PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 78 of 290

Finding 0days in Enterprise Web Applications (MCH2022)

Enterprise web applications have been deployed rapidly to the internet over the last ten years. Often, these applications remain secure, purely due to how difficult it is getting a copy of the source code. Unsurprisingly, some of the most popular enterprise web applications contain critical pre-authentication vulnerabilities. This presentation discusses how to get your hands on enterprise web applications and how to audit them for vulnerabilities, demonstrated through the disclosure of multiple 0days in popular enterprise web applications. When performing offensive source code analysis, the road to critical pre-authentication vulnerabilities usually involves a treacherous journey. From obtaining the source code, to mapping out sources and sinks, this presentation will take you on this journey to finding critical bugs in the following software: - IBM Websphere Portal / HCL Digital Experiences - Solarwinds Web Help Desk - Sitecore Experience Platform - VMWare Workspace One UEM (AirWatch) By experiencing the discovery process of 0days in popular enterprise web applications, this process can be repeated on the enterprise applications your company uses. The vulnerabilities discussed in this presentation have all gone through a responsible disclosure process. about this event: https://program.mch2022.org/mch2022/talk/EF7VSC/

Jul 24, 202241 min

An Ontology Of Electronic Waste (MCH2022)

This talk will investigate how the concept of private property has fundamentally altered our behavior towards the environment. We will investigate how an alternative ontology of electronic waste is needed and argue why dumpster diving, hacking and reverse engineering abandoned electronics is more relevant than ever to tackle this problem. Within the discourse that surrounds the global rise in electronic waste, only a select range of subjects receive attention from the public - international relations, global waste management strategies and corporate greenwashing rhetoric that emphasizes a ‘circular’ economy. Although the legitimacy of these strategies can be debated, they fail to address the root of the problem. Following the pervasive concept of private property and how it has infiltrated the ways in which we think about ourselves, our relationships between each other and the environment, we will arrive at how this concept has solidified itself within the ontological frameworks we use to make sense of waste and electronic waste in particular. We will discuss how, when we get rid of the concept of private property (and subsequently the concept of waste), we can reimagine what abandoned electronics mean to us and how we can best address the incessant pressure from manufacturers to treat them as expendable, throw-away objects. We will discuss how collective dumpster diving, hacking and reverse engineering abandoned electronics might be a possible solution and present free and open source tools that could aid us in the process. about this event: https://program.mch2022.org/mch2022/talk/QZDECX/

Jul 24, 202248 min

Scientist Rebellion (MCH2022)

I present background, rationale and future plans of Scientist Rebellion, a growing international group of currently over a thousand scientists venturing into civil disobedience since writing more papers about the climate emergency does not yield the needed political sense of urgency and actions. I'll present Scientist Rebellion, an international group of scientists taking the scientific view of the climate emergency seriously, stepping away from writing yet another paper giving the same warnings and venturing into civil disobedience. We've had worldwide (27 countries) actions and growing rapidly, as more scientists feel the necessity for society to do more (not just throwing more money at companies when they promise to be less polluting, but strict laws preventing such pollution levels). Dutch site: https://www.scientistrebellion.nl/ International site: https://scientistrebellion.com/ about this event: https://program.mch2022.org/mch2022/talk/9LZJYH/

Jul 24, 202248 min

Building modern and robust Web-Applications in 2021, without writing any JavaScript (MCH2022)

Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet. Looking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak. Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet. Looking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak. Let's have a look at the Phoenix Framework, a modern approach to building Web-Applications in Elixir, on the Erlang VM, without having to resort to a multitude of languages and frameworks. In this talk we will - **NOT** pick a JavaScript framework like React or Angular - **NOT** write a single line of JavaScript - **NOT** care about Erlang or it's Syntax - **NOT** spend hours to making the application WebSocket-capable and feel "live" But we will - write a state-of-the-art application that looks and feels professional in record time - have tests for every feature, buttons, links or forms we implement (test-coverage upwards of 90%) - have formatted our code, linted, error checked - run the test-suite, before every commit about this event: https://program.mch2022.org/mch2022/talk/L3HRXH/

Jul 24, 202243 min

Hacking the pandemic's most popular software: Zoom (MCH2022)

Last year we won Pwn2Own by demonstrating remote code execution, using a chain of three vulnerabilities, on the then latest version of the Zoom client. In this talk we would like to share all details of the vulnerabilities we found and how we combined them into a fully working exploit. When the pandemic required everyone to work from home, we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the world famous Pwn2Own competition decide to add an 'Enterprise Communications' category to last year’s competition. Everyone who was able to successfully demonstrate a zero-day attack against Zoom or Microsoft Teams would be rewarded $200,000. We decided to take them up on this challenge and started researching Zoom. This resulted in a working remote exploit against the at the time latest version of Zoom that would give the attacker full control over the victim’s system (CVE-2021-34407). During this talk, we will walk you through how we started our research, explain the vulnerabilities that were found and finally how those vulnerabilities were incorporated into the exploit that successfully performed the attack during the contest. about this event: https://program.mch2022.org/mch2022/talk/QVXXUP/

Jul 24, 202248 min

Lightning Talks Sunday (MCH2022)

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks about this event: https://program.mch2022.org/mch2022/talk/PUNDRB/

Jul 24, 20221h 19m

UBports: Imagine a phone that does everything you expect and nothing you don't. (MCH2022)

This talk explains what the UBports Foundation does: managing the Ubuntu Touch OS for mobile devices. The challenges, the why, what and how. The world needs another phone OS. With more focus on privacy. And the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices. In this talk we tell you why. We tell you about our challenges and how we try to solve them. This means we tell you the "what" What is VoLTE and why do we need it in an open source phone OS? And we tell you the "how" How are we working on VoLTE support in Ubuntu Touch? How is knowledge management organized? How do we develop software? How are devices supported? The world needs another phone OS. With more focus on privacy. And the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices. In this talk we tell you why. We tell you about our challenges and how we try to solve them. This means we tell you the "what". For example: What is VoLTE and why do we need it in an open source phone OS? And we tell you the "how" How are we working on VoLTE support in Ubuntu Touch? How is knowledge management organized? How do we develop software? How are devices supported? about this event: https://program.mch2022.org/mch2022/talk/HR9XSQ/

Jul 24, 202243 min

My journey to find vulnerabilities in macOS (MCH2022)

My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs. My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will walk you through how I solved the following steps: - Fundamentals how I find vulnerabilities - Basics about the "extra" security protections in macOS - How to get payload delivered with one click - Code execution with arbitrary mount - Gatekeepper evasion - TCC protection evasion - SIP -protection evasion - Timeline - How Apple will credit the researches about this event: https://program.mch2022.org/mch2022/talk/973QGG/

Jul 24, 202239 min

All you never wanted to know about the Banking System and why it keeps crashing Economics. (MCH2022)

Based on the world´s first, and as far as we know still the only accurate double entry bookkeeping based simulation of the banking system, we will talk through how fractional reserve banking really works from a network perspective, and how it has influenced both economic activity and economic theory in many unappreciated ways. If you want to be able to predict what the central banks will do next, and how to make sensible financial decisions despite this, this is the talk to you. Inflation is back, and it´s still the same. We´ll also talk about ways to contribute to the development of economic models and simulations that are based on real economies, and not on a 30 year practice of fitting a very short mathematical ruler, to a very long curve. It all started innocently enough, with an attempt to build a simple banking simulation in python of the standard Economics 101 textbook description of the banking system. This failed to work as soon as loan repayments were put in. The next version was a little more complicated, agent based, and used double entry book keeping, and the version after that added some simple economic features like widget producers and households (which actually makes it as sophisticated as "sophisticated economic models" (it´s still nowhere complete though), and has been used to enlighten/confuse several classes of computer science students at Reykjavik University in Iceland. Along the way we learnt how money gets created and destroyed, how several different kinds of bank regulation actually worked, identified several positive feedback loops in the financial system, how international money transfers don´t actually transfer money, and why it was probably inevitable cryptocurrency would re-invent fractional reserve banking right after they reinvented its book keeping. about this event: https://program.mch2022.org/mch2022/talk/T3CLJC/

Jul 24, 202251 min

Modernizing the Tor Ecosystem for the Future (MCH2022)

In this presentation, we will be updating the audience on the ongoing modernization efforts of the software developed inside The Tor Project -- the organization behind the most widely deployed anonymity network. We will look at upcoming features and changes to the core technology that drives the Tor network and why a Browser may no longer be the only product we have to provide for the user-base that is so crucial in need of Tor's anonymity properties for safe internet access. The Tor ecosystem is currently going through a more extensive modernization phase where we are simplifying our goals slightly to make space for larger projects that we find necessary. This work includes implementing a new, more memory-safe Tor implementation in the Rust programming language named Arti. This work will make it easier for application developers to integrate their applications and benefit from the safety features that Tor can provide. Additionally, we will talk about some recent or upcoming changes to the network: - Give a status update on deploying modern congestion control algorithms in the Tor network. This work should significantly enhance the performance barrier that most Tor users experience. - The roadmap towards UDP support in the client and relay software. This work should allow more modern use-cases of the Tor software such as voice and video communication, WebRTC, and other protocols that leverage datagram-based data transfer. - Move to more modern cryptography in Tor's protocols, including support for Post-quantum cryptography and why this is needed. - Allowing Tor users to access the network using a VPN-like tunneling mechanism as an alternative to simply web-browsing and other socks5 enabled applications. about this event: https://program.mch2022.org/mch2022/talk/MUP7MX/

Jul 24, 202249 min

Trusted CDNs without gatekeepers (MCH2022)

I want a Web where CDNs are unnecessary. Where different organizations, different website operators, can help each other out by hosting assets for each others' websites, thus spreading the load across many orgs in solidarity, instead of centralizing it in gatekeepers. I believe I might slowly be getting to a point of having a decent answer to that question. No blockchain required. What if I told you the [code for this is already mostly there](https://gitlab.com/rysiekpl/libresilient/)? All major browsers support Service Workers and Subresource Integrity, which means we can have a piece of JS that: 1. only gets updated from the original domain 2. handles all requests for the website 3. routes these requests to the original domain, or hits third party endpoints when the original domain is unavailable for whatever reason 4. has ways of distributing and checking Subresource Integrity on any fetched resource. And we do! Points 1. and 2. are assured by Service Workers API, so browsers enforce that. Point 3. can be achieved with [LibResilient's the alt-fetch plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/alt-fetch.js). Point 4. is the job of [LibResilient's signed-integrity plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/signed-integrity.js). This is all very PoC. Documentation is lacking or non-existent. But it's already there, ready to be tested and improved. about this event: https://program.mch2022.org/mch2022/talk/W7MB7H/

Jul 24, 202246 min

Hacking COVID: Hackers helping the government (MCH2022)

During the COVID19-pandemic the Netherlands turned to hackers to help them make digital solutions to fight the pandemic. Why was it? What does this do to a government body like ministry? What does this mean for privacy, security and the tech choices that are made? In 2020, when the pandemic started, scientists suggested to also digitally support fighting the pandemic. One of the suggestions was digitally supported contact tracing. After first asking the market for solutions the Dutch Ministry of Health, Welfare and Sport decided to self build open, privacy friendly, secure and accessible solutions with help of a large open source community. When vaccinations became available and timeframes for building solutions were near impossible the next step was clear: get hackers involved. This isn’t just to stick to the values, but also to create solutions in ways that aren’t always common for governments. How do you hack processes and rules to create what some ministries called magic? This talk will tell the inside hacker tale of the pandemic and show the dilemmas that were overcome. This is a story of hackers in a ministry at the heat of the moment. about this event: https://program.mch2022.org/mch2022/talk/BVGYKQ/

Jul 24, 202248 min

Hacking UK train tickets for fun, but not for profit (MCH2022)

We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. This is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? We'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own! We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. This is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? We'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own! about this event: https://program.mch2022.org/mch2022/talk/XMCUHG/

Jul 24, 202231 min

Building a cheap laser harp for percussionists (MCH2022)

A laser harp is a magic musical instrument that makes sounds from light beams. Ever since Jean-Michel Jarre used a laser harp in his live concerts to play Rendez Vous 2, many people have dreamt to play one. But they are ridiculously expensive! Klaas van Gend will discuss his ongoing journey with Pascal Ahout to design a cheap and simple laser harp suitable for a local percussionist group. A revolutionary simple laser harp, using only an Arduino board, and no moving parts. Hopefully, at the time this talk happens, the design is ready to be demoed, so we’ll end with a live demo or a video recording showcasing our working laser harp. The director from St. Caecilia percussionists group Lieshout-Mariahout in Brabant always wants to go beyond just playing music. He loves to bring in nonstandard instruments, video or lighting tricks. For an upcoming show, he wants to compose a new piece with a laser harp. As usual, he came to his audio and lighting engineer Pascal Ahout, who asked software engineer Klaas van Gend to join in. Together, they started designing a reliable laser harp from scratch, reviewing various sources on the internet and revisiting all design decisions. Their laser harp design looks remarkably different – no moving parts, no complex optics and cheap! This talk will show the design process, implementation details and hopefully the results. Indeed: the development is not done yet. So we may end the talk explaining why our ideas weren’t smart enough… We’ll have to see! But we intend to end with a working demo. about this event: https://program.mch2022.org/mch2022/talk/KBEJVL/

Jul 24, 202242 min

IOT: International Outage Technology (Disclosure of DIVD-2022-00009) (MCH2022)

DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company. But, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what... While Jelle is enjoying his vacation his DIVD colleagues, Chris van 't Hof, Célistine Oosting and Frank Breedijk, will present the story of one of the more significant vulnerabilities discovered by DIVD this year. The long windy but mostly slow and silent road to disclosure and remediation and how mitigation did not take away all the risks. This talk digs into the, up to this point, untold story of case DIVD-2022-00009 and will include numbers "Doc" Brown will jealous of. about this event: https://program.mch2022.org/mch2022/talk/FEZFET/

Jul 24, 202218 min

A Brief History of Automotive Insecurities (MCH2022)

Automotive hacking hasn't started with Miller/Valasek in 2015 - and it hasn't ended with it, either. This talk will give an overview of automotive insecurities of the past ~10 years, a brief history of some kind. I will also provide an outlook on what the future on four wheels might hold, security-wise. This talk will give an exhaustive overview of all the automotive hacks in the past 10 years, and analyze the technical issues and vulnerabilities that have been exploited. Ranging from the automotive hacking papers in the early 2010-ies by US researchers, towards the infamous Miller/Valasek presentations starting 2015, the magic work of KeenLabs and 360 Group, and covering comma.ai, the different Tesla hacks, entry system relay attacks and the recent ADAC study, towards AI-confusion attacks. I will try to analyze the underlying vulnerabilities, how they can be (respectively are already) prevented in modern vehicles, and what the future holds. about this event: https://program.mch2022.org/mch2022/talk/TVYLPH/

Jul 24, 202250 min

Freedom, Ownership, Infrastructure, and Hope (MCH2022)

How should we live together? How do we make a complex, interdependent, infrastructural society less exploitive? In this talk, we'll try to frame questions, if not answers, grounded in the context of the political changes required to mitigate and survive climate change, global fascism, and hypercapitalism. This talk starts from two threads. First, the common understanding of "freedom" derives from the institution of slavery. Looking at alternate definitions provides the foundation for rethinking the building blocks of society and human interaction. Second, climate change represents an immediate existential threat to human civilization, but mitigating it is no longer a question of technology — only of collective will. If we insist on maintaining existing structures of ownership and inequality, we significantly reduce our chance of survival. However, these questions of freedom, ownership, and equity aren't just political questions, they're directly encoded in the infrastructure we all rely on to survive — that same infrastructure that we currently need to replace, almost wholesale. In reality, any path to survival will imply a muddle of adaptation, mitigation, replacement, and elimination, both of infrastructural components and of elements of the social contract and its governance systems. Harm reduction is more important and more probable than ideologically perfect revolutions (or even evolutions). However, plausible visions of the future are a critical ingredient for the hope we need to continue the work, and will also directly shape that work. Most folks who live in ownership societies (almost everyone, now) find the idea of moving away from an ownership model terrifying, because it means giving up those things that give them a sense of security. Understanding the emotional interiority of life in a post-ownership society can change that, and understanding the dynamics of different freedoms can help us understand how we might get there. As people who build infrastructure, we can play with the social models our infrastructure encodes — and have been doing so for decades. Likewise, we can (and have been) rebuilding pieces of the social contracts that shape our personal lives. This talk aims to leave you with new questions and new directions for that work. about this event: https://program.mch2022.org/mch2022/talk/VPKCC7/

Jul 24, 202250 min

PSD2 a banking standard for scammers? (MCH2022)

Payment Service Directive (PSD2) is a fairly recent directive in Europe when it comes to electronic payments. For most of us this has happened invisibly. Although this new directive creates a lot of opportunities for fintech companies it also puts the privacy of tenths of millions of people in the hands of private companies. This talk will discuss the opportunities this will provide within Europe both for Fintech's... and scammers. In 2020 the Payment Service Directive 2 (PSD2) has become the directive governing banking in Europe. This means that for financial transactions between businesses, persons and banks a new European-wide payment system is available. While before PSD2 in order to be able to act as a Payment Service Provider (PSP) you needed to be certified by the local central bank, now with PSD2 this is no longer necessary. This means all transaction data for an IBAN number going back up to years can be queried by commercial parties investing a few hundred euro’s. An example will be shown how easy it is to overlook giving consent for this data exchange and how to revoke this consent. This talk will discuss the opportunities this new directive will provide EU residents, but will also show what implications this has in terms of privacy and how it enables scammers to automate scams. about this event: https://program.mch2022.org/mch2022/talk/MDKSB9/

Jul 24, 202229 min

Electric Vehicles Are Going To Suck; Here's Why (MCH2022)

Electric vehicles present a real opportunity to take a step towards better designed, more reliable, and sustainable transport. Instead, electric cars have become nightmarishly complex gadgets whose limited lifespans will make them less sustainable than a diesel pickuptruck running on whale oil. This talk will explore the problem, and make a few suggestions as to what could be done about it. I want my next car to have an electric motor, I want it to push the boundaries of what is capable with a battery and I want it to be an automotive tour de force that represents a real advance over my gasoline car in terms of lifetime sustainability. The switch to electric cars represents an opportunity like no other to deliver a new type of car that doesn’t carry the baggage of what has gone before, but what I see in the electric cars available to me just doesn't live up to that dream. The car industry now makes cars that don't rust and don't wear out, so for planned obsolescence they now rely on technological complexity to ensure they reach the scrap heap long before their promise of true sustainability can be realised. This talk will attempt to deconstruct the problem, and look at how it might be remedied. about this event: https://program.mch2022.org/mch2022/talk/M3D7UA/

Jul 24, 202238 min

Heuristic Park (why we can fake it until we make it) (MCH2022)

Why do we believe in fake news? What are news siloes? Why can't we seemingly find a solution to discussions like blackface or the corona-deniers How to break your bubble. This lecture discusses the psychological reasons as seen from the perspective of a social engineer. Why do we believe in fake news? What are news siloes? How to break your bubble. - - about this event: https://program.mch2022.org/mch2022/talk/VLVBVG/

Jul 24, 202248 min

Programming microcontrollers in Go using TinyGo (MCH2022)

Go is often thought of as a server programming language, especially one used for microservices. However, I argue that it can also be a good language for much smaller systems: microcontrollers. Especially with the Internet of Things there is a need for a language that is safer, easier to use (harder to misuse) and easier to build and test. For many years, C has been the dominant language in the embedded world and especially microcontrollers. Almost all embedded systems are written in C. The last few years this has been changing, with new languages being used for this purpose: * [Rust](https://www.rust-lang.org/what/embedded) has seen rapid growth in embedded systems with its focus on safety and expressiveness. It is in fact a great replacement for C, as it is just as low level and efficient as C but without all the footguns. However, many people find this language hard to learn. * Another language that's sometimes used is Python, in the form of [MicroPython](https://micropython.org/). This is in fact what powers the SHA2017 and MCH2022 badges. While the project is an amazing accomplishment, it still suffers from the fact that the language is interpreted and there are limits to how fast it can be. * Some people have also used other languages, such as [Lua](https://nodemcu.readthedocs.io/en/release/), [JavaScript](https://www.espruino.com/), [Oberon](https://www.astrobe.com/), [Forth](https://hackaday.com/2017/01/27/forth-the-hackers-language/), [Ada](https://blog.adacore.com/ada-on-the-microbit), and probably others. I'm not aware of a language that got much further than experimental or very specific uses. * Then there is [TinyGo](https://tinygo.org/), which is a new compiler for the Go language and primarily targets baremetal embedded systems and WebAssembly. This is what I will talk about. TinyGo is a new compiler for the Go programming language. Its goal is to implement the Go language specification, be able to compile most of the Go standard library, but still optimize well enough so that binaries can run on a range of large and small embedded systems. It optimizes much more aggressively than the main Go implementation and the resulting binaries are able to run on systems ranging from the Arduino Uno, to the BBC micro:bit, to the MCH2022 badge with an ESP32 chip. I believe TinyGo offers most of the ease-of-use benefits of interpreted languages while providing most of the performance benefits of languages such as C. In this talk, I will cover what kinds of problems C can cause, why Go can be a great fit on embedded systems, an explanation of some optimizations that it does that help lower its code size and RAM consumption, and some examples of projects written using TinyGo. Oh, and of course some demos. about this event: https://program.mch2022.org/mch2022/talk/MNE98G/

Jul 24, 202230 min

GPS ankle monitor hacking: How I got stalked by people from the Arab Emirates (MCH2022)

Ankle monitors are devices typically used by law enforcement to track offenders, have you ever wondered how they work - which potential vulnerabilities they have or where to buy one ( or many )? This talk is about hacking electronic ankle monitors built by various Chinese manufacturers - and the protocols and software they use. Ankle monitors are devices used by law enforcement to track offenders - typically ones on house arrest. They contain various sensors and GPS, WiFi, Cellular and sometimes RF communication to transmit data and determine their position. This talk will go into detail for various brands on how they communicate with their servers - potential vulnerabilities and ways to escape/avoid detection. This talk concerns Chinese vendors of ankle monitors - but the processes are applicable to different brands and types as well. I will discuss how I developed a server which can be used with 4 vendors of these devices - and how I got the protocol documents for each of them through a bit of social engineering. The focus will be on the technical details of how your location is determined - which fallbacks are used in case locating falls - and how data is communicated to the server - and the security implications of all of this. Some of devices are used by small nations to track for instance immigrants for COVID tracking - we will discuss the implications of this. about this event: https://program.mch2022.org/mch2022/talk/DK3VKB/

Jul 24, 202248 min

IRMA and Verifiable Credentials (MCH2022)

Nowadays, when a user wants to authenticate mostly centralized systems, such as DigiD in the Netherlands, are utilized. Extreme events can impact the reliability of such systems. Decentralized, and more privacy-preserving systems, such as [IRMA](https://irma.app/) can help to build more reliable authentication infrastructures. With IRMA, a user can store signed attributes, such as their full name or address, within the IRMA mobile app. Subsequently, the user can disclose a subset of her attributes to parties during an authentication session. The [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) standard helps to make such systems interoperable, that is, users can use attributes across different credential systems. With a proof of concept, we show how to make IRMA VC-compliant. During extreme events, such as power outages or big floods, centralized systems are especially vulnerable as their availability can be impacted. This could result in that the whole system is unusable. Therefore, it is beneficial to develop decentralized infrastructures, as one is not dependent on centralized components. Digital authentication nowadays is mostly done via centralized systems, such as DigiD, the authentication system of governmental services in the Netherlands. Every authentication session goes through a central authority, which makes the system centralized. Additionally, from a privacy-perspective, an issue is that such a system can keep track on which sites users authenticate. To achieve more system reliability and more user privacy, it is desirable to develop authentication systems that are working in a more decentralized manner. One existing solution to this challenge is [IRMA](https://irma.app/). IRMA stands for I Reveal My Attributes and is developed by the Dutch non-profit organization [Privacy By Design](https://privacybydesign.foundation/). A central element of IRMA is a mobile app, which the foundation promotes as a digital passport on your own mobile device. Users can collect signed attributes, a set of attributes is called a credential, from authoritative parties. An attribute is for instance, your Dutch BSN, full name, or email address. IRMA protects the privacy of individuals by letting the individuals decide which attributes they want to disclose to whom, and by implementing advanced cryptography, including zero-knowledge proof techniques. Consequently, the receiving party can validate the authenticity of the disclosed credentials without the need to contact the party that issued the credentials. [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) is a standard developed by the W3C. It provides a data model and a syntax aiming to make credential systems interoperable, for instance, it can enable users to disclose credentials issued by one system to another system. Currently, IRMA can only be used within the IRMA ecosystem, that is, among servers and mobile apps that use the IRMA attributes. However, it would be desirable that people are able to use such advanced technologies and authentic attributes on the entire web across different systems. This avoids that people need different apps to be used, that could contain the same attributes, with different systems. Our research shows that it is possible to make IRMA VC-compliant via a proof of concept. Subsequently, through VCs, IRMA attributes are available for servers and apps outside the IRMA ecosystem. Similarly, other credentials can become universally verifiable. As decentralized systems become increasingly more available, governments and other organizations can utilize reliable and privacy protecting authentication widely. This benefits everyone – even and especially during extreme events. about this event: https://program.mch2022.org/mch2022/talk/3HTP8D/

Jul 24, 202230 min

Running a mainframe on your laptop for fun and profit (MCH2022)

Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that! Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that! about this event: https://program.mch2022.org/mch2022/talk/PBHJCP/

Jul 24, 202244 min

TIC-80 byte jam (MCH2022)

TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. TIC-80 is a fantasy console with limited resources like 240x136 pixels display, 16 color palette, 256 8x8 color sprites, 4 channel sound , etc. This gives the TIC-80 a very retro look and feel. This byte jam is a good representation of the demoscene, where coders/hackers with very limited resources in hard or software make stunning audio and visual effects. In Europe the demoscene got status of cultural heritage in Finland, Germany and Polen and requested for Netherlands and other countries. If you want to join this TIC-80 byte jam add you name to this wiki page : https://wiki.mch2022.org/Projects:Demoparty about this event: https://program.mch2022.org/mch2022/talk/PG8QBM/

Jul 23, 20221h 29m

The smart home I didn't ask for (MCH2022)

What happens when your home is “smart” before you even move in? More and more buildings are pre-installing smart devices that tenants didn’t ask for and may not want. These devices focus on comfort and convenience, an excellent focus as long as security is also considered. Given the deep integration these devices have, a vulnerable system could lead to devastating consequences like the loss of privacy and even unauthorized access. As a security researcher, these were my thoughts when I saw the tablet mounted on the wall of my new apartment. In a short period, I discovered multiple vulnerabilities in the system. A concern for sure, considering the system allows for remote access and has integration with services in my apartment and the building. This talk will cover my path, my process, and coverage of the vulnerabilities I discovered. The smart home system is based on a wall-mounted Android tablet, and is installed in thousands of properties throughout Europe. It allows for controlling lights, heating, motorized blinds, opening a building's main entrance door among other things. The talk will contain the following contents: * Introduction * Presentation of the smart home system * Methodology * How did I evaluate its security * Findings * Description of vulnerabilities found * Impacts and countermeasures * Disclosure timeline * Interactions with vendor * Raise awareness * Conclusion about this event: https://program.mch2022.org/mch2022/talk/JPLREJ/

Jul 23, 202231 min

Signal: you were the chosen one! (MCH2022)

This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool. In his seminal work ["The ecosystem is moving"](https://signal.org/blog/the-ecosystem-is-moving/), Moxie Marlinspike laid out clearly the reasons why it's impossible to do what [Matrix](https://en.wikipedia.org/wiki/Matrix_(protocol)), or [the Fediverse](https://fediverse.party/), or for that matter the Web, have done: create a dynamic, quickly-evolving ecosystem without centralizing it. For years, as a person responsible for information security of at-risk reporters and their sources, I have been advocating Signal as a secure Internet messaging service. And with good reasons. Criticizing a security-sensitive tool like Signal is tricky, as it might be misconstrued as a call to abandon it, and move to alternatives that might be in fact worse. But here, at a hacker conference and with little risk of causing confusion and diverting users towards less secure platforms, can we please have an honest conversation about Signal's problems? And how 5 years after that blogpost, moxie's centralization has not solved them?.. There are good reasons to exert a level of control over what connects to a communication network. But effectively shutting out a community of developers that would love to implement Signal clients [for](https://gitlab.com/rubdos/whisperfish) [less](https://open-store.io/app/textsecure.nanuc) [popular](https://forum.pine64.org/showthread.php?tid=8505) [OSes](https://forums.puri.sm/t/how-can-you-install-signal-on-the-librem-5/10244) (many of which happen to attract the kind of infosec-aware crowd that used to be the core pushers of Signal) is not a good outcome. Opening up more on the client side and providing some form of independent client development program (starting with a stable API) would already help a ton. Even if it's just the desktop client that gets re-written in something that is not in essence a packaged browser [trailing it's upstream on security patches](https://news.ycombinator.com/item?id=22239791). Finally, we need to talk federation. Does it make moving fast and breaking things more difficult? Yes, yes it does, and that can be a good thing. It also makes the resulting federated service more resilient (one [service provider experiencing issues](https://www.indiatoday.in/technology/news/story/signal-users-globally-experiencing-issues-company-working-on-a-fix-1759524-2021-01-15) does not bring the whole network down). And, it lets others innovate without being locked out. about this event: https://program.mch2022.org/mch2022/talk/7QRECD/

Jul 23, 202231 min

Non-Euclidean Doom: what happens to a game when pi is not 3.14159… (MCH2022)

We all know that the value of pi is a constant with a particular immutable value. Anyone who has done any graphical programming also knows that visual rendering relies not just on pi but trigonometry more broadly as well as other mathematical techniques. If we look into the source code of the first person shooter Doom we find that the value of pi used in the game is wrong. In this talk I will explore what happens when we subtly and not so subtly break math in the source. Doom is a well known classic first person shooter game with source code released under the GPL in 1999. In this talk I will begin by exploring what happens to the game when we make the value of pi even more wrong. What about when we change other trigonometric functions and constants to incorrect values? How will our familiar understanding and ability to traverse this virtual world change when we do this. Are there any interesting gaming possibilities with non-Euclidean geometries? A brief segway will cover some optimization tricks made to enable the game to run well on hardware available at the time. At the end I will provide a link to other games and public source code repositories that also use an incorrect value of pi. Pointers will also be provided to allow the audience to compile their own incorrect math version of the game. about this event: https://program.mch2022.org/mch2022/talk/ZM99EG/

Jul 23, 202219 min

How to charge your car the open source way with EVerest (MCH2022)

We will give you a short overview over the current electric vehicle charging technology and why it sucks. Let's try to fix it with the open source software stack EVerest! We will explain the technology and architecture behind it and will invite you to join our efforts forward to a green sustainable transportation infrastructure. Building a standard for EV charging infrastructure failed so far for multiple reasons: "Innovations" are implemented on a timescale of years to decades, and the standard is typically “designed by committee”. Every new player in the game has to reimplement the standard and it's done typically “very lean”, which is furthermore delaying and bugging the situation. Our solution is to establish a open-source based SW stack for charging systems, which all companies, manufacturers and private persons can use and make it the common de-facto standard. By opening the software for all, anyone can help improve it. We have already made some progress on our SW stack called EVerest and we would like to welcome you all in helping to transform the EV charging world. EVerest is part of the Linux Foundation Energy, a community lead by the green energy transition. about this event: https://program.mch2022.org/mch2022/talk/NUNPWD/

Jul 23, 202221 min

Electron microscopes - How we learned to stop worrying and love cheap lab equipment. (MCH2022)

A tale of sketchy^H^H^H^H^H^H^Hawesome online shopping, grimy scrap bins, and crazy DIY projects: The adventures of a few friends who set up an electron-microscopy lab (and much more!) without breaking the bank. For all audiences: whether you just want to see some cool micrographs, hear a story of hacker adventure, or, want to set up your own SEM - this should be a good time. This talk will have several parts: First we will tell you a story of a hobby that started with modifying an old classroom microscope for semiconductor imaging and has led to owning one, possibly two scanning electron microscopes (SEMs). You will see how 2020's logistics drama, COVID, language barriers, etc resulted turned the "simple" task of buying an electron microscope into a roller coaster of an adventure. Part two will look at the things we learned and what *you* should look out for if you want to get your own SEM: Things that will break, physics to watch out for, requirements for running it, and understanding the things that set different SEMs apart. Finally, we want to look at the future: Can we get a community of hackers building their own chips or replicating material science papers similar to the one we see abroad? Their achievements have been non-trivial to translate to European reality, but not impossible to. We hope to spur this on. about this event: https://program.mch2022.org/mch2022/talk/LE3MD7/

Jul 23, 202249 min

Decoding the Anker 3800 lock (MCH2022)

The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. Can it be opened without the key? This talk discusses how the lock works in a master keyed system and how it can possibly be defeated. It will cover decoding, picking and key duplication. The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. It was designed by Japanese company MIWA and is sold in the Netherlands under the Anker brand. It is a high security lock that is often used in large master keyed systems. I wondered: can it be opened without the key? I will present my adventures with the lock, having opened it up to see how it works, and several things I have tried to copy the key, pick the lock, decode the lock and find out what the master key looks like. The talk will include successes and failures and I will discuss designing 3D models, C&C work, electronics, Arduino programming, PCB design, and more. The talk is aimed at people with an interest in lockpicking. No prior knowledge is necessary. about this event: https://program.mch2022.org/mch2022/talk/XVBPNB/

Jul 23, 202250 min

Attribution is bullshit - change my mind... (MCH2022)

Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution. Expect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game. With this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to: • Highlight the value of decent threat intelligence • Establish why attribution can be valuable, but how it can be a distraction, or worse • Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution. Expect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game. With this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to: • Highlight the value of decent threat intelligence • Establish why attribution can be valuable, but how it can be a distraction, or worse • Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it about this event: https://program.mch2022.org/mch2022/talk/ATVVN8/

Jul 23, 202225 min

FreeSewing: sewing patterns based on code (MCH2022)

Tired of clothing stores not having your size, or that you're stuck in between sizes? So was Joost de Cock, he didn't - and doesn't - like how clothing stores base their clothing sizes on an imaginary average person; every person has a different body. That got him to found FreeSewing: the open-source platform that translates custom measurements into well-fitting sewing patterns with code. The platform is working towards becoming the Wikipedia of sewing patterns, with new patterns being released every few months, plus a bunch of guides on how to sew. The platform also provides guides for designers and developers, to transform patterns into code. This system based on code allows not only for custom measurements, but also for tweaking the pattern (e.g. longer sleeves, or a crop top) and recycling parts of one pattern into another - whereas a traditional sewing pattern is based on the measurements of a perfect mannequin, which is then graded up and down for different body types, which is known to have many downsides. This talk will not be held by founder Joost de Cock himself, but by an enthusiastic contributor. He will gladly go more in depth on how the code works, common pitfalls, the motivation behind it and how it helps against the rise of fast fashion - maybe encouraging some to pick up sewing themselves? A platform that can make tailored sewing patterns, it sounds great - but how does it work exactly? It definitely is an upgrade from traditional sewing patterns. Making sewing patterns may sound easy: they are pieces of fabric, shaped in a specific way and sewn in a specific way. For example, a t-shirt pattern will have these parts: a front, a back and sleeves. But to figure out the right shape, the average pattern designer will make their design based on the shape of their perfect mannequin, and they grade it up and down for different body types. Adapting the pattern for a different shape can be a tedious task. That's where FreeSewing comes into play: sewing patterns aren't based on the measurements of one fit model, but they're parameters; they vary based on what the user puts into the system. And the platform doesn't just provide sewing patterns; it also has a lot of guides available, for general sewing, specific sewing patterns and even on how to code a pattern into the system. This makes it not just a platform for sewists, but also for designers and developers. So, enough about how cool I think it is, what exactly do I mean with "sewing patterns based on code"? FreeSewing is written in JavaScript and the technique is quite similar to how you would draw a traditional pattern: a bunch of lines for the right measurements, but now a system is drawing those lines for you. A line needs a beginning point and an end point, usually also points that determine the curve; the 'coordinates' of these points are based on the measurements. The sewing patterns aren't just based on custom measurements, but you can also tweak them however you'd like (and within what's possible), e.g. wanting longer sleeves, or a crop top. Another advantage of having code as a base is that you can 'recycle' pattern parts from one sewing pattern into another. Not just the sewing patterns are easily accessible online, but also the software needed to create the code: the core library and patterns are available both for NodeJS and the browser. The code and markdown content is hosted by [Github](https://github.com/freesewing/). I'm happy that this project wasn't created by a capitalist overlord, but by someone who wanted to change the world for the better. Now there are a lot of sewing patterns available for all types of bodies and I hope it will encourage more people to start sewing their own clothes. Sewing is difficult to learn, not to mention coding, but it's so worth it. Luckily FreeSewing has a vibrant community where there's always someone ready to help with problems. My goal is to share this enthusiasm with others and maybe encourage some to pick up sewing or help out with coding. about this event: https://program.mch2022.org/mch2022/talk/M9JWKM/

Jul 23, 202231 min

ICS stands for Insecure Control Systems (MCH2022)

Last April we won Pwn2Own Miami by demonstrating five zero-day attacks against software that is commonly used in the ICS world. ICS, or Industrial Control Systems, are systems that are involved with running an industrial process, for example in a factory or power plant. Our targets range from SCADA to HMI systems. During this talk we would like to share details about the competition and the vulnerabilities we found. ICS is an interesting field for security research. As a successful attack could have devastating results. Luckily the number of successful attacks that truly targeted ICS environments are scarce. At the same time this industry faces some difficult challenges, such as high availability requirements, old technology and a low security maturity. Pwn2Own Miami is an annual edition of the Pwn2Own competition, that focuses solely on ICS applications. Targets range from OPC UA implementations (on of the main communication protocol in ICS), to data gateways and SCADA systems. They challenge competitors to find zero-days attacks against any of the targets. Participants need to demonstrate their zero-days by compromising a target machine running the latest version of the application. Last year we participated in the Pwn2Own Austin edition, which focused on Enterprise applications, with a zero-day chain against the Zoom client. This year we decided to participate in the ICS edition. It was a close race, but ultimately we beat the competing teams and won this year's edition. We demonstrated 3 RCE's, one DoS and an interesting certificate verification bypass, which in total was good for 90 points and $90,000. about this event: https://program.mch2022.org/mch2022/talk/KW7LDS/

Jul 23, 202243 min

Free children from the digital stranglehold (MCH2022)

The current digital educational system is dominated by tech giants. Fundamental rights, like the privacy, freedom and sovereignty of children, parents and educators are insufficiently secured. Ed-tech is mainly closed source and full of vendor lockins. Products are either overpriced, harvesting data, or both. The time to replace surveillance capitalist based Ed-tech by ethical open source alternatives is now. And our coalition for fair digital education is going to do it. Private companies do not have the same interests as public institutions like schools. Schools do not have the time, knowledge or budget to hack their own IT environment together. Hence, BigTech and Ed-Tech fix this problem for schools, by offering services that have a very low price tag in euro's, but the actual payment is in data: meta data, "service"-data and user-data. DPIA you say? *(Detailed Privacy Impact Analysis)* That will achieve sort-of-legally compliant services at max. If only the authorities would actually bite, but alas, enforcement is lax, and four years of GDPR and the IT environment in schools is still riddled with privacy risks. Essential online services are out-of-scope of the DPIA's and purposes like "product improvement" (read: feeding AI and machine learning algorithms) is GDPR-Okay. If you or your kid goes to a 'Google school' and is forced to use a Chromebook, you'll be producing data to train Google, and you will be trained to love Google services. Consequently children won't develop core digital skills or a critical attitude toward digital services. Thus, there is a huge gap between core values of big tech companies versus public values in the educational system. Therefore, enforcement to make Big Tech embrace those public values will never be effective. ​​​​​​​That is why we need to build a school IT environment based upon public values: transparent, open source, privacy-by-design, decentralized, fair and respecting our digital sovereignty. Our coalition for fair digital education is going to build this. This is a huge project and a lot of work, so join us. about this event: https://program.mch2022.org/mch2022/talk/AZVEA8/

Jul 23, 202249 min

RE-VoLTE: Should we stop the shutdown of 2G/3G to save lives?? (MCH2022)

A lack of VoLTE standardisation breaks voice calling globally. Your brand new smartphone may not work because VoLTE is screwed up by manufacturers and carriers. Voice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been standardized for years, but now that more and more 2G and 3G networks are shut down by operators, users discover their phones don't work anymore with basic voice calling. The cause is a massive mess in standardization, with a boatload of options and settings and vendors and carriers interpreting it differently, masked by fall-back to 2G and 3G and lack of "international roaming" agreements for VoLTE. Handset manufacturers decided to implement shortcuts (neglecting parts of the standards) or even worse, implementing white-lists with only mayor operators included, so you cannot switch operators anymore and are up for a big surprise while roaming in another country. The result: Even your brand new phone might be unable to provide voice calling in one country but work in another. Voice-calling might work if you're lucky, but you cannot reach 112/911, the eCALL system in your car fails after 2G/3G shutdown or you cannot receive an SMS you need for remote Two-Factor-Authentication while roaming in another country. It's such a disastrous mess, so should we stop the 2G/3G shutdown and get-it-fixed? This is a tale of a disaster still looming in most of Europe for Europeans, as 2G/3G still works as the fall-back mode of your device. As a result nobody noticed that VoLTE was screwed up. However many non-Americans roaming with their phones into the USA suddenly learn their brand new phone isn't working for voice-calls, as AT&T has shut down 2G/3G on July 1st 2022. Problems already did happen to users roaming into countries like India. Users who buy seemingly the same recent model of a supplier like Samsung or Apple, and think they are safe, might be up for a big suprise too. Months of testing needed per device was considered way too cumbersome and too expensive by many, so at best it was halfway done. Manufacturers decided to cope with it by curtailing the myriad of options and settings, included mobile-network-code white-lists or implement short-cuts (neglecting parts of the standards). With white-lists you suddenly are tied to an operator and changing your subscription from a major Mobile Network Operator to an MVNO, makes voice-calling on your brand new smartphone defunct, only allowing data communications working. The "advice" to complainers is just to use voice-apps, but these don't allow Emergency calls. eCALL devices built into cars that dial emergency numbers may work in your home country, but fail when driving in another land on your holiday. Roaming agreements between international carriers have up to now been made only between major operators in large countries, There are merely 50 international VoLTE roaming agreements actually working. If you are from a "small country" like Sweden, you're out of luck in the USA. Voice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been screwed up by an unholy alliance of handset manufacturers, carriers, the GSM-Association and IMS-core vendors and standardization bodies, who couldn't decide to settle VoLTE down to a limited set of options and prescribe large scale compulsory plugfests and compatibility tests. Regulators have looked away, expecting the "magic of the market would resolve all issues". Some vendors have engaged in favoritism with white-listing or don't deal with MVNOs and MVNEs, as they don't order millions of devices. This talk explains the cause of the mess and highlights the problems lurking in your brand new device. It provides real problems, with devices and disfunctional VoLTE, collected in 2021/2022. We should ask the question whether the announced shutdowns of 2G/3G in most of Europe have to be stopped. Must device manufacturers and carriers be forced to clean-up their act now, and halt their anti-competitive practices and favoritism, before people die as they cannot reach 112/911 during an Emergency? about this event: https://program.mch2022.org/mch2022/talk/7TVHSD/

Jul 23, 202229 min

HomeComputerMuseum, the making, the challenges and the importance. (MCH2022)

The HomeComputerMuseum's idea originated in 2016 and opened the doors in 2018. Since then, we faced several challenges but we came out on the other end and became one of the largest museums about computers with an award-winning social impact, an enormous social network, collaborations over the whole world and even are of essential importance to the Dutch government. The talk is about the original concept, how we build it to what it is now. The original concept of the HomeComputerMuseum is a hands-on computermuseum dedicated to the home computer or connected computers. Because a museum is a terrible businessplan I decided to create a few services, like repairs, selling overstock and reading old media. For this could not be done by one person, I decided to have people with autism help me by simply not putting a label on them. The businessplan was created and eventually a building was rented. The entire museum is physically built in 7 days (not even kidding) and we were off to a very rough start and even balancing on the edge of bankruptcy. However, we managed to stay afloat and we even moved to a much better and bigger building where we enjoyed for a full month before corona hit the museum. As an unsubsidized museum and without big sponsors we were faced a brand new challenge. But we overcame and grew stronger than ever.... (and then there's plenty of story to tell more). about this event: https://program.mch2022.org/mch2022/talk/XTJRMK/

Jul 23, 202251 min

Hacking the Quincy Drawing Robot (MCH2022)

This session will go over my journey to hack the Quincy drawing robot. This is a cheap 3-axis drawing robot, that uses a proprietary "closed" system. I wanted to hack this robot to draw Pokémon's for my son. I will explain how I deciphered the file formats, figured out how the robot could be controlled (which needed some very very difficult math!) and the software I made to create your own drawings. BONUS: At the end of the session you can WIN one of these Quincy Robots!!! This session will explain step by step the process I took to decode the proprietary file formats, using some simple python coding. This will give you an insight in general how you can try to decode file formats that are not documented. Besides understanding the files, the math behind controlling this robot turned out to be very complicated. I will explain the difficulty and if you are a Math Nerd you can see if you could solve this difficult challenge. Finally I will show the software I made to create your own drawing files. about this event: https://program.mch2022.org/mch2022/talk/787GY3/

Jul 23, 202224 min

Electronic Locks: Bumping and Other Mischief (MCH2022)

Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it. For whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research. In this talk, we look at a number of modern electronic locks and their security flaws. Surprisingly many current systems are susceptible to very simple attacks, like the equivalent of using bump keys. Of course, there are electronic and/or SW-based attacks, too. We’ll look at some of them, and at the underlying basics, so that you can do your own research. Some of the problems have been fixed by manufacturers, but typically only for future production runs, so you will get some practical advice on how to test your own hardware for these critical flaws. about this event: https://program.mch2022.org/mch2022/talk/KBVXRU/

Jul 23, 202229 min

Reverse engineering the Albert Heijn app for fun and profit (MCH2022)

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage. The Albert Heijn, everyone (in the Netherlands at least) knows it. It's one of the largest supermarket chains with a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage. AirMiles, tracking stamps for the current saving program, receipts, personal discounts. All these can be viewed or tracked within the Albert Heijn app. But, what if you want to track your savings over time? I want my pretty Grafana dashboard gosh darn it! This talk will go into the story behind randombonuskaart.nl (a website for a 'random' bonuskaart right when you need it), talk about how your private API is not really private and how we can use the Albert Heijn API to track various data and do tedious actions for us. The knowledge gained from this talk can also be used with other apps, but the Albert Heijn app proves for a very good example. about this event: https://program.mch2022.org/mch2022/talk/F88JGH/

Jul 23, 202229 min

Don't turn your back on Ransomware! (MCH2022)

Ransomware is making a comeback and attacking us all! Learn and sharpen your blades in order to defend against this multi headed monster! There’s a lot to learn from every ransomware attack. By demounting every bit of the attack and looking at every stage there’s much to gain for setting up proper detection and other defence techniques Remember those times when a popup appeared on your screen with the message to immediately transfer an amount of bitcoins to retrieve your files? Ransomware is still a serious threat to a lot of people and organisations and nowadays using more and more advanced techniques to target you and steal your data. This talk will tell us what Ransomware actually is, who’s writing the code and making money out of it, it shows us a bit of the Ransomware history and what types were out there, to better understand what we’re dealing with. And explain all of the ransomware attack stages and what you can do in terms of detection and defence inside your security operations. about this event: https://program.mch2022.org/mch2022/talk/8JETCV/

Jul 23, 202227 min

Repair for Future (MCH2022)

This discussion will start with a brief summary on the history of repair initiatives. We can report about our personal repair activities during the pandemic. Subsequently, I'll outline the achievements of the right to repair movement and we can discuss ideas for the future. During a peak in public interest, the repair café movement was caught by the covid pandemic. Many local initiatives adapted quickly and opened online repair consultation hours. In the german-speaking countries, a monthly central online repair café was established. I'll give a lessons-learned about the experiences and limits of these online activities. The political right to repair movement has brought many interesting improvements, for example the french repairability index or the European ecodesign directive. I'll talk about them and what else is to be expected in the near future. This is in interactive discussion format, so ideally I'll only present a few facts and guide through topics while the audience chimes in with their personal experiences and questions. Slides: https://pads.schaffenburg.org/p/Repair-for-future-MCH about this event: https://program.mch2022.org/mch2022/talk/ZNJYHC/

Jul 23, 202246 min

Taking Action against SLAPPs in Europe (MCH2022)

SLAPP suits (strategic lawsuits against public participation) are nuisance lawsuits designed to get journalists, activists, historians, whistleblowers and others to keep quiet. This kind of lawfare isn't new, but there is an increasing focus on the issue in Europe, with new legislation coming. Here's where you find out more. You receive a threatening letter from a major law firm, probably based in London, trying to stop your reporting, or your activism, threatening you as an individual as well as the organisation you are affiliated with - congratulations, you've just been SLAPPed. Strategic lawsuits against public participation (SLAPPs) are on the increase worldwide, and Europe is beginning to take notice. Lawyers' associations in Italy and Croatia report hundreds of nuisance suits being laid against journalists. In Hungary, Poland and Slovenia, the state and its allies are SLAPPing opponents - journalists, anticorruption activists, LGBTI+ rights advocates - with impunity. Litigation has been turned against the activist community, oligarchs try to silence debate and Eastern Europe has become the new home of SLAPP-based oppression, as politics slide into autocracy and leaders stamp down on dissent. Blueprint is part of an 11-country coalition working on the ground to train lawyers to help the victims of SLAPPs strike back. We're currently developing a curriculum from scratch, drawing on European human rights principles and local knowledge. If you want to understand the European situation better, or if you have experience of SLAPPS and can help us understand what kinds of legal training and other defences are useful to civil society, we'd love for you to join this conversation. about this event: https://program.mch2022.org/mch2022/talk/ZUYKEC/

Jul 23, 202248 min

How I made the municipality pay a 600.000 euro fine for invading your privacy (MCH2022)

When gathering data for public services becomes privacy infringement and what you as a citizen can do about it. Or: How I made the municipality pay a 600.000 euro fine for invading your privacy. In September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed? In September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed? Yes it is, claimed speaker and privacy activist Dave Borghuis. After a 4 year process the dutch DPA agreed and Enschede was charge a massive fine for its infringement. Now, can we learn from this case? Where does or should our privacy start? And what can we, as citizens, do to protect our freedom to move about in privacy? Read more on my blog https://daveborghuis.nl/wp/wifi-tracking/ about this event: https://program.mch2022.org/mch2022/talk/LQRMFA/

Jul 23, 202226 min

It's not just stalkerware (MCH2022)

Stalking is unwanted and/or repeated surveillance by an individual or group toward another person. But what is the impact of tech companies making it easier to do this with the development of technology? In the news, we hear about the increase in stalkerware found on devices or scary government spyware. But it’s not just that, there are so many more common tools used by stalkers. From September 2020 to May 2021, the number of devices infected with stalkerware increased by 63 percent, according to a study by Norton Labs. But stalkerware is not what I encounter most when I get contacted by stalking victims. Almost anyone can become a victim of stalking; stalkers do not just target celebrities. Sometimes they are ex-partners known to the victim, other times they may be a casual acquaintance, or just a simple stranger. With stalkerware, the actor needs access to the device or needs to persuade the victim to install something. In cases where the stalker is a (ex-)partner, that might be doable. But in other cases, it is easier to gain access to the accounts of the victim, gather information about the victim from social media, or use tracking devices (looking at you Apple and Tile) to follow the victim. Tech companies develop new apps and gadgets seemingly without thinking about other ways these can be used. And they end up making it easier to stalk someone. But what can we do about this problem? Should we lower efforts hunting stalkerware and help victims gather evidence? Or can we do something else. about this event: https://program.mch2022.org/mch2022/talk/THP7HG/

Jul 23, 202225 min

Lightning Talks Saturday (MCH2022)

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. about this event: https://program.mch2022.org/mch2022/talk/BZ3Y7X/

Jul 23, 202248 min

Climate Crisis: The gravity of the situation. What is going on? (MCH2022)

Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us. We will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations. Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us. We will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations. about this event: https://program.mch2022.org/mch2022/talk/UCSKRM/

Jul 23, 20221h 59m

What have you done against covid (MCH2022)

From complaining out loud about a televised government app-a-thon to being hired by the Ministry of Health, Welfare and Sport as lead developer RoHS running a team of devs to work on all the covid backend infrastructure exception routes and making sure no person is left in digital limbo in just under an hour. When late 2019 the first signs from China of the novel Corona virus came I was intrigued, During the first "lock down" in the Netherlands our Ministry of Health, Welfare and Sport created an app-a-thon . . and much hilarity ensued. As all geeks had seen . . nice ideas people . . but Apple and Google already have a standard agreed. And a lot of us "Dutch Hackers" where pretty vocal about it as usual. Meanwhile at "the ministry" a civil servant started hiring people from the Dutch hacker scene. Late December 2020 it came to their attention that there was some missing or ancient infrastructure in place for vaccine registration, not at all ready for the then upcoming vaccination landrush. 14th of December I get a call . . can you clean your calendar for the year? Sure . . just over two weeks, one of them I had planned as holiday anyway to watch CCCongres talks. . Little did I know they meant clear agenda for 2021 .. and 2022 . . not 2020. This story takes you from getting very privacy and security aware infrastructure for registering the first ever Covid vaccination in the Netherlands built and tested in 3 weeks to the current state of the DCC infra up close and personal. about this event: https://program.mch2022.org/mch2022/talk/PHSMTF/

Jul 23, 202246 min

Reclaiming our faces (MCH2022)

What are the risks and problems of face search engines like Clearview AI and PimEyes? Since institutional protection against these systems is failing us, how can we protect ourselves against this? Three people involved in the fight against biometric mass surveillance share their experiences and reflections. Come to this talk to exchange experiences, learn what tools there are for your protection, how to use them and how you can help stop the creep of mass surveillance technologies. Face search engines like [Clearview AI](https://reclaimyourface.eu/how-to-reclaim-your-face-from-clearview-ai/) and [Pimeyes](https://edition.cnn.com/2021/05/04/tech/pimeyes-facial-recognition/index.html) have all our faces and process our biometric data. They didn't ask us if we like their *service* and if they may use our data. Users of these search engines can now identify us anytime, anywhere. Since biometric data enjoy special protection under GDPR, we filed complaints in multiple European states. We report how data protection authorities did nothing for a long time and tell of the first successes. However, it became clear that GDPR does not protect against biometric surveillance. That's why we have joined forces to form the **[Reclaim Your Face](https://reclaimyourface.eu/)** campaign. Together, we call on the European Commission to strictly regulate the use of biometric technilogies in order to avoid undue interference with fundamental rights. In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance. The two face search engines are not the only examples of everyday biometric surveillance. However, it is difficult to track where else we are being monitored: There is a lack of transparency and oversight. Public authorities and private companies rarely report on their own what they have been up to. We share how we've used FOIA requests, among other things, to create a little more publicity. about this event: https://program.mch2022.org/mch2022/talk/SQQ3D9/

Jul 23, 202228 min

Honey, let's hack the kitchen: (MCH2022)

Attacks on cyber physical systems are perceived as necessarily complex and requiring significant time and resources. However, in the last couple years we have also observed the inverse: simple attacks where actors with varying levels of skill and few resources gain access to software and interfaces that control physical processes. These compromises appear to be driven by ideological, egotistical, or financial objectives, taking advantage of an ample supply of internet-connected cyber physical systems. This is sometimes concerning, for example when it is affects panels for controlling processes in a water facilities or manufacturing processes. Sometimes, though, it is absurd, such as when the critical systems actors claim to compromise are in fact toys or domestic appliances. In this talk, we will share a series of stories of success and failure involving low sophistication compromises on cyber physical systems. We will describe the different types of cases we have observed, what the actors did, and how you can reproduce them for good. At last, we will discuss to what extent these crimes of opportunity represent a risk to cyber physical systems and what we can do about it. In november 2021, I presented a version of this talk at a local non-profit event in Bergamo, Italy. For this event - NoHat - I focused on sharing the stories of low sophistication compromises we observed involving software used to control physical processes. However, for MCH I did some modifications in the title and the presentation itself to share not only the cases, but also how to reproduce them for good. The purpose of this talk is to share with the audience how actors without necessarily a lot of skills or resources are using very simple tools to hack cyber physical systems. I will do some experiments to show very quick results the audience can get reproducing these techniques so that they learn how to find these internet-connected cyber physical assets and notify the owners. The outline of the initial presentation was: • Introduction o Story: Hacked kitchen was supposed to be a gas system • Define low sophistication cyber physical compromises • (De)evolution of cyber physical threats o From state-sponsored to financial, and now opportunistic • Describe low sophistication compromises of cyber physical systems o Distribution and claims of exposed systems o Seeming actor motivations o Common actor techniques o Types of evidence (or lack of) • Low Sophistication Threat Actors Access HMIs and Manipulate Control Processes o Oldsmar, Florida modified HMI on water facility o Israel’s advisory on compromises to water facility systems o Solar energy and dam surveillance system o Hotel BAS • Amateur Actors Show Limited OT Expertise o “Train control system” was in fact a human resources tool o Second “train control system” controls toy trains o Website leaks claiming access to SCADA systems • Hacktivist and Researcher Tutorials o Two hacktivist groups share tutorials for finding and compromising cyber physical systems o Researchers have done too – including a couple examples, such as a recent script to identify tank gauges • Does this activity pose an actual risk to cyber physical systems? o Each incident provides threat actors with opportunities to learn more about OT, such as the underlying technology, physical processes, and operations. o Even low-sophistication intrusions into OT environments carry the risk of disruption to physical processes, mainly in the case of industries or organizations with less mature security practices. o The publicity of these incidents normalizes cyber operations against OT and may encourage other threat actors to increasingly target or impact these systems. • On the bright side… o There are safety methods in place that stop immediate computer instructions from modifying actual physical processes  Engineering and human processes  Missing security on the software side Additional Materials: Please find in this link our recent blog on this topic: https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html about this event: https://program.mch2022.org/mch2022/talk/C9FANR/

Jul 23, 202238 min