Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 2
11:00

11:30

12:00

12:30

13:00

13:30

One
Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps (en)

Mona

In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.
Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots (en)

Shipei Qu, Zikai Xu, Xuangan Xiao

We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.

Ground
Hatupangwingwi: The story how Kenyans fought back against intrusive digital identity systems (en)

Mustafa Mahmoud Yousif

The session title is fashioned after the Kenyan movement building rhetoric “Hatupangwingwi” which is Kenyan slang meant as a call to action to counter anti-movement building techniques by the political class and resist infiltration and corruption. This is true for the organisation and movement building towards inclusive identity regimes in Kenya. The session seeks to explore the lessons from Kenya’s journey to digitalization of public services and the uptake of Digital Public infrastructure. It digs deeper on the power of us and how civil society could stop a destructive surveillance driven digitalisation thus protecting millions of Kenyans.
Suing spyware in Europe: news from the front! (en)

Lori Roussey, Celia/Irídia

In 2022, CitizenLab contacted a member of the Spanish non-profit Irídia to tell them that one of their members had likely been hacked with Pegasus spyware. The target, a lawyer, had been spied on by the Spanish government in 2020 because he represented a Catalan politician who was in prison. His phone was infected with Pegasus during the COVID-19 lockdown, on the same day he was having an online meeting with other lawyers working on the case. Irídia and the lawyer (Andreu) decided to take the case to court. A few years later, he met with Data Rights and invited them to join forces and bring in partners from across Europe to increase the impact. This collaboration led to the creation of the PEGA coalition in May 2025. This talk goes over the status of the case and work we have done across Europe to bring spyware use in court.

Fuse
Digitale Inklusion: Wie wir digitale Barrierefreiheit für alle erreichen können (de)

Jakob Sponholz, Kathrin Klapper, Lena Christina Müller

Könntest du jetzt noch sagen, was du heute online gemacht hast? Für viele ist das Internet so selbstverständlich, dass sie es kaum noch merken, wenn sie es benutzen. Dennoch sind viele Menschen unfreiwillig aus der digitalen Welt ausgeschlossen. Wie könnte das Internet für alle nutzbar werden?