Schedule
Tracks


































































































































































 

Day 1
10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

06:00

06:30
Day 2
07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

06:00

06:30
Day 3
07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

06:00

06:30
Day 4
07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

Saal 1

38C3: Opening Ceremony (en)

Gabriela Bogk, Senficon

Glad you could make it! Take a seat and buckle up for a ride through four days of chaotic adventures.

Correctiv-Recherche "Geheimplan gegen Deutschland" – 1 Jahr danach (de)

Jean Peters

Vor einem Jahr veröffentlichte Correctiv die Recherche “Geheimplan gegen Deutschland”, die ein geheimes Treffen von Rechtsextremen, AfD-Funktionären und CDU-Mitgliedern enthüllte. Diese Enthüllung führte zu massiven Demonstrationen, während rechtsextreme Gruppen versuchten, das Geschehen zu relativieren. Die politische Reaktion blieb jedoch verhalten, und die AfD setzte die demokratischen Parteien weiter unter Druck. In diesem Vortrag gibt Jean Peters, leitender Reporter der Recherche, einen Überblick über die Recherchemethoden, analysiert den medialen Diskurs und zeigt zukünftige Perspektiven zur Berichterstattung über Rechtsextremismus auf.

"Natürlich bin ich 18!" - Altersprüfungen im Netz aus Datenschutzperspektive (de)

Aline Sylla, Carsten Adrian

„Um nach diesem Begriff zu suchen, dich auf dieser Website anzumelden oder dieses Video anzuschauen, halte bitte deinen Personalausweis bereit, damit wir dein Alter überprüfen können.“ Solche Aufforderungen könnten uns in Zukunft häufiger begegnen, denn immer mehr Websites wollen unser Alter wissen. Doch woher kommt dieses Interesse und ist das eigentlich zulässig? Gemeinsam setzen wir die Datenschutzbrille auf und gehen folgenden Fragen auf den Grund: Welche Methoden der Altersprüfung gibt es und wie funktionieren sie? Können oder sollten Methoden der Altersprüfungen eingesetzt werden und gibt es Fälle, in denen sie sogar eingesetzt werden müssen? Sind Datenschutz und Kinderschutz tatsächlich Gegensätze oder haben sie doch mehr gemeinsam, als oft vermutet wird? Und was sagt eigentlich die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) dazu?

Liberating Wi-Fi on the ESP32 (en)

Frostie314159, Jasper Devreker

Reverse engineering the Wi-Fi peripheral of the ESP32 to build an open source Wi-Fi stack.

Was lange währt, wird endlich gut? Die Modernisierung des Computerstrafrechts (de)

Florian Hantke, Prof. Dr. Dennis-Kenji Kipker

Die Reform des Computerstrafrechts ist längst überfällig. Die bestehende Gesetzgebung ist zunehmend veraltet und entspricht nicht mehr den Anforderungen unserer digitalen Welt. Spätestens seit der Veröffentlichung des aktuellen Koalitionsvertrags hat sich die Bundesregierung die Modernisierung dieses vielfach kritisierten Rechtsbereichs auf die Fahnen geschrieben. Doch was ist seitdem wirklich passiert? Wie sieht der aktuelle Stand der Reformbemühung aus? Was wird sich konkret ändern und welche Auswirkungen wird dies auf die Hacker-Community und die Sicherheitsforschung haben? Und wird das endlich gut?

Investigating the Iridium Satellite Network (en)

schneider, Sec

The Iridium satellite (phone) network is evolving and so is our understanding of it. Hardware and software tools have improved massively since our last update at 32C3. New services have been discovered and analyzed. Let's dive into the technical details of having a lot of fun with listening to satellites.

KLARHEIT ALS WAFFE (de)

lizvlx (UBERMORGEN), Luzius Bernhard

UBERMORGEN infiltriert Kunst, Medien und digitale Monokulturen mit subversiver Affirmation. Wie Donald Trump auch, zerstören sie täglich ihr Geschäftsmodell, um daraus radikal neue Lösungen zu schaffen. Anhand von Projekten wie Vote-Auction, Google Will Eat Itself und PMC Wagner Arts dokumentieren sie ihre künstlerische Evolution im Never-Ending Now. Chaos ist ihre Methode, Kunst ihre Neue Ehrlichkeit, Klarheit ihre Waffe.

BioTerrorism Will Save Your Life with the 4 Thieves Vinegar Collective (en)

Dr. Mixæl Swan Laufer

Governments have criminalized the practice of managing your own health. Despite the fact that for most of human history bodily autonomy, and self-managed health was the norm, it is now required that most aspects of your health must be mediated by an institution deputized by the state. Taking those rights back for yourself is then labeled "BioTerrorism". So be it. Let's learn how.

Der Thüring-Test für Wahlsoftware (de)

Linus Neumann, Thorsten Schröder

PC-Wahl war nur der Anfang.

Feelings are Facts: Love, Privacy, and the Politics of Intellectual Shame (en)

Meredith Whittaker

A debut of new research and analysis, focused on emotions and the affective register—love! shame! intimacy!

We've not been trained for this: life after the Newag DRM disclosure (en)

Jakub Stepniewicz, Michał Kowalczyk, q3k

You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent workshops. We reverse engineered them and found code which simulated failures when they detected servicing attempts. We presented our findings at 37C3… and then shit hit the fan.

Desiring Technology. Über Porno, Abhängigkeit und Fortschritt (de)

Arne Vogelgesang

Eine wachsende Zahl von Menschen eignet sich ihre empfundene Abhängigkeit von digitaler Pornografie als mystischen Fetisch an – sie konsumieren ihren Konsum. Was ist Gooning, wie hat es sich entwickelt und was kann es uns über unser Verhältnis zu Medientechnologie im weiteren Sinn erzählen?

Fnord-Nachrichtenrückblick 2024 (de)

Atoth, Fefe

Wir zeigen euch die Fnords in den Nachrichten des Jahres.

Illegal instructions by legals - Anweisungen für den anwaltlich begleiteten Rechtsbruch (de)

Vera Keller, Vivian

Tracker an Tiertransporter, Kameras vor einer Steueroase, Veröffentlichungen von Verschlusssachen, Frontex verpetzen oder sich selbst verpetzen lassen, Menschen in Seenot retten. Zwei Anwältinnen, die Recht(sbruch) studiert haben, teilen mit euch ihre Erfahrungen aus juristischer out of Action preparation, Whistleblowing-Schutz und Anti-Repressions-Arbeit.

Digitalisierung mit der Brechstange (de)

Anne Roth

Fünf Prozent der Bevölkerung im Alter von 16 bis 74 Jahren in Deutschland sind offline. Dafür gibt es verschiedenen Gründe: Manche wollen nicht ins Netz und manche können nicht. Dennoch gibt es zunehmend auch öffentliche Dienstleistungen nur noch digital. Das wäre kein Problem, wenn gewährleistet wäre, dass alle Zugang zu Geräte, zum Netz und die nötige Unterstützung haben, um die Angebote nutzen zu können. Und wenn wir darauf vertrauen könnten, dass unsere Daten dort sicher sind. Solange beides nicht gegeben ist, darf niemand ausgeschlossen werden, weil der Zugang fehlt.

Erpressung aus dem Internet - auf den Spuren der Cybermafia (de)

Ciljeta Bajrami, Svea Eckert

Manchmal sind es tausende, manchmal sind es zehntausende von Euros, um die vor allem junge Männer aus Deutschland bei Onlinescams betrogen werden. Die Scham ist zu groß, um darüber zu sprechen, schließlich ist „Mann“ selbst schuld daran. Es geht um Erpressung mit Nacktfotos, Liebes-Fallen und zweifelhafte Investments, die auf dem Vormarsch sind. Der Vortrag folgt den Spuren der Täter:innen und enthüllt eine prosperierende Scam-Industrie in Asien, fest in den Händen der chinesischen Mafia.

Wann klappt der Anschluss, wann nicht und wie sagt man Chaos vorher? (de)

Theo Döllmann

Gut 1 Mrd. Datenpunkte zu Zugfahrten, wie kann man damit das Zugfahren verbessern? Wir versuchen, die Zuverlässigkeit von Zugverbindungen vor der Buchung zu prognostizieren.

Fearsome File Formats (en)

Ange Albertini

The specs are enough, they said … yeah right. 10 years after 31c3's "Funky File Formats" … Have things improved?

Der CCC-Jahresrückblick (de)

Constanze Kurz, erdgeist, kantorkel, khaleesi, Linus Neumann

Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2024 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden.

Hacking yourself a satellite - recovering BEESAT-1 (en)

PistonMiner

In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain in orbit for at least another 20 years, recovering the satellite and updating the flight software would enable new experiments on the existing hardware. However, in addition to no access to telemetry, the satellite also has no functional software update feature. This talk will tell the story of how by combining space and computer security mindsets, the fault was correctly diagnosed without telemetry, software update features were implemented without having them to begin with, and the satellite was recovered in September of 2024.

Fake-Shops von der Stange: BogusBazaar (de)

Kai Biermann, kantorkel

Du bestellst im Internet? Natürlich bestellst Du im Internet. Aber dieses Mal wird Deine Ware nicht geliefert. Stattdessen sind Dein Geld und Deine Kreditkartendaten nun in China. Das ist BogusBazaar. Wir teilen unsere Einblicke in die Arbeitsweise dieser Bande.

BlinkenCity: Radio-Controlling Street Lamps and Power Plants (en)

Fabian Bräunlein, Luca Melette

A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can potentially also be abused to destabilize it by remotely toggling energy loads and power plants. In this talk, we will dive into radio ripple control technology, analyze the protocols in use, and discuss whether its weaknesses could potentially be leveraged to cause a blackout, or – more positively – to create a city-wide Blinkenlights-inspired art installation.

Wie fliegt man eigentlich Flugzeuge? (de)

Christian Lölkes, kleinsophie

Etwas wie die "Sendung mit der Maus", dafür mit tiefer fachlicher Ausführung und allen Details. Es handelt vor allem um Technik und Abläufe, die man als Laie oder Fluggast nicht sehen und wissen kann.

KI-Karma next Level: Spiritueller IT-Vertrieb (de)

Katharina Nocun

Der IT-Vertrieb ist ein Feld voll dorniger Chancen. Ein Grund mehr, gemeinsam von innovativen Branchen in Form von "Neuen Religiösen Bewegungen" (Sekten) zu lernen, um unseren erwachten beruflichen Neustart zu pitchen.

0, 1 oder 2 - Hackerei und Cyberbrei (de)

Erisvision

Der Quizshow-Klassiker für die ganze Chaosfamilie: Bei uns sind nicht nur pfiffige Hacker:innen, sondern auch flinke Beine gefragt. 0, 1 oder 2? Wer es weiß, ist dabei! Nur echt mit dem Kamera-Nerd!

Gefährliche Meinung – Wenn Wälder brennen und Klimaaktivist*innen im Knast sitzen (de)

Samuel Bosch

Eine Geschichte über den Kampf für Walderhalt in der Klimakrise, die unnötige Erweiterung eines klimaschädlichen Stahlwerks und einer vermutlich illegalen Genehmigung für eine vorgezogene Rodung. Wie wir dafür ins Gefängnis kamen. Und wie das Bundesverfassungsgericht die Gefängnisleitung zwang, mich vorzeitig wieder zu entlassen. Aktivistische Kritik buchstäblich an der zuständigen Bezirksregierung endete in einem Gerichtskrimi durch die AugsburgerJustiz, die sich nach wie vor entschlossen zeigt, die laut Bundesverfassungsgericht besonders geschützte Machtkritik der Aktivist*innen möglichst hart zu bestrafen. Ein Vortrag über den kreativen Umgang mit Repressionen mit Einblicken hinter die Gefängnismauern. Vom Kampf der Augsburger Justiz gegen kreativen Protest für den Erhalt der Lebensgrundlagen. Memes inklusive.

Robot Uprising: a story-driven AI robotics experience (en)

Juho Kostet, Karim Hamdi, Katarina Partti

It's the 2040’s. The dusty skyline of Helsinki is covered with vertical buildings reaching for the clouds. Autonomous drones deliver messages and items from layer to layer while robots maintain the aerial pathways across buildings. A sense of tension hangs in the air. Somewhere beneath the surface, hackers and corporates wage war over AI. Will they be able to master it, or will the City succumb to a dark technology? **Perhaps you can change the fate of things?**

Databroker Files: Wie uns Apps und Datenhändler der Massenüberwachung ausliefern (de)

Ingo Dachwitz, Katharina Brunner, Sebastian Meineck

Databroker verschleudern unsere Daten. Über einen Datenmarktplatz konnten wir 3,6 Milliarden Handy-Standortdaten aus Deutschland ergattern. Darin fanden wir detaillierte Bewegungsprofile, unter anderem von Geheimagent:innen, Soldat:innen und hochrangigen Regierungsbeamt:innen. Hier hört ihr die absurde Geschichte, wie einfach solche Daten zu haben sind, was den zügellosen Datenhandel so gefährlich macht – und wie wir gemeinsam für eine Lösung kämpfen können.

Ein unmoralisches Angebot: Wie wir unsere Communities vor ideologischen Zugriffen schützen (de)

elenos

In beschleunigten Krisenzeiten wächst mit der Überforderung auch die Sehnsucht nach einer klaren Ordnung: Weltbilder, die das Chaos auf ein moralisch aufgeladenes "Entweder-Oder" reduzieren. Mit dieser binären Logik werden alle Lösungen, die das "Sowohl-als-auch" denken, abgemäht. Die verheerende Folge: zwischen aufgeheiztem Lagerdenken, Positionierungsdruck und Rhetorik von individueller Schuld und Scham ist kein kollektives Handeln mehr möglich. Der Talk macht das unmoralische Angebot eines universalistischen und anwender*innenfreundlichen „Security-Updates". Eine Empfehlung, auf was wir dringend achten sollten, um unser Netzwerk handlungsfähig zu halten.

Eat the Rich! Die Menschen wollen soziale Sicherheit, aber kriegen „Deutschland den Deutschen“. Holt das Geld bei den Reichen! (de)

Helena Steinhaus

Bezahlkarte bald auch für Bürgergeld-Empfänger*innen, verschärfte Sanktionen, Pauschale für die Kosten der Unterkunft, weniger Regelsatz, Umzugszwang, verschärfte Zumutbarkeitsregelungen für Arbeitsangebote und Komplett-Überwachung: Die Debatte über das Bürgergeld ist völlig durchgedreht. Was kommt noch auf uns zu? Und wie kommen wir aus der Hetz-Spirale wieder heraus?

Can We Find Beauty in Tax Fraud? (en)

martin

What do Olaf Scholz, blue ikea bags, Moldova, Deutsche Bank, fine art, and Butyrka Prison have in common? Join us for a brief stroll through the hidden, shady world of large-scale tax fraud, cross-border financial crime, money laundering, and corruption. We’ll examine both common and lesser-known financial exploits, drawing on revelations from journalists, activists, and investigators over the last few decades.

KI nach dem Kapitalismus: Hat ChatGPT in der besseren neuen Welt einen Platz? (de)

Malte Engeler, Sandra Sieron

Unsere Welt funktioniert nur, wenn sich immer neue Bereiche finden, in denen Profite erbeutet werden können. Nach Blockchain, Metaverse und Web3 ist "Künstliche Intelligenz" die neueste Wette der Tech-Investoren auf kräftige Gewinne. Ob "KI" tatsächlich irgendeinen gesellschaftlichen Wert hat, ist dabei völlig nebensächlich. Was tun wir also mit "KI" nach dem Kapitalismus? Brauchen wir Large Language Models überhaupt in einer Welt, die radikal auf Kooperation statt Konkurrenz, auf Bedürfniserfüllung statt Profit und auf Solidarität statt Privateigentum basiert?

Knäste hacken (de)

Lilith Wittmann

In Deutschland sitzen über 40.000 Menschen im Knast. Weitgehend ohne Zugang zu digitaler Infrastruktur - außer einem Telefon. Wir schauen uns die Systeme an, die sie nutzen dürfen und in denen sie verwaltet werden.

Das IFG ist tot – Best of Informationsfreiheit, Gefangenenbefreiung & Machtübernahmen (de)

Arne Semsrott

Die Versprechungen waren groß: Blühende Transparenz-Landschaften, Mitbestimmung, Korruptionsprävention, De-mo-kra-tie! Das Informationsfreiheitsgesetz sollte den deutschen Staat besser machen. Nach Jahren schlechter Verwaltungspraxis, schlechter Gerichtsurteile und schlechter Politik ist es in wichtigen Teilen aber nutzlos geworden. Das zeigt sich vor allem, wenn man sich Szenarien einer antidemokratischen Regierungsübernahme vorstellt - die Transparenz wäre als erstes hinüber, der Boden dafür ist schon bereit. Was tun?

Postpartum Punk: make space for unfiltered creativity (en)

-, Ania Poullain-Majchrzak

After years as a journalist and filmmaker covering topics like crypto, holocaust and showbiz, everything changed for me 3 years ago after the birth of my daughter. While I haven't planned to be a mother, I decided to keep this pregnancy at 41, however this grass turn out to be too high for lawn mower – I was ready to go for a rave, not to be locked in a baby dark room for 3 years. I felt like my brain had been reprogrammed overnight. The analytical mindset I once relied on—quick to analyse, explore, and understand complex topics—seemed to vanish, replaced by a simpler, instinct-driven state that prioritized pure survival and nurturing yet mixed with unhinged chaos, aux naturelle psychedelic downloads plus no sense of inhibition or fear of being seen. Hand cuffed to a rainbow I was gazing at the black clouds. Despite the shock at this involuntarily IQ transplant, I quickly realised this new mind-tool-set was all in all fulfilling and liberating. I became my own fire brigade with an alternative emergency strap-on. Without the pressure to think analytically, I began channelling this raw energy into my joke band PUShY PUShY PUShY, creating what I now call postpartum punk movement. The idea caught on – this summer we have been featured in the Guardian and The New Yorker. This fuels my missionarism towards another level: how can we embrace this wild, intuitive mindset, not only as parents but as people? And could new technologies help us experience or even learn from this state?

Pyrotechnik – ist doch kein Verbrechen!? (de)

bijan, felix

Feuerwerk erregt die Gemüter - und das seit mehreren hundert Jahren. Wir beleuchten für euch technische, kulturelle und gesellschaftspolitische Aspekte eines der faszinierenderen und gleichermaßen umstritteneren Phänomene unserer Zeit.

Hacker Jeopardy (en)

Ray, Sec

The Hacker Jeopardy is a quiz show.

From Simulation to Tenant Takeover (en)

Vaisha Bernard

All I wanted was for Microsoft to deliver my phishing simulation. This journey took me from discovering trivial vulnerabilities in Microsoft's Attack Simulation platform, to a Chinese company to which Microsoft outsourced its support department that wanted all my access tokens. I finally ended up hijacking remote PowerShell sessions and obtaining all data from random Microsoft 365 tenants, all the while reeling in bug bounties along the way.

Ten Years of Rowhammer: A Retrospect (and Path to the Future) (en)

Daniel Gruss, Florian Adamsky, Martin Heckel

The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible memory locations by reading the contents of nearby accessible memory rows. Since its discovery in 2014, we have seen a cat-and-mouse security game with a continuous stream of new attacks and new defenses. Now, in 2024, exactly 10 years after Rowhammer was discovered, it is time to look back and reflect on the progress we have made and give an outlook on the future. Additionally, we will present an open-source framework to check if your system is vulnerable to Rowhammer.

All Brains are Beautiful! – The Biology of Neurodiversity (en)

Marcello

How do you think? People can experience thoughts, feelings, and sensory inputs very differently. While context and substances are known to promote changes in perception and thinking, the biological basis is very diverse, contrary to what is often assumed. Brain cells come in extraordinary varieties in size, shape, and complexity. Their synaptic connectivity provides the foundation of all our sensory input, motor output, cognitive functions, and thoughts. In short: They shape us. This talk gives an introduction about the extent of variability in neuronal patterns that underlies neurodiversity and critically discusses the idea of neurodivergence, diagnosis criteria in Autism and ADHD from a biological and first person-perspective. We find that biological variability of brains is an evolutionary feature that helps us to adapt to our environment but comes with certain risks and downsides in our modern society. While many things are still unknown, scientists have identified genes and environmental impacts that shape our network architecture during brain development and which help to explain why we think and experience the world so differently.

identity theft, credit card fraud and cloaking services – how state-sponsored propaganda makes use of the cyber criminal toolbox (en)

Alexej Hock, Max Bernhard

The Russian disinformation campaign Doppelgänger is considered to be technically highly sophisticated. Research by CORRECTIV and Qurium has revealed that the Russian state relies on the toolbox of internet fraudsters for the dissemination of propaganda and fakes. A talk on the state's possible alliance with the criminal world - and on possibilities and limitations of countering it.

Find My * 101 (en)

Henryk Plötz

I'll introduce the technology underlying bluetooth trackers from Apple and Google, and will describe and show what can actually be seen on the air (using a hackrf/rad1o for example). This is part demonstration of what is possible right now, part explanation of the underlying principles, and part invitation to would-be hackers to make creative use of this technology.

Implantable Cardiac Devices - Security and Data Accessibility (en)

dilucide

Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.

Security Nightmares (de)

Constanze Kurz, Ron

Der IT-Sicherheitsalptraum-Rück­blick: Manchmal belustigend, zuweilen beunruhigend, aber mit Ausblick.

38C3: Return to legal constructions (en)

Gabriela Bogk, Senficon

Let's join in a quiet moment to bid farewell to the chaotic wonderland that has been 38C3 and prepare ourselves for the harsh reality outside.

Saal GLITCH

libobscura: Cameras are difficult (en)

DorotaC

I'm not big-brained enough to use cameras on Linux, so I decided to write my own camera stack (based on a real story).

ACE up the sleeve: Hacking into Apple's new USB-C Controller (en)

stacksmashing

With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, very custom, TI manufactured chip. But the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and is responsible for providing access to JTAG of the application processor, the internal SPMI bus, etc. We start by investigating the previous variant of the ACE3: The ACE2. It's based on a known chip, and using a combination of a hardware vulnerability in MacBooks and a custom macOS kernel module we managed to persistently backdoor it - even surviving full-system restores. On the ACE3 however, Apple upped their game: Firmware updates are personalized to the device, debug interfaces seem to be disabled, and the external flash is validated and does not contain all the firmware. However using a combination of reverse-engineering, RF side-channel analysis and electro-magnetic fault-injection it was possible to gain code-execution on the ACE3 - allowing dumping of the ROM, and analysis of the functionality. This talk will show how to use a combination of hardware, firmware, reverse-engineering, side-channel analysis and fault-injection to gain code-execution on a completely custom chip, enabling further security research on an under-explored but security relevant part of Apple devices. It will also demonstrate attacks on the predecessor of the ACE3.

Transparency? Not from the European Commission (en)

Kris Shrishak

The European Commission is the executive branch of the European Union with the duty to uphold the law. The transparency of the Commission´s actions and decisions range from questionable to abysmal. Attempts by the public to access information are often thwarted. This talk will cover the Commission´s lack of transparency, challenges faced by the public in accessing information, Commission´s tactics and examples of the European Ombudsman´s interventions to improve the situation. Whether you are interested in ChatControl, AI or public procurement, this talk will have you covered.

Life in the Lager: How it is & how to support (de)

Hafid

Was ist ein Lager und warum ist es so schrecklich und unmenschlich? Wir werden einen Überblick über betroffene Perspektiven mit Selbst­erfahrungen geben, wie man in Lagern (Wohnheimen, EAE) lebt. Wir geben einen Überblick über die rassistische Bezahlkarte, sowie die Einschränkung der Freiheit wie schwer ist und über das Leben von Jugendliche in Lagern. Was machen wir? Wie können wir unterstützen und worauf sollte man achten?

Demystifying Common Microcontroller Debug Protocols (en)

Sean "xobs" Cross

Many developers know that the answer to "How do I debug this microcontroller" is either "JTAG" or "SWD". But what does that mean, exactly? How do you get from "Wiggling wires" to "Programming a chip" and "Halting on breakpoints"? This talk will cover how common debug protocols work starting from signals on physical wires, cover common mechanisms for managing embedded processors, and ending up at talking to various common microcontrollers.

Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza (de)

Anna-Lea Göhl, Sebastian Jünemann

Der Krieg in Gaza als Reaktion auf die Terrorattacke vom 7. Oktober läuft mittlerweile über ein Jahr. Cadus ist seit Februar diesen Jahres in Gaza im Einsatz. Auch seit Februar diesen Jahres teilen wir wie so viele andere die Erfahrung, das vor dem Hintergrund unseres Einsatzes fernab von Gaza sich leidenschaftlich „politisch“ auseinandergesetzt wird. Nicht ÜBER unseren Einsatz wohlgemerkt, sondern darüber, ob wir jetzt die eine oder andere Seite genug verurteilen würden für die Art und Weise wie der Krieg geführt wird. In unserem Talk „Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza“ sprechen wir über die Herausforderungen, die unseren Einsatz tatsächlich begleiten.

An open-source guide to the galaxy: Our journey with Ariane 6 (en)

Manthos Papamatthaiou, Paul Koetter

The 530 tons and 63 meter tall Ariane 6 rocket finally launched on July 9th 2024 carrying our open-source developed payloads – the SIDLOC experiment and the satellite Curium One – into space. SIDLOC tested a new, open, low-power standard for identifying and precisely locating spacecraft whilst our satellite Curium One established an open-source baseline for larger CubeSat systems and allowed us to test a bunch of new technologies. From sourcing a launch opportunity to the final integration onto the rocket at the spaceport in French Guiana we tell you about our biggest challenges and exceptional experiences of this adventure.

Dead Man’s Switch. An art shield to protect the life of Julian Assange (en)

Andrei Molodkin, Arianna Mondin

Artist Andrei Molodkin held $45million of art hostage to free Julian Assange. He vowed to dissolve Picasso, Rembrandt, Warhol and other masterpieces in acid using a dead man’s switch device inside a 29-tonne Grade 5 Safe Room if Julian Assange was to die in prison. The talk will explain the process and methodology.

EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy (en)

Anja Lehmann, socialhack

Digital identity solutions, such as proposed through the EU's eIDAS regulation, are reshaping the way users authenticate online. In this talk, we will review the currently proposed technical designs, the impact such systems will have, and provide an outlook on how techniques from modern cryptography can help to improve security and privacy.

How to Spec - Fun with dinosaurs (en)

Joschua Knüppe

The public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. By combining informed speculation with a deep understanding of anatomy, ecology, and geology, paleoartists continuously reimagine extinct organisms in innovative ways.

Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! (en)

giulioz

Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot.

IRIS: Non-Destructive Inspection of Silicon (en)

Andrew 'bunnie' Huang

IRIS (Infra-Red, *in situ*) is a technique for non-destructively inspecting the construction of a select but common type of chip. It can improve visibility into our hardware and provide supporting evidence of its correct construction, without desoldering chips or expensive analytical gear. This talk covers the theory behind IRIS, as well as some embodiments of the technique. I will also frame the relevance of IRIS in the face of various threat scenarios. Time permitting, I’ll also show how you can do it at home by peeking around a few chips as a demo.

Mal was mit Holz (de)

Metal_Warrior

Bildervortrag zum Thema "Nachhaltige Inneneinrichtung" mit Mitbringseln zum Anfassen sowie Tipps & Tricks zu Konstruktion, Gestaltung und Durchführung

Lightning Talks Day 2 (de)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

From Pegasus to Predator - The evolution of Commercial Spyware on iOS (en)

Matthias Frielingsdorf

My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. The talk will start with an analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time. The second section of the talk is all about advances in detection methods and the forensic sources which are available to discover commercial spyware. This talk will also include a Case Study about the discovery and analysis of BlastPass (one of the latest NSO Exploits). The third part will discuss technical challenges and limitations of the detections methods and data sources. Finally, I will conclude the talk with open research topics and suggestions what Apple or we could technically do to make the detection of commercial spyware better.

MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs (en)

Adam M.

User location information is inherently privacy sensitive as it reveals a lot about us: Where do we work and live? Which cities, organizations & institutions do we visit? How does our weekly routine look like? When are we on a vacation and not at home? MacOS has introduced multiple layers of security mitigations to protect sensitive user location information from attackers and malicious applications over the years — but are these enough?

10 years of emulating the Nintendo 3DS: A tale of ninjas, lemons, and pandas (en)

neobrain (he/him)

How is 3DS preservation faring 10 years after the release of the first emulator? What technical obstacles have we overcome, which ones remain? What hidden gems have we discovered beyond games? Join us on a journey through the struggles, the successes, and the future of 3DS emulation!

io_uring, eBPF, XDP and AF_XDP (en)

LaF0rge

Modern high-performance networking APIs on Linux - beyond the classic BSD sockets API.

Autoritäre Zeitenwende im Zeitraffer (de)

anna, Chris Köver

Die mittlerweile zerbrochene „Fortschrittskoalition“ hat zuletzt mit dem Bohrhammer Grundrechte abgetragen, als gäbe es einen Preis zu gewinnen. Wer als nächstes das Land regiert, ist offen. Aber progressiver wird es wohl kaum. Warum das keine plötzliche Entwicklung ist und was wir jetzt dagegen tun müssen.

Vectors, Pixels, Plotters and Public Participation (en)

Niklas Roy a.k.a. royrobotiks

The talk introduces technology-driven urban art projects that emphasize public participation and creativity. Each project employs a DIY machine to transform public spaces and create art collaboratively. How were these machines built? How do ideas evolve, and how can creative machines foster community connections? Find the answers and get some inspirations in this entertaining and insightful talk by Niklas a.k.a. royrobotiks.

RadioMining - Playlist-Scraping und Analyse (de)

Stefan Magerstedt

Seit einigen Jahren hat Stefan von etwa vierzig regulären deutschen (Pop-)Radiosendern die Playlisten gespeichert. Welche Meta-Informationen sich daraus ergeben und welche Abhängigkeiten von Jahreszeiten, Charts und Ereignissen sich abzeichnen, wird in einem unterhaltsamen Vortrag zum Besten gegeben.

Automation and Empathy: Can We Finally Replace All Artistic Performers with Machines? (en)

moritz simon geist

In this talk, artist and robotic musician Moritz Simon Geist explores whether robots and avatars can establish an emotional connection with a human audience, and examines the implications this has for arts and culture.

Die Faszination des echten Kugelspiels (de)

Gunther

Der Vortrag ist ein persönlicher Blick auf die Geschichte, Vielfalt und Entwicklung im Bereich der Flipperautomaten und ist motiviert durch die eigene Begeisterung für diese Form von Unterhaltungstechnik. Geschichte und Geschichten der Geräte wird anhand eigener Erfahrungen, Sammlung und Recherche sowie Geschehnissen und eigene Anwendungen der Geräte (Kauf, Reparatur, Restauration, Modifikation, ...) präsentiert und soll die Faszination und das Interesse dafür wecken oder Interessierte zusammenbringen. Es ist geplant, auch Geräte zum Kongress mitzubringen, die bespielt und/oder im Detail erklärt werden können und vielleicht sogar ein Gerät zum Basteln bereit zu stellen.

Net Neutrality: Why It Still Matters (More Than Ever!) (en)

Jürgen Bering, Raquel Renno Nunes, socialhack

Net Neutrality is a core pillar of the open internet. But we witness a coordinated, world-wide attack from the telecom industry on the very foundation that ties the internet together. The interconnection of autonomous parts of the internet used to be a non-political and non-commercial field that not many paid attention to. But through heavy lobbying activity we are on the brink of regulating interconnection in the EU, Brazil and India to establish a new payment obligation that would force everyone who wants to send a significant amount of data to customers. Telecom companies would end up being paid twice for the same traffic, from their customers and the content and cloud providers that want to reach them.

Sacrificing Chickens Properly: Why Magical Thinking is Both the Problem and the Solution. (en)

Senana

As an Anthropologist, magical thinking is a normal fact of life. Rather than dismissing it outright, our job is to look at its function and yes, rationality, for groups at hand. Starting out with a story about actual chickens being sacrificed to ensure the harvest, this talk explores the prevalence of useful magical thinking in our own community. Using metaphors, or even personifications, doesn‘t make a person irrational. It‘s applying a principle implicitly onto a subject matter which works completely differently, that would be the problem. After all, unless you are a strict vegetarian, it‘s not the killing of a chicken as such you‘d object to, it‘s the idea that this act makes rain. With LLMs, our public sphere has run into a problem where experts are at loss explaining a very complicated thing to a general public, which often lacks the basic terms with which to understand how this mechanism works. The instant personification of LLMs can lead to vast mismatches between their actual capabilities and what those stories imply. Rather than dismissing them outright, the question posed would be, what‘s the alternative? The talk is intended to be a light-hearted overview of some examples of both useful and dangerous constructions used to simplify complexity. It aims to touch upon some of the mechanisms that should be heeded in order to be able to tell a better story.

Von Augustus bis Trump – Warum Desinformation ein Problem bleibt und was wir trotzdem dagegen tun können (de)

Hendrik Heuer, Josephine Schmitt

Trotz intensiver Forschung hinken wir aktuellen Entwicklungen im Bereich Desinformation oft hinterher. In diesem Vortrag erklären wir, warum der Umgang mit Desinformation so herausfordernd ist und welche konkreten Lösungsansätze es gibt.

Der traurigste Vortrag über digitale Barrierefreiheit des Jahrhunderts (de)

Casey Kreer

Ein riesiger Teil der digitalen Leistungen der Bundesrepublik sind nicht inklusiv und für alle zugänglich. Eklatante Rechtsbrüche werden ignoriert und es gibt absolut nichts, was wir tun können, außer darüber zu reden.

Euclid, das Weltraumteleskop - 180 Millionen Galaxien sind ein guter Anfang (de)

Knud Jahnke

„Euclid" ist seit 2023 das neue Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Gestartet vor knapp eineinhalb Jahren, läuft jetzt seit gut 9 Monaten die wissenschaftliche Himmeldurchmusterung. Auf dem 37C3 konnte ich die ersten fünf "Early Release Observation" Bilder vorstellen, seitdem ist viel passiert. Vor allem läuft nach ein paar Anlaufschwierigkeiten die Mission richtig gut und viele hundert Quadratgrad des Himmels sind bereits fertig kartiert - die Datenbearbeitung und Auswertung läuft. Ich werde weitere Bilder und einen kleinen Blick hinter die Kulissen zeigen.

The Design Decisions behind the first Open-Everything FABulous FPGA (en)

Dirk

With the availability of robust silicon-proven open-source tools, IPs, and process design kits (PDKs), it is now possible to build complex chips without industry tools. This is exactly what we did to design our first open-everything FABulous FPGA, which is an example of open silicon that is designed and programmed entirely with open tools. Produced in the Skywater 130nm process node, our chip features 672 LUTs (each with 4 inputs and a flop), 6 DSP blocks (8x8 bit multipliers with 20-bit accumulators), 8 BRAMs (with 1KB each), and 12 register file primitives (each having 32 4-bit words with 1 write and 2 read ports). The resources are sufficient to run, for instance, a small RISC-V system on the fabric. The FPGA comes with a small board that is designed to fit into an audio cassette case and that can be programmed directly via an USB interface. Moreover, the FPGA supports partial reconfiguration, which allows us to swap the logic of parts of the FPGA while continuing operation in the rest of the chip. The chip was designed with the help of the versatile FABulous framework, which integrates several further open-source projects, including Yosys, nextpnr, the Verilator, OpenRAM, and the OpenLane tool suite. FABulous was used for various embedded FPGAs, including multiple designs manufactured in the TSMC 28nm process node. The talk will discuss and analyze differences and similarities with industry FPGAs and dive into design decision taken and optimizations applied to deliver good quality of results (with respect to area cost and performance). The talk will highlight state-of-the-art in open-source FPGA chip design and provide a deeper than usual discussion on the design principles of these devices.

Beyond BLE: Cracking Open the Black-Box of RF Microcontrollers (en)

Adam Batori, Robert Pafford

Despite the recent popularity and breadth of offerings of low-cost RF microcontrollers, there is a shared absence of documentation for the internal workings of their RF hardware. Vendors might provide an API for their supported protocols, such as BLE, but their documentation will only provide as much detail as necessary to use these libraries. For practically every BLE MCU available to hobbyists, interfacing with the on-chip radio is limited to secret ROMs or binary blobs. In this talk, we will finally peel back the curtain on one of these RF MCUs, giving the ability to understand and unlock the full potential of the hardware to operate in new modes.

Biological evolution: writing, rewriting and breaking the program of life (en)

Enrico Sandro Colizzi, Renske Vroomans

Biological evolution is a great inventor. Over 4 billion years, it has generated an astonishing diversity of lifeforms, from the tiniest bacteria to the tallest trees. Each new organism inherits a genetic program from its parents - a set of instructions to “build” the organism itself. Random mutations in this program can alter the organism’s traits, affecting its ability to survive in its environment. But how do these small changes combine over thousands of generations to yield the vast complexity we see in present-day lifeforms? In this talk, we discuss examples from our research, using computer simulations to model the early evolution of animals, from single-celled microbes to complex multicellular organisms. We show that evolution behaves a bit like a hacker, repurposing the programs it previously built in unexpected ways to create new functions and structures. Understanding how evolution continually innovates is one of biology’s grand challenges. We also hope that uncovering these processes in biological systems will provide new perspectives on current debates about the generative and creative capabilities of AI.

High energy physics aside the Large Hadron Collider (en)

Christian Wessel

What are we, and where do we come from? - Searching for flavour in beauty Nowadays the Large Hadron Collider (LHC) at CERN is the best known high energy physics research facility. However, there are other facilities around the world performing cutting edge high energy physics research. Some of these are the so called flavour factories which have a long tradition in high energy physics. Two of these are currently in operation: BES III in China and Belle II in Japan. Collecting huge amounts of data, the goal of these experiments is to measure free parameters of the standard model of particle physics with very high precision to find deviations from predictions by theory. Such deviations can hint to new physics, and physicists are still searching for the reasons of our very existence as by our best knowledge nothing but light should have remained after the big bang. But testing the standard model is challenging. Huge data sets in the order of tera bytes need to be analysed requiring advanced analysis software and techniques. By now these analyses usually employ machine learning and artificial intelligence in various kinds, while using custom hardware and software, and a world spanning computing infrastructure. All of this is only possible with more than 1000 people working together in a collaboration. Part of the work in high energy physics nowadays would not be possible anymore without the groundbreaking research by this year's Nobel laureates for physics. In this talk I will present what flavour physics is, the reasons why flavour physics is interesting and why it matters, and which challenges we are facing, using the Belle II experiment as an example. Most of the challenges are not unique to Belle II but to high energy physics in general, so I will also set this into the bigger context and take a look to what is ahead of us in the field of high energy physics.

Drawing with circuits – creating functional and artistic PCBs together (en)

Kliment, Morag Hickman

We are a professional electronics designer and a professional artist. We'd like to share our experience of integrating an artist into the design workflow for EMF's 2022 and 2024 event badges, how we ensured that form and function grew together, and how you might make a board so fancy it crashes your PCB vendor’s CAM software.

Ultrawide archaeology on Android native libraries (en)

Luca Di Bartolomeo (cyanpencil), Rokhaya Fall

A bug in a scraper script led to us downloading every single native library in every single Android app ever published in any market (~8 million apps). Instead of deleting this massive dataset and starting again, we foolishly decided to run some binary similarity algos to check if libraries and outdated and still vulnerable to old CVEs. No one told us we were opening Pandora's box. A tragic story of scraping, IP-banning circumvention, love/hate relationships with machine learning, binary similarity party tricks, and an infinite sea of vulnerabilities.

Klimaschädlich by Design – die ökologischen Kosten des KI-Hypes (de)

Constanze Kurz, Friederike Karla Hildebrandt

Sogenannte Generative KI hat einen hohen Rechenbedarf und braucht damit automatisch viel Energie. Wir wollen zeigen, was die AI-Bubble uns alle bisher an Ressourcen gekostet hat. Wer verdient sich daran dumm und dusslig? Und wer trägt die ökologischen und sozialen Kosten?

Mushroom-DJs, Strong AI & Climate Change: Connecting the Dots with Artistic Research (en)

twena

The exploratory nature of artistic research can aide in the production of knowledge. Sometimes, this takes a detour through music-making mushrooms and making moonshine, sometimes it deals with societal reverberations of AI usage or how lithium extraction affects the planet. This talk gives an insight on how we do technology-assisted artistic research at ZKM | Hertzlab, the artistic research & development department of the Center for Art and Media, Karlsruhe.

How election software can fail (en)

Benjamin W. Broersma

Experiences from a hacker working at the Election Council of The Netherlands.

Blåmba! ☎️ Behind the scenes of a 2000s-style ringtone provider (en)

Manawyrm

A Deep Dive into WAP, SMS, monophonic ringtones and 1-bit graphics.

Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys (en)

sather

We present Milksad, our research on a class of vulnerabilities that exposed over a billion dollars worth of cryptocurrency to anyone willing to 'crunch the numbers'. The fatal flaw? Not enough chaos. Learn how we found and disclosed issues in affected open source wallet software, brute-forced thousands of individual affected wallets on a budget, and traced over a billion US dollars worth of prior transactions through them.

Is Green Methanol the missing piece for the Energy Transition? (en)

Hanno Böck

In an accelerating climate crisis, renewable energy and electrification are the most important tools to reduce greenhouse gas emissions. However, in sectors where electrification is infeasible or impossible, other solutions will be needed. While hydrogen gets a lot of attention, it suffers from challenges like being difficult to transport and store. While it does not receive nearly as much attention as hydrogen, another molecule, methanol, could play a crucial role in bringing down emissions in challenging sectors like shipping, aviation, or the chemical industry.

Going Long! Sending weird signals over long haul optical networks (en)

Ben Cartwright-Cox

Computer network operators depend on optical transmission everywhere as it is what glues together our interconnected world. But most of the industry is running the same kinds of signals down the optical transceivers. As part of my need to "Trust, but verify" I wanted to check my assumptions on how the business end of modern optical modules worked, so join me in a adventure of sending weird signals many kilometres, and maybe set some records for the most wasteful bandwidth utilisation of optical spectrum in 2024!

Microbes vs. Mars: A Hacker's Guide to Finding Alien Life (en)

Anouk Ehreiser

Mars is famously the only planet (we know of) that is entirely inhabited by robots. And these robots are working hard on looking for something that would be one of the most significant discoveries in the history of science: Alien life. But how do you look for something that no one has ever seen? And would we recognize it if we find it? Join me on a journey through Mars’ ancient past and Earth’s most extreme environments, where scientists hunt for strange microbes that defy all our expectations: Organisms thriving in salt lakes, breathing metal, and building bizarre microbial ‘cities’ out of rock. Are they the blueprint of what alien life might look like? I will introduce you to the cutting-edge technology we use to analyse and understand them, and how we detect their “biological fingerprints” that might one day help us to find Martian life. This talk will not only give you a deep look behind the scenes of the search for life on Mars, but also a new appreciation for the strange and wonderful life on our own planet.

Von Ionen zu Daten: Die Funktionsweise und Relevanz von (Quadrupol-)Massenspektrometern (de)

Sally

Massenspektrometer sind unverzichtbare Analysewerkzeuge in der Chemie und zudem hochinteressante und verblüffende Instrumente. In diesem Talk wird die Massenspektrometrie mit Schwerpunkt auf Quadrupolmassenspektrometer anschaulich vorgestellt.

Philosophical, Ethical and Legal Aspects of Brain-Computer Interfaces (en)

Christoph Bublitz

This talk examines philosophical, legal, and ethical questions of the merging of human minds with intelligent machines through Brain-Computer-Interfaces, provides an overview of current debates and international regulatory development - and what might be at stake when technologies increasingly access the human brain.

38C3: Infrastructure Review (en)

nicoduck

This talks gives a behind the scenes on how the infrastructure side of the event is done.

Saal ZIGZAG

Typing Culture with Keyboard: Okinawa - Reviving the Japanese Ryukyu-Language through the Art and Precision of Digital Input (en)

Daichi Shimabukuro

In a world dominated by digital communication and the drive toward linguistic unification, the simple act of 'typing' varies significantly across languages and writing systems. For European languages like English and German, typing typically involves a set of about 100 letters and symbols. In contrast, Japanese—and by extension, Okinawan—requires three distinct scripts: hiragana, katakana, and kanji. Each of these adds layers of complexity and cultural depth to written expression. This presentation delves into the development of an input method engine (IME) for Okinawan, an endangered language spoken in Japan's Ryukyuan archipelago. Moving beyond technical challenges, this project reveals how modern digital ‘calligraphy’ intersects with language preservation. Every keystroke becomes a deliberate cultural choice, as the IME reflects the aesthetic and linguistic essence of Okinawan language. Highlighting linguistic expression, cultural significance, and the urgent need for language preservation, this talk presents a model for future digital tools that empower endangered languages and cultures to thrive in the digital realm.

Police 2.0: Peaceful activism is terrorism and fakenews are facts (en)

Frank van der Linde, Lori

On 23 October 2019 peaceful activist Frank van der Linde found out the Dutch Police was associating him with terrorism to other countries' law enforcement. This talk goes over the bizarre, worrying and, frankly, quite funny journey that Frank van der Linde has embarked on, hoping on a litigation frenzy to seek justice and fight back against the institutional intimidation of activists.

Die Geschlechter denen die sie hacken: Selbstbestimmungsgesetz, Pinke Listen, Überwachungsstaat (de)

Jyn, Luce und Zoe für die Queerokratie, Luce deLire, Nephthys

Selbstbestimmung ein grundlegendes Prinzip des Hacken, ob technologisch oder geschlechtlich. Doch was wenn Selbstbestimmung nur bedingt umsetzbar ist- im besten Fall und mit staatlicher Repression als Standard? Selbstbestimmung selbst gemacht ist eine trans, inter, nonbinäre Aktionsgruppe deren Name Programm ist. Wir wollen das System hacken um wir selbst zu sein, Überwachungsfrei und mit (Kranken)Versicherung.Ob mögliche Informationsweitergabe/Offenbarungsgebot, für alle Menschen, ob Cis oder TIN*, das in letzter Minute für die Bezahlkarte aus dem mangelhaften „Selbstbestimmungs“Gesetz (SBSG) genommen wurde oder die Sabotage und Unmöglichmachung von geschlechtaffirmierender Gesundheitsversorgung- wir stehen wie migrantische Menschen im Mittelpunkt von staatlicher Überwachungsliebe und faschistischer Auslöschungsfantasien, jedoch unbeachtet im Chaos. Wir wollen dies ändern- hier, dieses Jahr und für alle Zeit. Wir werden den Prozess des SBSG ergründen, den Zusammenhang von (Un)Sicherheitspaket, Überwachungsmaßnahmen und Transsein herstellen wie auch ganz nebenbei illegalisierte Praktiken versichern, durch die Geschlechts-zusatzversicherung. Nur eure Bühne wird gebraucht und die Tastaturen unser aller Geschwister.

Clay PCB (en)

moritz simon geist, Patrícia J. Reis

We built an Ethical Hardware Kit with a PCB microcontroller made of wild clay retrieved from the forest in Austria and fired on a bonfire. Our conductive tracks use urban-mined silver and all components are re-used from old electronic devices. The microcontroller can compute different inputs and outputs and is totally open source.

Breaking NATO Radio Encryption (en)

Lukas Stennes

We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key. In the talk, we start with the fundamentals of symmetric key cryptography before going into the details of high frequency radio, HALFLOOP-24, and the foundation of our attack.

What the PHUZZ?! Finding 0-days in Web Applications with Coverage-guided Fuzzing (en)

Sebastian Neef (gehaxelt)

PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities. However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities. In this talk, we present our academic fuzzing framework, "PHUZZ," and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering seven different vulnerability classes. Additionally, we demonstrate how PHUZZ uncovered over 20 potential security issues and two 0-day vulnerabilities in a large-scale fuzzing campaign of the most popular WordPress plugins.

Unveiling the Mysteries of Qualcomm’s QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering (en)

Alisa Esage

This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing on well-known hands-on methods such as hardware decapsulation and schematic analysis, I will demonstrate how a unique combination of patent analysis, firmware reverse engineering, and theoretical modeling can unlock the intricacies of undocumented hardware technologies and their application semantics.

From Silicon to Sovereignty: How Advanced Chips are Redefining Global Dominance (en)

Thorsten Hellert

Recent breakthroughs in machine learning have dramatically heightened the demand for cutting-edge computing chips, driving advancements in semiconductor technologies. At the forefront of this progress is Extreme Ultraviolet (EUV) lithography—a transformative method in microchip fabrication that enables the creation of ultra-small, high-performance devices. However, the path from raw materials to these state-of-the-art chips navigates a complex global supply chain riddled with technical challenges and geopolitical tensions. As nations vie for dominance in computing power, control over this supply chain has emerged as a strategic priority, featuring prominently in a high-stakes competition with global implications. Designed for all audiences, this talk explores the critical intersection of science, technology and global affairs shaping our future.

Spatial Interrogations Or the Color of the Sky (en)

Artur Neufeld

Modern 3D capture through Gaussian Splatting and human memory reveal parallel landscapes – where precise centers fade into probabilistic smears at the edges, and gaps hold as much meaning as detail. This is about the preservation of an ephemeral present in digital amber, an interrogation of how we reconstruct both digital and remembered spaces.

Was macht ein IT-Systemadministrator in einem Alu-Schmelzwerk (Schafft die Deutsche Industrie die Digitalisierung) (de)

Johannes Bernstein

In diesem Vortrag ziehe ich ein schonungsloses Resümee aus meinen mittlerweile fast drei Jahren in der Deutschen Industrielandschaft. Ich erzähle über katastrophale und gefühlt unüberwindbare Rückstände, über lächerlich hohe Anforderungen bei Zertifizierungen, aber auch über große Hoffnungen, Bemühungen und eine gefühlt vollständige Abwesenheit des Staats und was das bedeutet.

Wie wird gleich? (de)

kathia

Welchen Einfluss hat die Form der Dinge? Wie wirken wir durch die Gestaltung unseren kulturellen Praxen, Architekturen, Sprachen und Strukturen auf uns und die uns umgebende Zukunft ein? Und warum findet sich in zeitgenössischer Design Theorie ein Verb wie *Futuring*?

Hacking the RP2350 (en)

Aedan Cullen

Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior.

A Competitive Time-Trial AI for Need for Speed: Most Wanted Using Deep Reinforcement Learning (en)

Sebastian Schwarz

All challenges and achievements in creating a competitive time-trial AI in NFS:MW.

Role Play as Resistance: Challenging Securitization Through Activism in a place in EastAfrica (en)

Wawan

Using role playing, we shall explore the movements who are proactively fighting back the impact of surveillance and challenges Internet-related rights.

Gemeinwohlorientierte Forschung mit KI: Missbrauch eindämmen durch Zweckbindung für KI-Modelle (de)

Hannah Ruschemeier, Rainer Mühlhoff

Trainierte KI-Modelle sind mächtige Werkzeuge, die in Wissenschaft und Forschung oft für gute Zwecke gebaut werden. Aber wie alle Werkzeuge können sie auch zweckentfremdet werden – in Bereichen, für die sie nicht gedacht waren, in denen sie profitgierigen Interessen dienen und gesellschaftlichen Schaden anrichten. Vor dem Hintergrund des Trends von "open source" AI ist die Gefahr der unkontrollierten Zweckentfremdung von KI-Modellen enorm gestiegen. Wir zeigen: Das Risiko einer missbräuchlichen Sekundärnutzung von für Forschungszwecke trainierten KIs ist aktuell die größte regulatorische Lücke, trotz DSGVO und AI-Act. Zugleich ermöglicht das Zweckentfremden von Modellen die immer weiter wachsende Machtposition von Big Tech. Um das Problem zu bekämpfen, muss das Prinzip "Zweckbindung" für das Zeitalter der KI geupdated werden.

A policy black hole. How Europol and Frontex anticipated their high tech future and why this matters to you. (en)

Apostolis Fotiadis

This is the story of how a group of journalists and researchers started examining how the transformative introduction of novel technologies was reshaping the policy priorities of EU's law enforcement agencies. Very early on, this was like diving deep into the ocean without an underwater flashlight. And it didn't get much easier with time. What are the risks for civil liberties and privacy that lie in the dark while this agenda is unfolding and how hard is it to make them more transparent?

Pirouette Machines. Fluid Components (en)

Ioana Vreme Moser

This lecture follows the path of an ex-ballerina through fluid computers, handmade semiconductors, and cosmetic synthesisers. We will tackle the seductive side and hidden narratives of circuitry to natural systems, salty fluids, and minerals and discuss the importance of alternative hardware morphologies.

State of Surveillance: A year of digital threats to civil society (en)

Jurre van Bergen

The digital arms race between activists and government spies continues to shift and evolve. Through a series of cases studies, researchers from Amnesty International's Security Lab will share surveillance wins, the ongoing challenges, and the new threats on the digital horizon.

Self Models of Loving Grace (en)

Joscha Bach

Artificial Intelligence is not just an engineering discipline, but also the most fascinating and important philosophical project ever attempted: the explanation of the mind, by recreating it. This part of the series "From Computation to Consciousness" focuses on the nature of the self, agency and identity.

arafed futures - An Artist Dialogue on Chip Storage and AI Accelerationism (en)

Leon-Etienne Kühr, Ting-Chun Liu

The global chip shortage during the COVID-19 pandemic brought semiconductor production into focus, sparking accelerated efforts to meet the surging demand for digital infrastructure. This phenomenon not only expanded AI capabilities but also introduced unexpected computational artifacts. One such artifact is the word “arafed”, a term absent from any dictionary yet mysteriously appears across contexts from image prompts to Amazon product descriptions. Such unintended linguistic artifacts, born from transformer-based AI models, exemplify how digital artifacts emerge into realities with which we cohabitate. The talk investigates how supply-chains break and AI-words spread from an artistic research perspective. Mapping both the abstract landscapes of embedding spaces, that are filled with emergent words and images, and the tangible, geopolitical realities of global semiconductor supply chains.

The master key (en)

segher

This is the story of the HDCP master key that we derived back in 2010.

Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network (en)

Gus, Hiro

Millions of internet users around the world rely on Tor to protect themselves from surveillance and censorship. While Tor-powered applications and the Tor protocol are widely known, the community behind it much less so. This talk will highlight the efforts to maintain a healthy and resilient Tor network, emphasizing the crucial role of a diverse, engaged community of relay operators. We’ll discuss some recent news, the current state of the network, how we determine its health, and the strategies to strengthen its resilience, addressing challenges around sustainability and governance. If you're interested in understanding the inner workings of the Tor network, this talk is for you.

Feelings of Structure in Life, Art, and Neural Nets (en)

Peli Grietzer

'Poetry' as the name of a special human relation to the world -- some special kind of knowing, grasping, challenging or asking we effect through art -- came into focus in 18th century Europe alongside the first blushings of a theory of computation and a computational analysis of mind. This talk proposes that for all of their outward hostilities, the Romantic-and-on idea of poetry and computational approaches to thought, language, and meaning are deeply connected: starting from Kant's doctrine of the productive imagination, we will develop one historical thread that runs to the Romantic poets, Phenomenology, and literary theory, and one historical thread that runs to information theory, machine learning, and the science of neural network models. Comparing the two threads, I'll argue that poetics and the science of neural network models have genuinely (if partially) overlapping subject-matter. Peli Grietzer is a researcher and writer specializing in ML, philosophy, and literary studies. Grietzer received his PhD from Harvard Comparative Literature in collaboration with the HUJI Einstein Institute of Mathematics.

Projekt Bucketchallenge (de)

Kaspar

S3 Buckets mit kübelweise privaten Daten: Finden, melden, kein Problem. Aber grundlegend was ändern? Denkste!

Escaping Big Brother (or Your Ex) - counter surveillance for women's shelters (en)

erlern

Maintaining privacy and security when those closest to you is exploiting the worst of surveillance capitalism and patriarchy to pwn you is a user case no one planned for. Or should Big Tech have known better? Gender-based violence has existed in all societies and centuries, but in the 21st one the digital arena is proving to be especially tricky for victims. When (primarily) women leave their abusive (primarily) male partners or family members they often have to leave behind everything and make a clean break - including from their digital identities. This is way easier said than done. (Ever tried unsubscribing from.. anything?) Surveillance capitalism has further exacerbated this challenge, as stalker-ware is becoming increasingly prevalent and easy to use, if not a default feature. Stalking As A Service is of course already a thing, and why should you watch someones house in the rain all night when you can let your Tesla do it for you? Lost your wife? Hide an AirTag in the lining of her bag and have two billion iPhones keep track of her across the planet. Apple won't tell. It's almost like society is fundamentally misogynistic and internet accelerated the opportunity for patriarchal control..? This talk shares experiences working with women's shelters and training victims as well as activists and professionals in cyber security and opsec. The situation's bad and it's getting worse, fast.

Chatbots im Schulunterricht!? (de)

Marte Henningsen, Rainer Mühlhoff

Was können die Tools wirklich, was machen sie mit der “Bildung”, und sollten wir dafür Steuergelder ausgeben? Spätestens seit dem Hype um ChatGPT werden KI-Tools als magische Technofixes für Lehrkräftemangel und soziale Segregation im Bildungswesen angepriesen. Mehrere Bundesländer haben zum Beispiel Flächenlizenzen für alle Lehrkräfte bei dem Hamburger Unternehmen "Fobizz" erworben. Das Unternehmen bietet auf Basis großer Sprachmodelle (meist GPT-3/4) und verschiedener bildgenerierender KIs eine ganze Reihe von Bots sowohl für SchülerInnen als auch für LehrerInnen an: Tools zur automatisierten Korrektur und Bewertung von Hausaufgaben, Chatbot-basierte individuelle Lern-Coaches, Avatare zur Gesprächssimulation ("mit Angela Merkel chatten"), oder Bots zur Erstellung von individualisiertem Unterrichtsmaterial. Wir haben das Fobizz-Tool zur automatisierten Korrektur von Hausaufgaben und Prüfungsleistungen detailliert unter die Lupe genommen. Funktioniert das wirklich? Wie wirkt sich das auf die Qualität des Unterrichts aus? Kann man LehrerInnen und SchülerInnen guten Gewissens darauf loslassen? – Unsere Antwort ist schockierend eindeutig: nein! Und es ist ein Skandal, dass Steuergelder dafür ausgegeben werden. Im Vortrag berichten wir von frustrierenden Irrfahrten wenn SchülerInnen den Korrekturen des KI-Tools folgen; von quasi ausgewürfelten Bewertungen (nach dem Motto: wenn dir die Note für diese Person nicht passt, drück einfach auf "re-generate"), und von der impliziten Botschaft an die SchülerInnen: Ihr müsst ChatGPT verwenden, sonst könnt ihr nicht gut abschneiden.

AI Meets Git: Unmasking Security Flaws in Qodo Merge (en)

Nils Amiet

The whole world is talking about AI, and developers are no exception. When a developer hears about a tool that can help them handle git pull requests using AI, it is likely that they will start using it for their open source project. This is precisely what's happening with Qodo Merge (formerly PR-Agent), an open source tool that can help review and handle git pull requests by using AI to provide feedback and suggestions to developers. It is getting adopted by more and more open source projects, including popular ones. It is so easy to add new features by relying on external tools, yet the consequences on security can be catastrophic. Indeed, if the tool contains security vulnerabilities, the project using it may become vulnerable too and may grant anyone permissions to perform unexpected actions without realizing it. But everyone wants to use AI so security may be overlooked. We found multiple vulnerabilities in Qodo Merge that may lead to privilege escalation on Gitlab, getting write access to Github repositories and leaking Github repository secrets. Additionally we found multiple high profile Github repositories using Qodo Merge with a configuration that makes them vulnerable, such as highly popular projects, government official repositories, self-driving automotive industry projects, blockchains and more. In this talk we go through what Qodo Merge is, how it can be used, how it works, how it can be exploited, what projects are affected and what are the impacts. We also mention remediation steps to fix these issues.

Vom Betrieb bis ins Netz: Gewerkschaften als Vorbild für modernen Widerstand? (de)

Joana Starck, Laurent Kuffert

Von kreativen Strategien und Herausforderungen aus der Gewerkschaftsarbeit im Kampf für Arbeiter*innenrechte

Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves (en)

Dennis Heinze, Frieder Steinmetz

Auracast, the new Bluetooth LE Broadcast Audio feature has gained some publicity in the last few months. The Bluetooth SIG has been working on the specification of this feature set in the past few years and vendors are only now starting to implement it. Auracast enables broadcasting audio to multiple devices. These broadcasts can also be encrypted. Unfortunately, the security properties of the protocol are vague and insufficient. It has already been shown that these broadcasts can be hijacked by anyone when unencrypted. We explain the state of (in)security of the protocol and add to it by showing that even when encrypted, broadcasts can often be cracked easily. We also show that once equipped with the passcode, attackers can eavesdrop and hijack even encrypted broadcasts. Alongside the talk, we will release our toolkit to brute-force authentication codes, decrypt dumped Auracast streams, and hijack encrypted broadcasts.

Dialing into the Past: RCE via the Fax Machine – Because Why Not? (en)

Carlo Meijer, Rick de Jager

Remember the days when faxes were the pinnacle of office tech, and the sound of a paper getting pulled in was as satisfying as a fresh cup of coffee? Well, it's time to dust off those memories and reintroduce ourselves to the quirky world of printers and their forgotten fax interfaces – yes, those relics that make us all feel like we're in an '80ies sci-fi movie – and specifically, how they can unlock a new frontier in printer security exploits!

Let's build dodos! How generative AI is upturning the world of synthetic biology and hopelessly overwhelming traditional governance instruments. (en)

Margret Engelhard

Have you always wanted to build an egg-laying woolly milk sow or bring the legendary dodo back to life? The dream of some biologists to not only understand organisms, but also to redesign, build or bring living beings back to life is accelerating towards reality with the convergence of synthetic biology and generative AI in ‘generative biology’. For example, large language models are now being used to write genes and proteins, while complex laboratory tests are being replaced by machine vision and automation. The pace of these developments is so fast that they are barely noticed by the public, politicians or related experts such as environmental scientists. Questions about the reliability and safety of these new biodigital methods and applications are not yet being asked and research into risk assessment methods is not keeping pace. At the same time, this shift of generative AI systems from generating text and images to generating protein, bacteria, viruses and organisms could transform many areas of life, from medicine and the environment to bioweapons. So let's talk about it and discuss it.

Brauchbare Illegalität – Organisationen für menschenfeindliche Diskurse wappnen (de)

Johannes Fertmann

Organisationen und die in ihnen stattfindenden Gespräche und Debatten haben einen großen Einfluss auf ihre Mitglieder und ihr Umfeld. Es ist daher bedeutsam und beunruhigend, wenn in diesen Diskursen Grundsätze unseres gesellschaftlichen Zusammenlebens in Frage gestellt werden. Was tun? Luhmanns Begriff der " Brauchbaren Illegalität " beschreibt elegant und kraftvoll funktionale Regelabweichungen in Organisationen. In diesem Talk werden ausgehend von diesem Begriff Gestaltungsmöglichkeiten für Strukturen, Praktiken und Hacks vorgestellt. Diese Anregungen zeigen, wie die ausgesprochenen und unausgesprochenen Regeln einer Organisation so verändert werden können, dass sie eine demokratische und fortschrittliche Gesellschaft stärken.

TETRA Algorithm set B - Can glue mend the burst? (en)

Jos Wetzels, Wouter Bokslag

In August 2023, we published the TETRA:BURST vulnerabilities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA were handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication. This talk is not TETRA:BURST, but dives into the latest TETRA revision introduced in 2022. Most notably, it contains a new suite of cryptographic ciphers. Of course the cipher available for critical infrastructure and civilian use (TEA7) is intentionally crippled, and of course these ciphers were to be kept secret, but this decision was overruled due to public backlash following our publication last year. In this talk we will present a practical attack on the TEA7 cipher, which while taking a 192-bit key, only offers 56 bits of security. Furthermore, we point out improvements and shortcomings of the new standard, and present an update on TEA3 cryptanalysis, where we previously found a suspicious feature, and draw a parallel with its successor TEA6. All in all, in this short and relatively crypto-forward talk, we assess with all-new material whether the new TETRA standard is fit for its intended purpose. This crucial technology seeks to once again take a very central role in our society for decades to come, and its cryptographic resilience is of fundamental importance - for emergency networks, but possibly even more for our critical infrastructure and associated processes.

May the forest be with you – Bäume pflanzen gegen die Klimakrise? (de)

Kirsten Krüger

Der Harz wurde von Borkenkäfern gefressen, nur jeder vierte Baum in Deutschland gilt als gesund und in Russland sowie Nordamerika brennen die Wälder in einem enormen Ausmaß. Gleichzeitig gelten Wälder als eine der Lösungen in der Klimakrise, als CO2-Speicher und Produzent von nachhaltigen, nachwachsenden Rohstoffen. Sind Wälder in Gefahr auf Grund von Dürre, Borkenkäfer und Feuer? Und können wir mit Wiederaufforstungen der Klimakrise was entgegensetzten? Kirsten Krüger forscht an der Technischen Universität München zu Störungsdynamiken in Wäldern und erklärt in ihrem Vortrag, was Wälder eigentlich alles für uns leisten, warum Störungen ein natürlicher Bestandteil von Wäldern sind und Bäume pflanzen allein keine akkurate Antwort auf die Klimakrise ist.

Hacking Life: How to decode and manipulate biological cells with AI (en)

Moritz Schaefer

AI methods are advancing biological research in diverse directions. In this talk, you will learn how we decode the fundamental building blocks of life with AI, and how it will help us to hack cells to cure diseases and beyond.

Die Elektronische Patientenakte (ePA)– a legal instruction trap? (de)

cbro

Kaum ein IT-Gesundheitsprojekt bleibt so hinter den Erwartungen und Versprechen zurück wie die Elektronische Patientenakte (ePA). Sie wird in 2025 zur Pflicht. Jede gesetzlich versicherte Person die nicht widerspricht, bekommt eine mit Abrechnungsdaten befüllte ePA kostenlos. Da nichts kostenlos ist, bist Du auch in diesem Fall nicht Kunde sondern Ware und bezahlst bestenfalls nur mit Deinen Daten …

Hacker's Guide to Meshtastic: Off-Grid, Encrypted LoRa Meshnets for Cheap! (en)

Kody Kinzie

Beginners can now create off-grid, encrypted mesh networks for cheap, with applications in emergency communication, sensor monitoring, and more! These mesh networks have been popping up in cities all over the world, and this talk will go over everything a beginner needs to run or build their own nodes.

Attack Mining: How to use distributed sensors to identify and take down adversaries (en)

Lars König

Ever wondered why your web server seems to be under constant attack from what feels like everyone on the internet? Me too! Join me in this session where we'll explore the data of millions of attacks from hundreds of sensors around the world, to identify who is attacking us from where and why. Additionally, we will have a look into how we can use that data to get abusive systems taken down, and how successful this approach actually is. Buckle up for a deep dive into the constant battle to protect systems on the internet against adversaries gaining access, and how you can help make the internet a safer place!

Hacking Victorian Bodies: From Grid to Vector Space (en)

Marcin Ratajczyk

This performative lecture by SOLID FLESH Collective explores how generative AI can reshape historical body representations into tools for imagining new bodily futures. Drawing from Muybridge’s chronophotography, which fixed bodies into a rigid scientific grid, we investigate AI’s capacity for fluid, multidimensional embodiment. Using open-source AI models to ‘resurrect’ Muybridge’s subjects and defy commercial censorship, we reveal speculative possibilities for bodily motion and identity. Our work positions the ‘vector body’—a digitally-mediated form of self-imagination—within a broader conversation on identity fluidity, algorithmic embodiment, and liberating futures beyond conventional body ideals.

Longtermismus – der „Geist“ des digitalen Kapitalismus (de)

Max Franz Johann Schnetker

Der Vortrag wirft einen sozialwissenschaftlichen Blick auf die Ideologie des Longtermismus. Seine Funktion im digitalen Kapitalismus wird analysiert. Mithilfe von Klassikern der Soziologie wird dargestellt, warum sich diese Ideologie in eine faschistische Richtung entwickelt.

Moving with feelings: Behind the scenes of a one man show mobile & fiber operator in Spain (en)

Edgar Saumell Oechsle

How to run an MVNO with values: What are the requirements? Do you need a government license, maybe a lot of investment? There are different types of MVNOs. We will talk about how to do business as an MVNO while respecting users' privacy, supporting free software, believing in the right to repair and making your customers technologically sovereign.

GLAM zwischen LOD und ¯\_(ツ)_/¯. Museumskritik für Hacker*innen (de)

Lukas Fuchsgruber

Habt ihr euch immer schon gefragt wie Museumssammlungen ins Netz kommen, warum online Sammlungen meist immer noch aussehen wie Kataloge seit dem 19. Jahrhundert, was für Strategien und Förderprogramme dahinter stecken, welche Firmen hier quasi-Monopole haben, und warum Museen so viele Hoffnungen (Zugang! Partizipation! Demokratie!) mit der Digitalisierung verbinden? Der Talk ist eine Einladung an Hacker*innen sich an der kritischen Weiterentwicklung, Öffnung und Reflexion von Museen zu beteiligen.

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11 (en)

NiNi Chen

In the October 2023 update, Windows 11 introduced support for 11 additional compression formats, including RAR and 7z, allowing users to manage these types of files natively within File Explorer. The enhancement significantly improves convenience; however, it also introduces potential security risks. To support these various compression formats, Windows 11 utilizes the libarchive library, a well-established open-source library used across multiple operating systems like Linux, BSD, and macOS, and in major projects such as ClickHouse, Homebrew, and Osquery. The libarchive has been continuously fuzzed by Google’s OSS-Fuzz project, making it a time-tested library. However, its coverage in OSS-Fuzz has been less than ideal. In addition to the two remote code execution (RCE) vulnerabilities disclosed by Microsoft Offensive Research & Security Engineering (MORSE) in January, we have identified several vulnerabilities in libarchive through code review and fuzzing. These include a heap buffer overflow vulnerability in the RAR decompression and arbitrary file write and delete vulnerabilities due to insufficient checks of libarchive’s output on Windows. Additionally, in our presentation, we will reveal several interesting features that emerged from the integration of libarchive with Windows. And whenever vulnerabilities are discovered in widely-used libraries like libarchive, their risks often permeate every corner, making it difficult to estimate the potential hazards. Moreover, when Microsoft patches Windows, the corresponding fixes are not immediately merged into libarchive. This delay gives attackers the opportunity to exploit other projects using libarchive. For example, the vulnerabilities patched by Microsoft in January were not merged into libarchive until May, leaving countless applications exposed to risk for four months. The worst part is that the developers might not know the vulnerability details or even be aware of its existence. To illustrate this situation, we will use the vulnerabilities we reported to ClickHouse as an example to demonstrate how attackers can exploit the vulnerabilities while libarchive remains unpatched.

corebooting Intel-based systems (en)

aprl, elly

Gaining a reasonable level of trust on the firmware that runs your everyday activities

From fault injection to RCE: Analyzing a Bluetooth tracker (en)

Nicolas Oberli

The Chipolo ONE is a Bluetooth tracker built around the Dialog (now Renesas) DA14580 chip. This talk will present the research made on this device, from extracting the firmware from the locked down chip using fault injection up to getting remote code execution over Bluetooth. The talk will also present the disclosure process and how the vendor reacted to an unpatchable vulnerability on their product.

Kein Spaß am Gerät auf einem toten Planeten! (de)

Anja Höfner, Rainer Rehak

Seit Jahren kämpft das Bits-&-Bäume-Bündnis, dem auch der CCC seit Beginn angehört, für eine ökologische und sozial gerechte Digitalpolitik – 2024 war dabei ein Jahr voller Hochs und Tiefs: von erstmals sinkenden CO₂-Emissionen in Industrieländern, über den weiterbrennenden KI-Boom mit Nachhaltigkeitsanstrich, die Rolle von digitalen Plattformen für anti-demokratische und nicht-nachhaltige Bewegungen, den ökologischen Fußabruck von Profiling bis hin zum Tech-Solutionismus von Elon Musk jetzt im Weißen Haus.