambition to bring DIY (do-it-yourself) and DIWO(do-it-with-others) approaches as well as an open-source-ba...

Far more than just the dirt under our feet, soil is a truly complex and dynamic ecosystem. It is a constantly changing mix of minerals, living organisms, decaying organic matter, air, and water. It is the living skin of our planet, allowing new forms of life to come into being, incorporating the nutrients left there by organisms of the past. Soil is bursting with life and can be vastly different from one square centimeter to the next. From plants, earthworms, insects, and fungi to invisible amoeba, nematodes, algae, and bacteria – each creature provides their own essential role in the soil ecosystem. The shared nature of the soil habitat manifests not only through the highly interconnected so-called “soil food web” – which is mainly driven by microbial metabolism – but also in regard to humans and their dependence on the productivity of edible plants. It is this dependency that motivates Homo sapiens to manipulate natural ecosystems, while at the same time failing to understand them. Human impact on the soil, especially intensive agricultural practices (deforestation, overgrazing, use of agrochemicals, etc.) and urbanization, leads to compaction, loss of soil structure, nutri...

Cryptography demystified

An introduction without maths - Borg (en)

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encry...

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone, in particular by a non-technical audience. The talk will not require any understanding of maths or computer science.
This talk will cover the following topics:


  • What is encryption and what does it do?

  • What are the different kinds of encryption?

  • What is authenticity? Are authenticity and encryption related?

  • How can authenticity be achieved?

  • What are certificates for?

  • What is TLS and what does it do?


While covering the above topcis, I will not explain the technical details of common cryptographic schemes (like RSA, AES, HMAC and so on), in order to avoid keep this talk accessible to a broad audience.

Email Authentication for Penetration Testers

When SPF is not enough - Clarke (en)

Forget look-alike domains, typosquatting and homograph attacks. In this talk we will discuss ways of forging perfect email counterfeits that (as far as recipients can tell) appear to be coming from well-known domain and successfully pass all check...

Email security is poorly covered by a contemporary penetration testing curricula. In this talk I will argue that it leads to underreporting of email-related security issues during regular penetration tests or red team assignments. Getting clicks from (at least some) users is usually fairly easy, even with obviously fake domain names and email addresses, so penetration testers rarely need to do anything more fancy in order to achieve their objective.

While this highlights the need for user education, it misses common misconfiguration issues that might lead to much more devastating compromises and could instill false sense of security in (rare) cases that regular phishing attacks fail. Technically inclined users (such as developers, tech support or even SIEM analysts) are less likely than others to fall for phishing email originating from fake domain, but they are actually more likely to fall for email seemingly originating from real known-good source due to overconfidence.

In this talk we will see just how easy is it to send spoofed mail from arbitrary source address due to lack of protection for this scenario in original SMTP spec. We won't stop there however and our next ...

Sunday 16:10


Mensch - Kunst – Maschine

Mit künstlicher Intelligenz zu neuer Kunst zum kybernetischen Verstand - Dijkstra (de)

Kann künstliche Intelligenz Kunst erzeugen?
Können Menschen von künstlich intelligenten Systemen erzeugte Kunst verstehen? Ist Kunst ein Weg zu neuen Stufen eines kybernetischen Verstandes?
Der Stand der KI-Kunst ist keine Kunst oder keine KI....

Künstlich intelligente Systeme werden seit den 70er Jahren zunehmend in künstlerischen Schaffensprozesse einbezogen. Ob Computer auch autonom Kunst generieren können, ist keine Frage der Leistungsfähigkeit solcher Systeme, es wirft vielmehr die Frage auf, inwieweit tradierte Kunstbegriffe neu gedacht werden können. Die Beschäftigung mit KI und Kunst birgt im Vergleich zu laufenden KI-Debatten eine Reihe zusätzlicher Denkfreiheitsgrade: Sie ist erfahrbar! Gerade weil Kunst als Konzept schwierig zu fassen ist, uns gleichzeitig Künstlerisches inspiriert, zum Spekulieren, Träumen und Empfinden anregt, lässt sich vor diesem Hintergrund ganz anders über KIs und ihre Potentiale diskutieren. Unter Einbezug des technischen Standes derzeitiger Deep Learning Systeme und der eigenen künstlerischen Erfahrung werden diese Potentiale aufgefächert.
Wir stellen den Diskurs um Grundfragen zum Verhältnis Mensch-KI-Kunst neue Fragen diametral gegenüber:
Kann künstliche Intelligenz Kunst erzeugen?
Wie können wir Kunst von künstlich intelligenten Systemen verstehen?
Kann Kunst KI erzeugen und versteht das noch jemand?

Simon Hegelich (KI-Entwickler, Philosoph, Professor für Political Data Sci...

FinFisher, See You in Court!

Rechtsbrüche beim Export von Überwachungssoftware - Ada (de)

Die GFF hat gemeinsam mit Reporter ohne Grenzen (ROG), dem European Center for Constitutional and Human Rights (ECCHR) und netzpolitik.org Strafanzeige gegen die Geschäftsführer der Unternehmen FinFisher GmbH, FinFisher Labs GmbH und Elaman GmbH e...

Es liegen dringende Anhaltspunkte dafür vor, dass das Münchener Firmenkonglomerat die Spionagesoftware FinSpy ohne Genehmigung der Bundesregierung an die türkische Regierung verkauft und so zur Überwachung von Oppositionellen und Journalist*innen in der Türkei beigetragen hat.

Der CCC hat die Schadsoftware analysiert und veröffentlicht.

Degrowth is coming - be ready to repair

Eliza (de)

Der Diskurs um die "Digitalisierung" kann vor allem eines: Verheißen. Roboter befreien uns von mühsamer Arbeit, Effizienzsteigerungen sorgen von ganz allein für den Schutz von Umwelt und Ressourcen und Algorithmen erleichtern uns den Alltag. Dass ...

Der Vortrag zeigt Daten und Grafiken zum aktuellen und prognostizierten Ressourcen- und Energieverbrauch digitaler Technologien. Der Mechanismus des Rebound-Effekts kann dabei helfen, die komplexen Folgen der aktuellen technischen Entwicklung z.B. in Bezug auf Wachstum zu verstehen.
Degrowth ist eine politische Bewegung von Wissenschaftler*innen und Aktivist*innen, die gegen die Steigerungs- und Wachstumszwänge moderner Gesellschaften kämpfen. Mit welchen Argumenten begegnet die Degrowth Bewegung Wachstum aus einer ökologischen Perspektive? Und welche Anknüpfungspunkte für Ressourcenschonung gibt es in der Tech- und Maker-Bewegung?

Quantum Computing: Are we there yet?

An introduction to quantum computing and a review of the progress we made in the last 5 years. - Borg (en)

Five years ago I spoke about my work in quantum computing, building and running a tiny two qubit processor. A few weeks ago, Google announced a potentially groundbreaking result achieved with a 53 qubit quantum processor. I will therefore review t...

We will first dive into the basics of quantum computing and learn about quantum gates, fidelities, error correction and qubit architecture. We will then go through Google’s experiment and try to understand what they actually did and why it matters. We will then see what else we need to build a useful quantum computer, and discuss when that might happen.

No source, no problem! High speed binary fuzzing

Clarke (en)

Modern grey-box fuzzers are the most effective way of finding bugs in complex code bases, and instrumentation is fundamental to their effectiveness. Existing instrumentation techniques either require source code (e.g., afl-gcc, ASan) or have a hig...

Fuzzing is the method of choice for finding security vulnerabilities in software due to its simplicity and scalability, but it struggles to find deep paths in complex programs, and only detects bugs when the target crashes. Instrumentation greatly helps with both issues by (i) collecting coverage feedback, which drives fuzzing deeper into the target, and (ii) crashing the target immediately when bugs are detected, which lets the fuzzer detect more bugs and produce more precise reports. One of the main difficulties of fuzzing closed-source software is that instrumenting compiled binaries comes at a huge performance cost. For example, simple coverage instrumentation through dynamic binary translation already incurs between 10x and 100x slowdown, which prevents the fuzzer from finding interesting inputs and bugs.

In this talk we show how we used static binary rewriting for instrumentation: our approach has low overhead (comparable to compile-time instrumentation) but works on binaries.
There are three main techniques to rewrite binaries: recompilation, trampoline insertion and reassembleable assembly. Recompilation is the most powerful but it requires expensive analysis and ty...

Sunday 17:30


Human Rights at a Global Crossroads

Whistleblowers and the Cases of The Snowden Refugees and Edward Snowden - Ada (en)

An update on the circumstances of Mr Snowden and the Snowden Refugees will be provided at the 36C3 event and venue in December 2019. There have been many significant events and incidents during 2019.

Of these significant events is the major success of Vanessa Rodel and her daughter Keana being granted refugee status by Canada and resettled in Montreal, Canada in late March 2019. Vanessa’s journey to Canada will be discussed.

More significantly the issue of the Canadian government having left Supun and his family and Ajith behind in Canada has split up a family namely Keana in Montreal from her father Supun and siblings Sethumdi and Dinath in Hong Kong.

In further context of the emerging police state that Hong Kong has become and its arbitrary and disproportionate use of violence against protesters and innocent civilian bystanders and breaches of constitutional rights and under international law, this has re-traumatized The Snowden Refugees in Hong Kong and has put them all at heightened risk.

The lecture will cover the current global erosion and dismantling of international refugee and constitutional law by increasingly authoritarian democracies and loss of international protection for whistleblowers and those who protect whistleblowers. It will be discussed how this has impacted upon the cases of Mr Snowden and The Snowden Refugees.

#mifail oder: Mit Gigaset wäre das nicht passiert!

DECT is korrekt. - Dijkstra (de)

Seit 2018 betreibt Eventphone ein neues Telefonsystem auf den chaosnahen Events. Natürlich wird neue Soft- und Hardware sofort zum Forschungsgegenstand. Schnell gab es die üblichen Fragen: Wie funktioniert das genau? Ist das alles an Features? Kan...

Natürlich haben wir Antworten und möchten unser Wissen mit euch teilen. Es gibt einen Überblick über DECT, kaputte Crypto™ und was man mit Kreativität daraus machen kann. Unser Anspruch ist, dass wir es so erklären, dass alle Zuschauerinnen und Zuschauer ein bisschen mehr über DECT wissen und mindestens einmal gelacht haben.

Seit dem Easterhegg 2018 betreibt Eventphone das PoC (Phone Operation Center) mit neuer Hard- und Software. Wer ist Eventphone bzw. das PoC und was machen die? Neben vielen selbst entwickelten Komponenten nutzen wir eine DECT-over-IP-Lösung des kanadischen Telekommunikationsunternehmens Mitel. Wir geben euch eine Architekturübersicht der neuen Anlage und sprechen über Antennen, Software sowie Lizenzierung. Nachdem wir die größten Probleme, die wir mit dem alten System hatten, vollständig gelöst haben, schauten wir etwas genauer unter die Haube. Bei den ersten Analysen entdeckten wir einen unkritischen, aber witzigen Fehler, den wir euch zeigen wollen. Unser primäres Ziel war es, die Kompatibilität zu erhöhen, denn es gab einige Geräte, die trotz DECT-Standard nicht mit der Anlage funktionierten oder sich sehr sonderlich verhielten. Warum eigentlich? Wir f...

On the Edge of Human-Data Interaction with the Databox

Eliza (en)

In this talk I will report on Databox, the focus of a UK-based research collaboration between the University of Cambridge, the University of Nottingham, and Imperial College, with support from industrial partners including the BBC. Databox is an o...

We are all the subjects of data collection and processing systems that use data generated both about and by us to support many services. Means for others to use such data -- often referred to possessively as "your data" -- are only increasing with the long-heralded advent of the Internet of Things just the latest example. Simultaneously, many jurisdictions have regulatory and statutory instruments to govern the use of such data. Means to enable personal data management is thus increasingly recognised as a pressing societal issue.

In thinking about this complex space, we formulated the notion of Human-Data Interaction (HDI) which resulted in the Databox, a platform enabling an individual data subject to manage, log and audit access to their data by others. The fundamental architectural change Databox embodies is to move from copying of personal data by others for central processing in the cloud, to distribution of data analysis to a subject-controlled edge platform for execution. After briefly introducing HDI, I will present the Databox platform design, implementation and current status.

Thrust is not an Option: How to get to Mars really slow

Clarke (en)

In this talk we will see how chaos can be used to find very peculiar trajectories for space crafts within the Solar System. To understand this, we will also have a short look at the basics of orbital mechanics as well as three-body problems.

When traveling to Mars in a space craft, you want to find a compromise between flight duration and fuel consumption. One common trajectory for achieving this is the so-called Hohmann transfer which takes about 9 months from Earth and needs two maneuvers, both of which are accelerations!

Usually, when modeling movement of space crafts, one uses the Kepler model of two massive bodies attracting each other via gravitation. In case you have more time available for a space journey, however, you might consider a third body in your calculations. This introduces a very chaotic behavior, which you can use in turn to find very special trajectories that allow you to get to various places spending a lot less fuel. Unfortunately this will be much slower.

These special trajectories are called low-energy transfers and form a part of the so-called interplanetary transport network. There have been a handful of missions already using these trajectories, e.g. JAXA’s Hiten probe in 1990 and ESA’s BepiColombo which is en route to Mercury right now.

In this talk we will have a short introduction to the ever-surprising world of orbital mechanics followed by a discussio...

High-assurance crypto software

Borg (en)

Software bugs and timing leaks have destroyed the security of every Chromebook ECDSA "built-in security key" before June 2019, ECDSA keys from several popular crypto libraries, the Dilithium post-quantum software, the Falcon post-quantum software,...

Standard testing and fuzzing catch many bugs, but they don't catch all bugs. Masochists try to formally prove that crypto software does its job. Sadists try to convince you to do your own proof work and to let them watch. After years of pain, a team of fifteen authors has now proudly announced a verified crypto library: fast but unportable implementations of a few cryptographic functions specifically for CPUs that aren't in your smartphone. This is progress, but the progress needs to accelerate.

This talk will highlight a way to exploit the power of modern reverse-engineering tools to much more easily verify crypto software. This relies on the software being constant-time software, but we want constant-time software anyway so that we can guarantee security against timing attacks. Constant-time software is also surprisingly fast when cryptosystems are selected carefully.

This talk is meant as an introduction for a general audience, giving self-contained answers to the following questions: What are timing attacks? What is constant-time software? What are some examples of constant-time crypto? How can we be sure that code is constant-time? What do these reverse-engineering to...

Sunday 18:50


p2panda

Social, artistic & theoretical experiments with decentralized festivals - Eliza (en)

Festivals and events are organized by a small group of deciders. But what would Eris do? (chaos!) We will look at some of our experiences with decentralised festivals where every participant can truly participate, reflect on how they influence our...

This is a technical, artistic, theoretical reflection on how we use technology to run and experiment with decentralised festivals. VERANTWORTUNG 3000 (2016), HOFFNUNG 3000 (2017) and now p2panda are platforms and protocols to setup groups, festivals, gatherings, events or spaces in a decentralised, self-organised manner which allow us to raise questions on how we organise ourselves in our social, artistic & theoretical communities.

In this presentation we want to:


  • Show work and reflection processes of BLATT 3000 and Liebe Chaos Verein e. V. i. G. in Berlin on how technology informs art production and how these systemic "meta"-questions can be made the actual means of art, theory and discussion.
  • Introduce some technical key-concepts of the p2panda protocol and how offline-first, append-only data-types, user authorization through cryptographic keys are interesting for ephemerality, self-organization, non-individuality, decentralization and anonymity in art and theory production.
  • Present fictional ideas for festivals of the future.
  • Talk about pandas.

No Body's Business But Mine, a dive into Menstruation Apps

The Not-So Secret Data Sharing Practices Of Menstruation Apps - Clarke (en)

In September 2019, Privacy International released exclusive research on the data-sharing practices of menstruation apps. Using traffic analysis, we shed lights on the shady practices of companies that shared your most intimate data with Facebook a...

In this talk we will go over the findings of this research, sharing the tools we have used and explaining why this is not just a privacy problem, but also a cybersecurity one. This talk will also be a call to action to app developers whose tools have concrete impact on the lives of their users.

Does anyone – aside from the person you had sex with – know when you last had sex? Would you like them to know if your partner used a condom or not? Would you share the date of your last period with them? Does that person know how you feel on any particular day? Do they know about your medical history? Do they know when you masturbate? Chances are this person does not exist, as there is only so much we want to share, even with our most intimate partner. Yet this is all information that menstruation apps expect their users to fill.

With all this private information you would expect those apps to uphold the highest standards when it comes to handling the data they collect. So, Privacy International set out to look at the most commonly used menstruation apps to find out if that was the case. Using traffic analysis, we wanted to see if those apps were sharing data with third parties an...

Grow your own planet

How simulations help us understand the Universe - Dijkstra (en)

This year the Nobel prize in physics was awarded to three astronomers changing the understanding of the Universe and finding the first exoplanet. This is a good reason to dive into astronomy, numerics, and programming and to learn how modern astr...

In all ages people have gazed at the stars and tried to grasp the dimensions of the Universe and of the teeny-tiny marble we call our planet and wondered how unique it actually is. From the ancient geeks to Johannes Kepler to modern times we slowly advanced our understanding of the sky and the laws necessary to describe the orbits and evolution of all its objects. Nowadays computational power has greatly increased. So we can further our understanding of the Universe from basic, analytically computable orbits to the challenge of turbulent gas flows – only accessible with numerical simulations.

Let's go on a journey through space and compare the data we observe with breath-taking accuracy using instruments like ALMA, VLT, Gaia, and Hubble Space Telescope to numerical simulations now possible due to computer clusters, multi-core CPU and GPU-calculations. We want to explore the physics and numeric algorithms we need to comprehend the Universe and travel to the unexplained territory of problems we can not quite solve yet.

We present three state-of-the-art hydrodynamics programs:
PLUTO (by A. Mignone), FARGO3D (by P. Benítez Llambay and F. Masset) and AREPO (by V. Springel). Al...

Boeing 737MAX: Automated Crashes

Underestimating the dangers of designing a protection system - Ada (en)

Everybody knows about the Boeing 737 MAX crashes and the type's continued grounding. I will try to give some technical background information on the causes of the crash, technical, sociological and organisational, covering pilot proficiency, botch...

On the surface of it, the accidents to two aircraft of the same type (Boeing 737 MAX), which eventually led to the suspension of airworthiness of the type, was caused by faulty data from one of the angle-of-attack sensors. This in turn led to automatic nose-down trim movements, which could not be countered effectively by the flight crew. Eventually, in both cases, the aircraft became uncontrollable and entered a steep accelerated dive into terrain, killing all people on board on impact.

In the course of the investigation, a new type of flight assistance system known as the Maneuvering Characteristics Augmentation System (MCAS) came to light. It was intended to bring the flight characteristics of the latest (and fourth) generation of Boeing's best-selling 737 airliner, the "MAX", in line with certification criteria. The issue that the system was designed to address was relatively mild. A little software routine was added to an existing computer to add nose-down trim in situations of higher angles of attack, to counteract the nose-up aerodynamic moment of the new, much larger, and forward-mounted engine nacelles.

Apparently the risk assessment for this system was not commens...

Boot2root

Auditing Boot Loaders by Example - Borg (en)

The Achilles heel of [your secure device] is the secure boot chain. In this presentation we will show our results from auditing commonly used boot loaders and walk through the attack surface you open yourself up to. You would be surprised at how m...

Sunday 20:50


Welcome Pattern - Theorie und Praxis

(Eine Gemeinschaftsproduktion der Haecksen, der tuwat-Gruppe Bildung und Chaos Siegen) - Eliza (de)

In diesem Beitrag stellen wir die von der tuwat Gruppe Bildung erarbeiteten "Welcome Pattern" zum Empfang und Integration von Neuankömmlingen und ihre Anwendung in Siegens Hackspace "HaSi" vor.

Das Chaos setzt sich für Informationsfreiheit ein und behandelt die Auswirkungen von Technologie auf die Gesellschaft. Dabei machen wir sie zum Beispiel erfahrbar, testen ihre Grenzen und erklären unseren Mitmenschen und Interessierten, was gut und nicht so gut funktioniert. Zwischenzeitlich kommt da aber auch der Besucher mit dem kaputten Windows Vista, die neue Person, die schon beim ersten Besuch den Lasercutter anschmeißen will oder jemand, der den feinen Unterschied zwischen "cool" und "gar nicht mal so geil" nicht ganz verstanden hat.
Wir versuchen auf der einen Seite offen für neue Mitstreiter*nnen zu sein, müssen aber auch bestimmt auf unsere Regeln und ethischen Grundsätze hinweisen. Die tuwat Gruppe Bildung hat 2018 aus diesem Grund sogenannte 'Welcome Pattern' entwickelt. Schnell zu lesen sollen sie das Chaos unterstützen, sich offen zu zeigen, ohne davon überlastet zu werden. Sie sollen aber auch eine bessere Integration von Neuankömmlingen ermöglichen, ohne die Komplexität hinter der Hackerethik und Informationsfreiheit auszusparen. In diesem Vortrag stellen wir diese Muster vor und besprechen relevante Teile davon anhand ihre Anwendung im Chaos Siegen und seinen a...

Der netzpolitische Jahresrückblick

War alles schon mal besser - Borg (de)

IT-Sicherheitsgesetz 2.0, Staatstrojaner für den Verfassungsschutz, Uploadfilter und Leistungsschutzrecht, Plattformregulierung und Terrorpropaganda-Verordnung, dazu die Suche nach der künstlichen Intelligenz in der Blockchain – 2019 war ein ereig...

Was waren die Highlights aus digitaler Grundrechtsperspektive und wo gab es Einschnitte? Was haben wir im kommenden Jahr zu erwarten und auf welche Debatten und Gesetzesprozesse sollten wir uns als digitale Zivilgesellschaft konzentrieren?

Ursula von der Leyen ist jetzt EU-Kommissionspräsidentin und hat bereits in ihrer Bewerbung verschiedene netzpolitische Gesetzesprozesse angekündigt, die nicht nur aufgrund ihres Track-Records beachtenswert sind. Was erwartet uns bei der Debatte um eine Reform der Haftungsprivilegien und welche Möglichkeiten gibt es zur Plattformregulierung, ohne das offene Netz mit kaputt zu machen?

The Planet Friendly Web

Warum unser Web nachhaltiger werden muss und wie wir das anstellen! - Clarke (de)

Wo beginnt unsere Verantwortung bei der Gestaltung und Entwicklung einer Website und wo endet sie? Wusstest Du, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben? Beim Design einer Website oder We...

Auf unserer Erde gibt es viele Probleme, die es für unsere und zukünftige Generationen zu lösen gilt: Die globale Erwärmung und weltweiter Hunger sind nur einige davon.

In unserem privaten Alltag beschäftigen sich viele von uns schon sehr ausgiebig mit dem Thema Nachhaltigkeit und dem verantwortungsvollen Umgang mit Ressourcen. Wir achten darauf, dass unsere Schokolade FairTrade ist, dass unser Apfel vom Bauern aus der Region kommt oder das Fleisch aus verantwortungsvoller Tierhaltung stammt.

Aber wer weiß schon, dass für ein modernes Smartphone über 80 Kilogramm Natur verbraucht wird? Und wie viele von euch, die aktiv das Web gestalten, beschäftigen sich damit, es auch nachhaltiger zu machen? Oder wusstet ihr, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben?

In meinem Vortrag möchte ich euch zeigen, wie ihr auch im beruflichen Alltag, bspw. beim Konzipieren, Entwicklen, Designen oder Managen einer Website oder App, auf verantwortungsvollen Ressourcenverbrauch, besonders in Bezug auf den Energiebedarf, achten könnt. Auch die Fragen, wie ihr helfen könnt, das Web nachhaltiger zu machen, und was die Anforderungen an mod...

Infrastructures in a horizontal farmers community

Human agreements, comunication infrastructures, services in Campi Aperti, Bologna, Italy - Dijkstra (en)

We will analyze the approach to tecnology (decisional method, mesh network and cloud) of a farming community near Bologna: Campi Aperti.

Speaking about: human organization, connectivity, managing of a server, resources and incidents handler, fe...

Summarize the experience of this last 15 years of a group of farmers, the strong political impact about take care of the near territory, decide what grow and what eat and share this decisions with the consumers in the city, settled a method that is called "shared warranty", garanzia partecipata, for the organic vegetables, refuse the big distribution of the food and how this principles, with also some femminist ideas, can bring us to think in a different way our tech organizations and our tools. In the last 3 years the group Campiaperti and Genuino Clandestino, the italian network of self-managed farmers, started to make questions and solution about tecnologies and started slowly to mantain their services.

The One Weird Trick SecureROM Hates

Ada (en)

Checkm8 is an unfixable vulnerability present in hundreds of millions of iPhones' SecureROM. This is a critical component in Apple's Secure Boot model and allows security researchers and jailbreakers alike to take full control over the application...

This talk will detail how we built an iOS jailbreak from the ground up - quite literally - by using an use-after-free in Apple's SecureROM. This is key code which is designed to bring up the application processor during boot but also exposes a firmware update interface over USB called DFU.
By abusing this vulnerability it is possible to unlock full control of the application processor, including enabling debugging functionalities such as JTAG, helping security researchers look for security vulnerabilities in Apple devices more effectively.
We will analyse the root-cause and techniques used for exploitation, as well mention some of the hurdles we encountered while trying to turn this into a reliable jailbreak and plans for the future of this project.

Sunday 21:50


Art against Facebook

Graffiti in the ruins of the feed and the party-info-capital is emigrating - Eliza (en)

There is graffiti in the ruins of the feed and the event-info-capital is emigrating.

Currently Facebook has a tight grip on the cultural scene with its events-calendar and with Instagram as a spectacular image feed.

But an opposition is rising. Graffiti and net-art are merging with hacking. Activists are using facebook graffiti, through circulating UTF-8 textbombs that cross the layout of the feed.

The Berlin network Reclaim Club Culture meanwhile is calling for a Facebook Exodus. They want to motivate the club and cultural scene to support free alternatives, by moving their biggest information capital, which are the event announcements.

The Eye on the Nile

Egypt's Civil Society Under Attack - Dijkstra (en)

What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile.

Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned. Practicing their freedom of expression becomes especially dangerous under a regime that is constantly wary of attempts to spark a second revolution. Therefore, it would not be surprising to see surveillance-motivated attacks trying to go after those targets.

This talk will discuss how an opsec mistake made by a state actor gave us a rare insight into their long-term malicious activity, and the methods they were using to keep a close eye on possible internal threats within Egypt. Among our findings were attempts to gain access to victims' inboxes and monitor their correspondences, mobile applications hosted on Google's Play Store and used to track victims' communications or location, and more.

We will start by reviewing our investigation into the attackers' infrastructure, and will then go over the different attack vectors and previously undisclosed malicious artifacts used in this operation. Lastly, we will share how we were able to find and reveal the identities of this campaign's ...

Nutzung öffentlicher Klimadaten

Früher war mehr Schnee - Borg (de)

'In meiner Jugend war mehr Schnee!' oder 'Früher war es auch schon heiß!' könnte man so glauben, je nach Vehemenz des Ausrufs, oder man schaut halt nach.

Moderne Klimamodelle werden aus den lokalen Beobachtungen des Wetters gespeist. Durch die Verwendung historischer Daten vergangener Jahrzehnte werden aktuelle Modelle auch auf diesen Zeitraum ausgedehnt. Wir können also nachsehen, wie heiß es war oder wie tief der Schnee auf dem Weg zur Schule denn wirklich war. Dies ist auch dann möglich wenn die lokalen Aufzeichnungen selbst nicht immer online verfügbar sind. Zahlreiche staatliche und überstaatliche Organisationen stellen inzwischen die Produkte ihrer Klimamodelle, mit Einstiegshürden unterschiedlicher Höhe, für die Öffentlichkeit bereit. Der Verbreitungsweg dieser Daten variiert irgendwo zwischen csv Dateien auf öffentlichen FTP Servern, API Schnittstellen zum maßgeschneiderten Datenabruf (auch gerne mal von Magnetband) und thematisch fertig aufbereiteten Visualisierungen.

Dieser Beitrag zeigt eine kleine Auswahl an Diensten (z.B. Opendata des Deutschen Wetterdienstes, Land Data Assimilation System der NASA), die den Zugang zu globalen Klimadaten ermöglichen. Am Beispiel des European Centre for Medium-Range Weather Forecasts (ECMWF) und des Copernicus Climate Change Service werden sowohl API Zugriff zum Download der Daten...

Hacking (with) a TPM

Don't ask what you can do for TPMs, Ask what TPMs can do for you - Clarke (en)

Trusted Platform Modules (TPMs) are nowadays included in all consumer-grade devices. Whilst "the Trusted Platform Modules available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software...

TPMs provide several features. Most talked about are the capabilities to perform "attestations", i.e. to reliably determine the software (BIOS, OS, applications) that are running on a given system. Most commonly useful are its capabilities to act similar to a "built-in smartcard". It provides storage for keys and secrets on the device that can be protected by PINs, i.e. that are protected against bruteforce attacks. It further provides an encrypted swapping mechanism for such keys, enabling almost infinitely large storage for said keys.

With this range of features available at your average nerd's disposal, it would be a shame not to use them.

1. Securing your personal credentials
The most frequent application of TPMs stems from logging into other system. This includes ssh client logins or browser based https client certificates and becomes even more frequent when put into context with git+ssh, git+https, sftp or webdav. All these technologies and mostly all implementation support PKCS11 to allow storage of secrets on a smartcard. But SmartCards or Yubikeys require extra readers, occupy USB-slots, have to be carried around.

The tpm2-pkcs11 library allows anyone to seaml...

Hirne Hacken

Menschliche Faktoren der IT-Sicherheit - Ada (de)

Die überwältigende Mehrheit der erfolgreichen Hacks in freier Wildbahn setzen auf menschliche Faktoren. Wie können wir Systeme und Interfaces gestalten, um diese Schwachstellen zu mindern?

Ob Ransomware oder Phishing, APT-Angriffe oder Stalking: Die am häufigsten ausgenutzte Schwachstelle ist der Mensch.

Ein Problem, das nur wenig Forschung tatsächlich angehen will. Stattdessen begnügen wir uns damit, den Usern Dummheit zu unterstellen und menschliche Faktoren der IT-Sicherheit "out of scope" zu sehen.

Zeit, anders über das Problem nachzudenken, denn es gibt einige Interessante Erkenntnisse zu entdecken.

Neumann, Linus (2017): „Menschliche Faktoren in der IT-Sicherheit“ in: Ferri Abolhassan (Hg.) „Security Einfach Machen: IT-Sicherheit als Sprungbrett für die Digitalisierung“, p. 85-98
Neumann, Linus (2019): „Wenn Hacker Menschen hacken“ in: Report Psychologie 11/12.2018, p. 462-464

Sunday 22:50


Speaking Fiction To Power

Strategies and tactics to ‘hack’ public spaces and social conventions - Eliza (en)

Louise Ashcroft will talk through strategies and tactics she uses to ‘hack’ public spaces and social conventions in order to suggest new ways of living which challenge rules and hierarchies.

Louise Ashcroft is a performance artist and filmmaker whose playfully disruptive fieldwork in public spaces like shopping centres, trade fairs and the street) seek to challenge the socio-economic status-quo and reveal the absurdity of the power systems that govern how we live. For example, mailing boxes of soil from former public land to its new overseas owners, leading 'backwards shopping' workshops, smuggling strange products into supermarkets and attempting to buy them, or running conceptual cleaning services for people's hopes and dreams. Such public interventions are humorously retold in the form of stage performances. Louise has exhibited widely including at Arebyte Gallery, BQ Berlin, Latitude Festival, Supernormal Festival, Wellcome Collection, Museum of London and on BBC radio; residencies include Tate Learning, Camden Arts Centre, and Z.U.T Lisbon. Louise cofounded the free art school AltMFA and teaches art at Goldsmiths College. She hates capitalism but loves sneakers.

Das Bits&Bäume-Sporangium

8 Mikrokosmen, 8 Expert*innen, je 8 Minuten zu Digitalisierung und Nachhaltigkeit - Borg (de)

So wie Farnpflanzen ihre Sporen aus der Kapsel mit bis zu 10m/s heraus in die Welt katapultieren, auf dass sie dort auf fruchtbaren Boden fallen, werden unsere 8 Expert*innen ihr Nerd- und Fach-Wissen weitergeben – spektakulär, wirkungsvoll und un...

Bei der Bits&Bäume 2018 kamen Aktivist*innen der Tech-Community und jene der Nachhaltigkeitsrichtungen zusammen, um einander ihre Fragen und Lösungsansätze zu erklären, sie zu diskutieren und gemeinsam eine bessere Zukunft zu erdenken. Wichtiger Teil war dabei auch einzutauchen in die jeweilig anderen Mikrokosmen, einander abzuholen und die Schnittstellen zu finden. Das erste „Sporangium“ hat in diesem Sinne wichtige Themen beider Bereiche aufgegriffen. Für den C3 liegt nun der Fokus auf der Verbindung von Technologie und Nachhaltigkeit: Wie kann digitale Nachhaltigkeit, wie nachhaltige Digitalisierung aussehen?

Speaker*innen (A-Z...äh...V!):
* Anja Höfner – Das Märchen von der Dematerialisierung durch Technik
* Carina Haupt: Nachhaltige Softwareentwicklung (für weniger explodierende Raketen)
* Elenos Manifesti & der Chor der Vermummten: Wir fordern! Das Bits&Bäume-Manifest
* Isabella Hermann: Utopia Outer Space? Die Zukunft der Menschheit in Science-Fiction-Filmen
* joliyea – Raum für Wissen. Wo wir uns treffen, um die Welt zu retten
* Kathrin Henneberger – Ja, Klimakrise! Immernoch!!
* Lisa Passing: Ökostrom != Ökostrom. Down the green energy rabbit hole
* Vik...

Content take-downs: Who cleans the internet?

EU plans to swipe our freedom of expression under the carpet - Clarke (en)

The quest towards a “cleaner” internet continues – with “censorship machines” included in the EU Copyright Directive, upload filters proposed in the Terrorist Content Regulation, and numerous other initiatives to push dominant platforms to police ...

The next important battle for our rights and freedoms in the digital sphere is looming on the horizon. Policymakers wage war against “harmful” speech online, relying on the centralisation of the web around few platforms that function as “walled gardens”. Heated debates on upload filters recently took place around the copyright reform and the fight against online terrorist propaganda.

The next challenge for our freedom of expression online is a planned update to rules that deal with illegal and “harmful” content: E-Commerce Directive. E-Commerce was adopted two decades ago, but the way the internet looks like has drastically changed since. The amount of user-uploaded content has exploded, and few dominant platforms have an increasing impact on people’s rights and freedoms.
How does the current online landscape look like? What are the policy options the EU is facing in terms of platform regulation? How can we achieve human rights-compliant content moderation rules?

Warum 3D-gedruckte Kleidung NICHT die Zukunft ist

Dijkstra (de)

3D-gedruckte Kleidungsstücke finden sich mittlerweile auf immer mehr Laufstegen in der Modebranche. Der Herstellungsprozess erlaubt gänzlich neue Abläufe und die Chance, durch mehrfache Materialverwendung und Abfallreduzierung nachhaltiger zu prod...

Die Bekleidungsbranche ist eine der schädlichsten Industrien für unseren Planeten und unsere Gesellschaft. Additive Fertigungsverfahren scheinen eine Alternative zu umweltschädlicher Massenfertigung zu sein. Der Talk beantwortet Fragen nach Qualität und Nutzen 3D-gedruckter textiler Flächen und ob diese tatsächlich das Potential haben, die Bekleidungsindustrie nachhaltiger zu gestalten. Und ist es wirklich realistisch, dass wir bald alle zuhause einen 3D-Drucker stehen haben und uns morgens einen Pullover drucken?

15 Jahre deutsche Telematikinfrastruktur (TI)

Die Realität beim Arztbesuch nach 15 Jahren Entwicklung einer medizinischen Digitalstrategie - Ada (de)

Seit spätestens 2005 wird in Deutschland an der Einführung der Telematik Infrastruktur, kurz die TI, gearbeitet. Diese soll nicht weniger als die komplette Digitalisierung der deutschen Medizinbranche bedeuten. Vom Arzt, Krankenhaus, Psychotherape...

Mit Gründung der Gematik GmbH am 11. Januar 2005 begann die offizielle Entwicklung der Telematik-Infrastruktur (TI). Ziel war die Einführung einer elektronischen Gesundheitskarte mitsamt einer Infrastruktur, die langfristig alle Teilnehmer der Medizinischen Versorgung miteinander vernetzen sollte.
Der Arzt speichert alle Befunde samt Röntgen Bilder in der elektronischen Patientenakte (ePA) ab, kommuniziert verschlüsselt mit anderen Ärzten über die „Sichere Kommunikation zwischen Leistungserbringer“ (KOM-LE), der Medikationsplan ist digital verfügbar (eMP), das Rezept wird beim Apotheker digital eingelöst (E-Rezept) und im Notfall sind relevante Gesundheitsdaten (NFDM) auf der elektronischen Gesundheitskarte (eGK) des Patienten abgespeichert. So soll der digitale Arztbesuch der Zukunft aussehen.
Allerdings ist nach 15 Jahren Entwicklung und 2 Milliarden Euro Investitionen nur ein Dienst der TI online, das Versichertenstammdatenmanagement (VSDM). Damit können die Stammdaten des Patienten, bspw. Adresse und Krankenkasse online beim Arzt aktualisiert werden, ohne Austausch der elektronischen Gesundheitskarte.
Nachdem dieser Dienst nun eingeführt wurde sollen zeitnah die nächsten ...

Sunday 23:50


5G & Net Neutrality

Status of the Net Neutrality Reform in Europe - Clarke (en)

Three and a half years after Europe enshrined net neutrality in law, the protections for the open internet are being renegotiated. Europe finds itself in the middle of an immense lobbying battle about the legality of internet blocking, zero-rating...

The Body of European Regulators for Electronic Communication (BEREC) is currently reforming the net neutrality framework of the EU. The reform started in late 2018 and will come to a conclusion in March 2020. The talk will outline the full reform process and explain the issues the digital rights community is fighting for. A particular focus will be on the challanges that the next mobile network standard 5G brings to the net neutrality debate and what to expect from new technology aspects like network slices and edge computing.

Additionally, we will give insights into net neutrality enforcement throughout the European Union in the past three and a half years. This section of the talk is based on a comprehensive study which epicenter.works has conducted in 2019.

The Austrian digital rights NGO epicenter.works is a leading net neutrality advocate in the EU. Their campaign www.savetheinternet.eu followed the policy debate to enshrine net neutrality in law in the European Union and lasted from 2013 until 2016. Since then, the organisation has become a public watchdog on the regulatory enforcement of the rules and published extensive legal and technical analysis on net neutral...

Linux on Open Source Hardware with Open Source chip design

Dijkstra (en)

Want to run Linux on open hardware? This talk will explore Open Source Hardware projects capable of that task, and explore how RISC-V and free software FPGA projects can be leveraged to create libre systems.

This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform.

Drew will also talk about the importance of the RISC-V instruction set and free software FPGA toolchains. He will explore the options for running Linux on open source chip designs.

Aus dem Schimpfwörterbuch der neuen Rechten

Ada (de)

Der Vortrag gibt auf der Basis umfangreicher korpuslinguistischer Analysen einen Überblick über den Fundus herabwürdigender und ausgrenzender Ausdrücke, die in rechten und rechtsextremen Onlinediskursen geprägt wurden. In den tiefensemantischen St...

Das gesteigerte Maß an Ausgrenzung und gesellschaftlicher Polarisierung, das seit dem Wiedererstarken rechter Parteien und Denkweisen in Deutschland zu verzeichnen ist, ist nicht die einzige Errungenschaft, die wir den neuen Rechten zu verdanken haben. Sie haben auch den Wortschatz um ein schier unerschöpfliches Repertoire an Schimpfwörtern bereichert. Deren Spektrum reicht von unüblichen Verknüpfungen von Wortbestandteilen wie bei "Journhalunke" oder "GEZStapo", über die produktive Verfremdung von Eigennamen wie im Fall von "K(r)amp(f)-K(n)arrenbauer" oder "Merkill", Hyperbolisierungen wie "Superübergutbestmenschen" oder Satzkomposita wie "IchseheauswieeinkonservativerCSUKatholikundwerdedeshalbvondenganzenDeppengewähltweildasjanichtsoeinGrünerist" (Winfried Kretschmann) bis hin zu Gleichsetzungen zur Denunziation von Kritik wie in "Waffen=Rassismus=rächtz=Nazi=Gefahr=Erderwärmung".

Im Vortrag sollen zunächst die wichtigsten sprachlichen Strategien zur Bildung herabwürdigender Ausdrücke vorgestellt werden, ehe in einem zweiten Schritt der invektive Wortschatz zu einzelnen Politik- und Gesellschaftsbereichen in Auswahl präsentiert wird. Basis der Untersuchung bildet eine umfa...

Sunday 00:50


Hebocon

The sumo robot fight for the technically ungifted - Ada (en)

Let's build funny robots and let them fight each other as long as we are superior to them :) Please let's dishonor high tech and celebrate everything made out of stuff we usually throw away (and blinks).

Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious.

Everyone is invited to compete with a self-made robot, especially if you've never done that before. High-tech is penalized, creativity encouraged.

If you are interested, please send me a quick "sounds cool, maybe i'll build one" mail to honky@defendtheplanet.net or contact @honky in RocketChat.

We need at least 8 Robots to participate, if we have more, we'll bring this to the battlefield.


Monday 11:30


Lightning Talks Day 4

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki.

Gerechtigkeit 4.0

Makroökonomische Auswirkungen der Digitalisierung auf den Globalen Süden - Eliza (de)

In den gegenwärtigen Debatten um die Digitalisierung werden systemische und strukturelle Auswirkungen der Digitalisierung auf Entwicklungs- und Schwellenländer und damit verbundene potentielle Risiken und Herausforderungen bislang kaum betrachtet ...

Vom E-Commerce zum digitalen Handel
Vor 25 Jahren kaufte ein Internetnutzer aus Philadelphia, mit seiner Kreditkarte am Computer eine Audio-CD des Musikers Sting. Der elektronische Handel war geboren. Ein Jahr später ging Amazon mit seinem ersten Buch an den Start. Während in der Frühphase des E-Commerce vor allem materielle Güterverkauft wurde, kamen in der Folgezeit, aufgrund technischer Fortschritte, neue Produkte und Vermittlungswege hinzu. Eine Welt ohne digitale Dienstleistungen (wie der Fahrkartenkontrolle per App) und digital übermittelt Produkte (wie z. B. Video-Streaming) ist heutzutage nicht mehr vorstellbar. Mit der Verlagerung der gehandelten Güter von materiellen Produkten zu immateriellen wandelte sich auch die Begrifflichkeit. So verdrängte der Terminus des „digitalen Handels“ zunehmend den des „elektronischen Handels“.

Asymmetrische Einbindung des globalen Südens
Mit dem digitalen Handel und der Digitalwirtschaft werden häufig große Hoffnungen für den Globalen Süden verknüpft. Die Schaffung neuer, digitaler Märkte sei mit hohen Wachstumsraten verbunden, einhergehend mit einer Steigerung des Wohlstandes, behaupten nicht nur Tech-Konzerne, sondern auch Akte...

HAL - The Open-Source Hardware Analyzer

A dive into the foundations of hardware reverse engineering and our netlist analysis framework HAL - Ada (en)

Since the Snowden revelations the fear of stealthy hardware manipulations is no longer regarded as far fetched.
This fear is also reflected in the massive discussions sparked by last year's Bloomberg allegations on a supposed hardware spy implant...

Hardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system.
Use cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting.
However, HRE is a notably complex and cumbersome task which consists of two phases:
In the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device.
Such a netlist is equivalent to the binary in software reverse engineering (SRE).
In the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality.

However, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise.
Even with a recovered netlist, understanding its functionality is an enormously challenging task.
This is partly due to the lack of proper tools for netlist analysis:
While in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free.
To c...

Fairtronics

A Tool for Analyzing the Fairness of Electronic Devices - Clarke (en)

Electronic gadgets come not just with an ecological footprint, but also a human cost of bad working conditions and human rights violations. To support hardware makers who want to design fairer devices, we are building a software tool to easily dis...

The issue of human rights violations in the supply chains of electronics products is nowadays being broadly discussed. However, from the point of view of a hardware maker, it is difficult to exclude the possibiltiy of harm being done to workers in their supply chains due to their complexity and lack of transparency. At the same time, projects such as Fairphone and NagerIT demonstrate that improvements are, in fact, possible.

At FairLötet and the Fairtronics project, we try to support those who would like to improve the social impact of their products in taking the first step towards improvement. To this end, we are building a software tool which will provide a first estimate of the risks contained within a given design: circuit diagram in, analysis out.

The analysis shows the main social risks associated with the product, due to which components and materials they arise, and in what regions of the world the risks are located. This enables the user to understand where efforts towards sustainability should be concentrated, e.g. by making informed purchasing decisions or engaging with suppliers.

In this talk, you will learn about the risks associated with electronics, how ...

Monday 12:30


#NoPNR – Let’s kill the next Data Retention Law

How to Stop the Dubious Use of Passenger Name Records by Law Enforcement - Clarke (en)

The talk will address how passenger name records (PNR) of flight passengers are currently used by law enforcement throughout the European Union to track and identify suspects of a variety of crimes, how this is likely to be only a first step by th...

The PNR directive obliges all EU member states to process and save for five years all PNR data of passengers entering or exiting the European Union by plane. All member states have agreed to voluntarily extend this practice to all intra-EU flights as well. Subsequently, the data of hundreds of millions flight passengers are being checked against databases, generating vast amounts of false positives and futile infringements on passengers’ right to privacy. The data are also processed against “pre-determined criteria” which allows law enforcement to define “suspicious flight patterns”. The goal of this profiling of our travel movements is to find suspects among flight passengers that the authorities have never even heard of before. The system has no effective safeguards to prevent vast numbers of people from being falsely labeled as potential terrorists.

Member states are already planning to extend this practice to international buses, trains and ferries – even though the effectiveness of processing flight passengers’ PNR data has yet to be proven. By this logic, the next step would be to track rental cars, then all cars, then mobile phones, and finally getting rid of the crit...

Technical aspects of the surveillance in and around the Ecuadorian embassy in London

Details about the man hunt for Julian Assange and Wikileaks - Eliza (en)

The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019.

In the aftermath of Assange's expel from the ecuadorian embassy in London and his arrest based on a US extradition warrant evidence appeared that the "Security" measures of the embassy had at some point switched from protecting Assange and the embassy to an extremely detailled surveillance operation both against Assange and his visitors. The Spanish company "Undercover Global" that has been in charge of the embassy between 2015 and April 2018 and its owner and CEO is under investigation for spying on behalf of the CIA. Material from the second company that has taken over the embassy "Security" in April 2018 has found its way into an attempted extortion and is also subject to a legal investigation.

The talk will contain material both documenting the surveillance measures installed as well as audio and video material obtained by the surveillance gear. It will also briefly touch on surveillance measures experienced elsewhere by friends, lawyers, media partners and associates of Assange and Wikileaks in the context of the ongoing man hunt.

NGI Zero: A treasure trove of IT innovation

Resilient. Trustworthy. Sustainably Open. - Dijkstra (en)

The Next Generation Internet initiative is the first concerted effort in Europe to put significant public funding to hands-on work to really fix the internet. The long term vision of the...

NGI Zero Discovery and NGI Zero PET are a significant effort and ambitious effort by a large group of organisations led by NLnet foundation (that was instrumental in pioneering the early internet in Europe):

Monday 12:50


Understanding millions of gates

Introduction to IC reverse engineering for non-chip-reverse-engineers. - Ada (en)

Reverse Engineering of integrated circuits is often seen as something only companies can do, as the equipment to image the chip is expensive, and the HR costs to hire enough reverse engineers to then understand the chip even more so. This talk giv...

The talk will give a general overview of the research field and explain why companies are interested in reverse engineering ICs (IP overproduction, Counterfeits, Hardware Trojans), as well as why it’s important for an end user (IC trust, chip failure). Then, I will very shortly introduce the reverse engineering workflow, from decapsulating, delayering, imaging, stitching, image processing and then come to the focus: netlist abstraction. The idea is to show some methods which are currently used in research to understand what netlists represent. Some theory will be explained (circuit design, formal verification of circuits, graph theory…), but I want to keep this to a minimum. Finally, I will show some current ideas on how to make reverse engineering difficult, as well as some attacks on these ideas. The talk does not give insights into how large companies do reverse engineering (i.e. throw money at the problem), but rather show the research side of things, with some of the methods published in the last couple of years, which is something everyone can do at home.

Monday 13:30


Wohnungsbot: An Automation-Drama in Three Acts

A media-art project which automates the search for flats in Berlin and challenges automation narratives - Clarke (en)

At the center of Clemens Schöll's latest art project is the "Wohnungsbot" (flat-bot), which automates flat searching in Berlin. But it doesn't only try to search flats for everybody, it fundamentally questions power-relationships in (flat-searchin...

With increasing urbanization and financial speculation on the housing market the search for a flat in any big city has become an activity that consumes a lot of resources for people in need of housing: beyond the emotional load a significant share of your supposed leisure time is being consumed by repetitive tasks. Online platforms force us to refresh pages, scroll, click here, click there, look at a few pictures and eventually copy-paste our default text over and over again. If you're ambitious you maybe adjust the lessor's name or the street. But honestly, why do we do this? It could be so easily automated.

The 'automation drama in three acts' by media artist Clemens Schöll titled "Von einem der auszog eine Wohnung in Berlin zu finden" (Of someone who went forth to find a flat in Berlin) speculates about alternative strategies and narratives for both the housing market as well as automation itself. At the center of the multi-exhibition project stands the Wohnungsbot (literally: flat-bot), a free open source software to automate flat-searching and applications in Berlin, released to the public in June 2019.

But the Wohnungsbot is about much more th...

Jahresrückblick der Haecksen

Dijkstra (de)

In diesem Vortrag nehmen wir euch mit auf eine Reise durch das Haecksenjahr 2019.

Wir streifen kurz die deutsche Statistik über Femizide in Deutschland, bei der Deutschland sechst-schlechtestes Land im europäischen Vergleich ist. Femizide führen direkt zur Hexenverbrennung um ca. 1550. Viele Belege weisen darauf hin, dass die Verfahren zur Unterdrückung von Aufständen in der Bevölkerung gedacht und nicht einfach Effekte von Massenhysterien waren. Dann schwenken wir auf die positive Seite unseres Jahres um.
Wir geben euch eine Führung durch unsere Kunstgalerie (Briefmarken, Postkarten Memorials und mehr), zeigen Einblicke in ein Haecksen-Geekend und wie wir unsere 100 neuen von 292 Haecksen insgesamt integrieren und aktivieren.
Außerdem verraten wir euch, in welchen Chaos-nahen Gruppen sich Haecksen-Gruppen befinden und was sie dort in 2019 gemacht haben. Zusätzlich dazu haben sich Haecksen dezentral zu den Themen Klimawandel und die Effekte von Bias in Trainigsdatensätzen zusammengeschlossen.
Wir schließen mit der Vorstellung von NIFTI http://nifti.org als der neue zentrale Knotenpunkt der Gemeinschaft aller FNIT-Gruppen mit Interesse an Technik.
Und wir werden dabei unser 30jähriges Jubiläum feiern.

Monday 13:50


Unpacking the compromises of Aadhaar, and other digital identities inspired by it

Governments around the world are implementing digital identity programs that don't work - Eliza (en)

Aadhaar is India's national biometric identity database, with over one billion records comprising fingerprints, iris scans and basic demographic information. It is presented as identity technology, allowing an individual to identify themselves, bu...

This talk will demonstrate how Aadhaar's attempt to be a cure for all kinds of ailments has in fact resulted in large scale exclusion and fraud. We will look at a series of design assumptions in Aadhaar's architecture, the gaps in them, and then examples of how these gaps were exploited, from public news reports.

Aadhaar is often touted as a revolutionary technology that has simultaneously given identity to billions and realised substantial savings from fraud for the government. These utopian visions are finding buyers around the world. Jamaica, Morocco and Kenya have all adopted projects inspired by Aadhaar, and more countries are following suit.

Unfortunately, Aadhaar is not magic, and there is now an urgent need for a sober understanding to be taken worldwide.

The Kaarana project began in 2017 as a collaboration between programmers and lawyers, to document architectural assumptions and their impact on human rights. The project's findings were presented as evidence to the Supreme Court of India in 2018, and are acknowledged in a scathing dissent by Justice Chandrachud (September 2018). This dissent was in turn cited by the Supreme Court of Jamaica to shut down a biome...

Weichenstellung

In welcher digitalen Welt werden wir leben? - Ada (de)

Wir müssen jetzt entscheiden, in welcher digitalen Welt wir leben wollen.

Im Bereich des Datenschutzes und der Informationsfreiheit werden schwer umkehrbare Weichenstellungen vorgenommen, die weitreichende Konsequenzen für unsere Zukunft haben.
Als Bundesdatenschutzbeauftragter setze ich mich mit der Durchsetzung der Datenschutz-Grundverordnung, der Regulierung von Verbraucher-Scoring und -Profiling und der Weiterentwicklung des europäischen Datenschutzrechts auseinander.

Besonders beschäftigen mich dabei auch die Debatten um digitale Überwachung und massiv ausgeweitete Befugnisse der Sicherheitsbehörden.

Verkehrswende selber hacken

Borg (de)

Der Talk wird eine wilde Fahrt, vorbei an umfallenden Rollern, etwas Kunst mit Sharing-Daten, einer Shoppingtour aus Recherchegründen auf asiatischen Großhandelsplattformen, Sicherheitslücken in Fahrradschlössern, welche einen deutschen Bikesharer...

Der Markt der Mobilitätsangebote ist in den letzten Jahren immer schneller immer größer geworden.
Von einfachen Bikesharing-Rädern über E-Bikes, Lastenrädern hin zu Scootern bekommen wir in Großstädten immer mehr Möglichkeiten, ohne eigenes Gefährt trotzdem mobil zu sein.

Aber warum nur in Großstädten? Wie nachhaltig ist das? Warum brauche ich immer noch 20 Apps für jede Stadt? Wie sehen diese Sharingsysteme eigentlich technisch aus? Was passiert mit den Daten und was lässt sich mit ihnen anfangen? Und warum sollten wir Mobilität eigentlich risikokapitalgetriebenen Technologieunternehmen überlassen?

Daher bauen wir ein Open Source Bikesharingsystem: nicht profitorientiert und offen für alle, erprobt auf dem CCCamp19.

Monday 14:30


Hackers & makers changing music technology

Clarke (en)

I will explore the ways in which music is influenced by making and hacking, including a whistle-stop tour of some key points in music hacking history.

This starts with 1940s Musique Concrete and Daphne Oram’s work on early electronic music at the BBC, and blossoms into the strange and wonderful projects coming out of the modern music hacker scenes in London and Berlin, including a pipe organ made of Furbies, a sound art marble run, robotic music machines, gesture controlled moon cellos, and singing circuit sculptures. I'll also be sharing some of own work, plus my favourite new ways to make embedded instruments, including plenty of amazing Open Source hardware and software.

Aufbau eines Sensornetzes für die Messung von Stickstoffdioxid

Dijkstra (de)

Ausgehend von den behördlichen Messnetz für Stickoxide soll der Aufbau einer preisgünstigen Open Source Messstation für Stickstoffdioxid, inklusive Kalibrierung und der behandlung von Störenden einflüssen behandelt werden. Zusätzlich soll eine Web...

Spätestens seit dem Abgasskandal (Dieselgate) und den daraus resultierenden Fahrverboten für Dieselfahrzeuge ist eine öffentliche Debatte um Stickoxide (insbesondere Stickstoffdioxid (NO2)) als Luftschadstoff entstanden. Die Stickstoffdioxidbelastung in Städten und Gemeinden verunsichert viele Bürgerinnen und Bürger, denn einerseits ist der Schadstoff nicht wahrnehmbar und andererseits kann Stickstoffdioxid eine erhebliche Gefahr für die Gesundheit darstellen. In Deutschland existieren derzeit nur ca. 350 offizielle Messstationen für Stickstoffdioxid, so dass ortsspezifische oder sogar flächendeckende Angaben zur Luftschadstoffbelastung nicht möglich sind. Ein flächendeckendes Messnetz ist laut Gesetz auch nicht vorgesehen. Folglich können politische oder gerichtlich durchgesetzte Maßnahmen zur Verbesserung der Luftqualität auch nur dort stattfinden, wo Messwerte existieren. Da es gegenwärtig keine Bestrebungen gibt das öffentliche Netz an Messstationen auszuweiten, möchten wir mit diesem Vortrag einen Vorstoß unternehmen, die technischen Grundlagen zur Errichtung eines bürgerschaftlichen Messnetzes zu eruieren und für diesen Zweck konkrete Bauanleitungen und Informationsdiens...

Monday 15:10


Das Mauern muss weg

Best of Informationsfreiheit - Ada (de)

Mit immer neuen Gesetzen gewinnt die Exekutive in Deutschland an Macht und Ressourcen. Die öffentliche Kontrolle von Ministerien und Geheimdienste gerät ins Hintertreffen. Wir sprechen darüber, warum dank Anfragen und Klagen nach dem Informationsf...

Error 451

Wandel im Braunkohlerevier: Lithium-Ionen-Batterierecycling

Eine industrielle Perspektive für die Lausitz? - Borg (de)

Weltweit verlaufen die Entwicklungstrends des Markthochlaufs der Elektromobilität und die Weiterentwicklung relevanter Batteriefertigungs- und Recyclingtechnologien hoch dynamisch. Maßgebliche Faktoren für die Entstehung eines industriellen Batter...

Um nachhaltige Entwicklungschancen für die Lausitz im Zuge des Aufschwungs der Elektro-Mobilität abzuleiten, werden
• die endogenen Potentiale der Region analysiert,
• das zukünftige Altbatterie-Aufkommen und der technologische Entwicklungsstand des Li-Io-Batterierecycling aufgezeigt sowie
• die regulatorischen Rahmenbedingungen auf den Prüfstand gestellt.
Wir zeigen die offenen Flanken der Lithium-Ionen-„Batterierevolution“ auf, indem wir auch ihre Risiken diskutieren: Das Recycling der Lithium-Ionen-Batterien stellt sich demnach zukünftig als dringliche Notwendigkeit dar, denn

• die zu ihrer Herstellung erforderlichen Rohstoffe sind endlich,
• sie werden zum Teil unter Menschen unwürdigen Arbeitsbedingungen und mit erheblichen ökologischen Folgeschäden abgebaut,
• es ist eine sichere und verantwortungsvolle Entsorgung bzw. Wiederverwertung der Batterien, die hochgiftige Substanzen enthalten, zu gewährleisten.

Schließlich werden Handlungsempfehlungen für ein integriertes Entwicklungskonzept formuliert, die auf die Etablierung einer Kreislaufwirtschaft und Bottom-up Partizipation der Bevölkerung abstellen. Sie vermitteln Ideen, wie sich die Ansiedlung einer ...

Monday 16:10


36C3 Infrastructure Review

Borg (en)

36C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales. All graphs will be pointing up and to...

Security Nightmares 0x14

Was Sie schon immer nicht über darüber wissen wollten wer Ihre Geräte wirklich kontrolliert. - Ada (de)

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Was werden die nächsten Buzzwords sein und welche neuen Trends sind schon heute absehbar?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2020 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Wer hat sich letztes Jahr mit seiner AI gestritten? Und wie entwickelt sich das Berufsbild des Blockchain-Exorzisten weiter? Gibt es bald IT-Sicherheits-Wettervorhersagen im Fernsehen?

Monday 17:20