Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 2
10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

One
Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps (en)

Mona

In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.
Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots (en)

Shipei Qu, Zikai Xu, Xuangan Xiao

We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.
Chaospager - How to construct an Open Pager System for c3 (en)

Max, Julian

In this talk, we will give an introduction into the project (i.e. how it all started at 38c3 and why we are here now), provide an in-depth review of how the development process of our pager worked and what our future goals are. In our introduction, we will talk about the origin and exploration phase of the inital pager idea (i.e. how we went from the idea of bringing POCSAG Pager transmitter to 38c3, over a cable-bound prototype, to a first working pager on a proper PCB). We will also present our plans of connecting our POCSAG transmitter infrastructure to THOT (CERTs own dispatch software). For our in-depth review about the project, we explain how we encountered major reception problems, how we analyzed them at easterhegg22 and conducted experiments there, and why we are opting for a custom HF frontend design instead of an already-made one from chinese vendors. Moreover, we provide an overview of our transmitter devices and give some advice on how to replicate those. Lastly, we will discuss further challenges and what our next goals are. If we are reaching our milestone until 39c3, we will also give a live demo of the system.
Cracking open what makes Apple's Low-Latency WiFi so fast (en)

Henri Jäger

This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity features like Sidecar Display and Continuity Camera. We make more kernel logging available on iOS and build a log aggregator that combines and aligns system- and network-level log sources from iOS and macOS.

Zero
Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents (en)

Johann Rehberger

This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. Exploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as "ZombAIs", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents. Additionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.
Amateurfunk im All – Kontakt mit Fram2 (de)

akira25, flx, Gato

Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit Astronautin Rabea Rogge im Weltraum gefunkt haben.
Lessons from Building an Open-Architecture Secure Element (en)

Jan Pleskac

The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure.

Am Spätverkauf
A blast from the Y2K past… GRÜNSPAN (Rock & Metal) (en)

Alex Thurow

A time travel DJ set back to the times of the millennium change… … to the times of the prevented [Y2K apocalypse](https://en.wikipedia.org/wiki/Year_2000_problem) … to the times of the [Dot-com bubble](https://en.wikipedia.org/wiki/Dot-com_bubble) (… it’s about time AI, isn’t it?) … to the times of a [VERY problematic seed being planted](https://en.wikipedia.org/wiki/2000_Russian_presidential_election) … but most importantly to the times of the glorious: [| G.--. || R.--. || Ü.--. || N.--. || S.--. || P.--. || A.--. || N.--. |](https://www.gruenspan.de/) Back when ROCK was alive and kickin’ in „Hamburg meine Perle“! So, if you want to get a LOUD blast from the past - come join us and bring your [Pommesgabel](https://de.wikipedia.org/wiki/Mano_cornuta) with you! Live long and prosper, [DJ Alex](https://mstdn.social/@alexthurow/110279531725018974) (AKA: [https://onmoderndev.de](https://onmoderndev.de))

Chill Floor
Etai Darway (de)

Etai Darway

Dj Set Etai Darway
chaeza + doc (de)

chaeza + doc

Dj Set