Schedule
















 

Day 1
19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30
Chatkontrolle - Ctrl+Alt+Delete (de)

khaleesi, Markus Reuter

Seit jetzt schon vier Jahren droht aus der EU die Chatkontrolle. In Deutschland ist das Thema nach den Protesten im Oktober aktueller denn je - und sogar Jens Spahn und Rainer Wendt sind plötzlich gegen diese Form der Überwachung. In diesem Vortrag schauen wir zurück und erklären was, vor allem im Hintergrund, passiert ist. Wir nehmen die Position der Bundesregierung genau unter die Lupe und werfen einen Blick auf die Schritte, die auf EU-Ebene vor uns liegen.

Hacking washing machines (en)

Severin von Wnuck-Lipinski, Hajo Noerenberg

Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little is publicly documented about how these devices actually work or how their internal components communicate. This talk takes a closer look at proprietary bus systems, hidden diagnostic interfaces, and approaches to cloud-less integration of appliances from two well-known manufacturers into modern home automation systems.

Bluetooth Headphone Jacking: A Key to Your Phone (en)

Dennis Heinze, Frieder Steinmetz

Bluetooth headphones and earbuds are everywhere, and we were wondering what attackers could abuse them for. Sure, they can probably do things like finding out what the person is currently listening to. But what else? During our research we discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufacturers in numerous Bluetooth headphones and earbuds. The identified vulnerabilities may allow a complete device compromise. We demonstrate the immediate impact using a pair of current-generation headphones. We also demonstrate how a compromised Bluetooth peripheral can be abused to attack paired devices, like smartphones, due to their trust relationship with the peripheral. This presentation will give an overview over the vulnerabilities and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripherals in general. At the end, we briefly discuss the difficulties in the disclosure and patching process. Along with the talk, we will release tooling for users to check whether their devices are affected and for other researchers to continue looking into Airoha-based devices. Examples of affected vendors and devices are Sony (e.g., WH1000-XM5, WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV), Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).

And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung Trumpismus rast – und warum afghanische Kläger*innen für uns die Notbremse ziehen (de)

Eva, Elaha

Wenn die Regierung sich nicht mehr an das eigene Recht gebunden fühlt, markiert das nicht nur einen politischen Spurwechsel, sondern die Auffahrt auf den Highway to Trumpism. Zeit die Notbremse zu ziehen! Normalerweise trifft es in solchen Situationen immer zuerst diejenigen, die sich am wenigsten wehren können. Doch was passiert, wenn genau diese Menschen mit juristischen Werkzeugen bewaffnet werden, um zurückzuschlagen? Anhand von über 100 Klagen afghanischer Schutzsuchender zeigen wir, wie Ministerien das Bundesaufnahmeprogramm sabotieren, Gerichte sie zurückpfeifen – und die Zivilgesellschaft zum letzten Schutzwall des Rechtsstaats wird. Und wir verraten, warum sich Beamte im BAMF vielleicht lieber krankmelden sollten und welche anderen Möglichkeiten sie haben, um nicht straffällig zu werden.

Excuse me, what precise time is It? (en)

Oliver Ettlin

With PTP 1588, AES67, and SMPTE 2110, we can transmit synchronous audio and video with sub-millisecond latency over the asynchronous medium Ethernet. But how do you make hundreds of devices agree on the exact same nanosecond on a medium that was never meant to care about time? Precision Time Protocol (IEEE 1588) tries to do just that. It's the invisible backbone of realtime media standards like AES67 and SMPTE 2110, proprietary technologies such as Dante, and even critical systems powering high-frequency trading, cellular networks, and electric grids.

Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan: Wie autoritäre Akteure KI-generierte Inhalte für Social Media nutzen (de)

Katharina Nocun

Der amtierende US-Präsident postet ein Video, in dem er Demonstrierende aus einem Kampfjet heraus mit Fäkalien bewirft und das Weiße Haus zelebriert den „Star Wars Day“ mit einem pompösen Trump-Bild mit Lichtschwert. Accounts von AfD-Sympathisanten posten KI-Kitsch einer vermeintlich heilen Welt voller blonder Kinder und Frauen im Dirndl. Ist das lediglich eine geschmackliche Entgleisung oder steckt da mehr dahinter?

Breaking architecture barriers: Running x86 games and apps on ARM (en)

Tony Wasserka

Presenting FEX, a translation layer to run x86 apps and games on ARM devices: Learn why x86 is such a pain to emulate, what tricks and techniques make your games fly with minimal translation overhead, and how we are seamless enough that you'll forget what CPU you're using in the first place!

AI-generated content in Wikipedia - a tale of caution (en)

Mathias Schindler

I successfully failed with a literature related project and accidentally built a ChatGPT detector. Then I spoke to the people who uploaded ChatGPT generated content on Wikipedia.

Life on Hold: What Does True Solidarity Look Like Beyond Duldung, Camps, Deportation, and Payment Cards? (en)

H-Shaaib, Eric Noel Mbiakeu

Lager, Duldung, Bezahlkarte, Essensscheine – Criminalization, Radicalization, Reality for Many People in East Germany This talk sheds light on how these terms shape everyday life. We dive into an existence marked by uncertainty, isolation, and psychological strain, both in anonymous big cities and rural areas of East Germany. We ask: What does “solidarity” really mean in this context?

Not To Be Trusted - A Fiasco in Android TEEs (en)

0ddc0de, gannimo, Philipp

Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The word "Trusted" in this context means that **you**, as in "the owner of the device", don't get to execute code in this execution environment. Even when you unlock the bootloader and Magisk-root your device, only vendor-signed code will be accepted by the TEE. This unfortunate setup limits third-party security research to the observation of input/output behavior and static manual reverse engineering of TEE components. In this talk, we take you with us on our journey to regain power over the highest privilege level on Xiaomi devices. Specifically, we are targeting the Xiaomi Redmi 11s and will walk through the steps necessary to escalate our privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3). We will revisit old friends like Trusted Application rollback attacks and GlobalPlatform's design flaw, and introduce novel findings like the literal fiasco you can achieve when you're introducing micro kernels without knowing what you're doing. In detail, we will elaborate on the precise exploitation steps taken and mitigations overcome at each stage of our exploit chain, and finally demo our exploits on stage. Regaining full control over our devices is the first step to deeply understand popular TEE-protected use cases including, but not limited to, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric authentication data.

DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (en)

Zhongrui Li, Yizhe Zhuang, Kira Chen

The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits. In this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.

From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs (en)

giulioz

Have you ever wondered how the chips and algorithms that made all those electronic music hits work? Us too! At The Usual Suspects we create open source emulations of famous music hardware, synthesizers and effect units. After releasing some emulations of devices around the Motorola 563xx DSP chip, we made further steps into reverse engineering custom silicon chips to achieve what no one has done before: a real low-level emulation of the JP-8000. This famous synthesizer featured a special "SuperSaw" oscillator algorithm, which defined an entire generation of electronic and trance music. The main obstacle was emulating the 4 custom DSP chips the device used, which ran software written with a completely undocumented instruction set. In this talk I will go through the story of how we overcame that obstacle, using a mixture of automated silicon reverse engineering, probing the chip with an Arduino, statistical analysis of the opcodes and fuzzing. Finally, I will talk about how we made the emulator run in real-time using JIT, and what we found by looking at the SuperSaw code.

Katja Ruge (en)

Katja Ruge

„Planetary Visions“ with Katja Ruge (Can Love Be Synth/Synthesizerstudio HH, Electric Lights/Planetarium HH) Katja Ruge’s DJ sets are a seamless fusion of Italo, New Wave, Cosmic Sounds, 80s, Dark Disco, and Electro.

Analog to Algorithm: RSS Disco’s Underground Journey (en)

RSS Disco

From crackling Kraut and Disco records to hyper produced Techno tracks - dance music has come a long way in the last six decades, and was always strongly influenced by evolving technology. Dance music’s history is a feedback system between culture and circuitry. Each new invention—from the disco subwoofer to today’s neural-driven mastering tools—reshapes sound itself. RSS Disco’s timeline approach celebrates this continuum: a story of machines learning to groove, and humans learning to listen differently through them.

Steve Simon (de)

Steve

Als Part der ToxicFamily, die seit mittlerweile 25 Jahren Label, elektronisches Magazin, Veranstalter und einfach eine Institution in Frankfurt ist, fördert Steve, der übrigens einer der dienstältesten Residents des Tanzhaus West in Frankfurt ist, aktiv die Frankfurter Underground Clubszene und vor allem den Nachwuchs. Ob es ein Gig bei der Toxic Family Radio Show im lokalen FM Radio ist, ein CDJ Lehrgang oder einfach nur aufmunterte Worte während eines Sets - viele Frankfurter DJs haben eine Geschichte über Steve zu erzählen. Wenn Steve House Musik spielt, sieht man oft DJ Kollegen mit gespitzen Ohren an der Bar stehen - oder auch mal mitten auf der Tanzfläche - weil das Barpersonal selbst auf der Theke tanzt.