I’ve did a presentation at the “Gulaschprogrammiernacht” in Karlsruhe. This talk was about RFID/NFC-based payment systems that are often seen in university menses or company canteens. You typically pay with the student ID card or you employee badge, which is preloaded with money or linked to you monthly salary. The security of some of these systems is severely broken due to the usage of old and insecure RFID/NFC technologies. The talk contains some basics about those insecure RFID/NFC technologies and stories of broken systems I’ve analyzed in the past. Read more

Together with my colleague Matthias Deeg I’ve done some more research on wireless input devices. This is considered a follow up research to our previous work on wireless desktop sets. This time the focus was on presenters (aka presentation clickers) and Bluetooth keyboards. Again, we were able to find several security issues and presented them at Confidence in Krakow. Read more

With its online IT news platform “Heise online” and magazines like “c’t” Heise Medien GmbH & Co. KG is one of Germany’s biggest IT-related publisher. Therefore, I was happy when they offered me the opportunity to write some small articles, do an interview and even a video podcast. Back in 2017 they hand an article introducing an collection of “Hacking Gadgets” in c’t 18 /2017. Because the article was liked by its readers and there have been several new hacking gadgets/tools released since, they decided to make a new one. Read more

I’ve did a presentation on the basics of RFID/NFC from my (a pentester) perspective. Since several parties were interested, I gave the presentation twice, once at the “Gulaschprogrammiernacht” in Karlsruhe and once at the “IT-Sicherheitskonferenz” in Stralsund. The main goal was to explain how some of the RFID/NFC technologies work and what security issues there are. Read more

I’ve been invited to the Vector Cyber Security Symposium to talk about pentesting cars. Since the audience does not only consists of techies, this presentation I gave was rather basic. It aims at providing a better understanding of why pentesting is important and souled be done for cars. The general theme of the talk is “improving security by breaking it”. Read more

Together with my colleague Matthias Deeg I’ve done some research on several modern wireless desktop sets. All of the manufacturers claim they are secure because they encrypt data using AES 128. All keyboards and mice use a proprietary communication protocol (not Bluetooth), therefore we were interested in if they are really secure. The result of the analysis was presented at several IT security conferences including Ruxcon in Melbourne, Hacktivity in Budapest, ZERONIGHTS in Moscow, DeepSec in Vienna and hack.lu in Luxembourg. Read more

The “Gulaschprogrammiernacht” (GPN) is a congress organized by Entropia e.V. (CCC Karlsruhe). I presented my research about the security of the student card at this congress. The similar student card system is present at most German universities. At this point in time the system was very broken, mostly because of the usage of the insecure MIFARE Classic RFID tags. Read more