March 5, 2019 at 15:19Carsten Zero to perform at PHDays 9
One of the keynote speakers at Positive Hack Days 9 will be Karsten Nohl, a renowned GSM network security researcher. In his student years he was known as a member of the German hacker group Chaos Computer Club, today Karsten is an expert in the field of encryption and data security. It casts doubt and often refutes common ideas about proprietary software. In his work, he relies on the support of Reliance Jio, the fastest growing company in the world.
Carsten first made his name in 2009 when he managed to crack the encoding algorithm for data in GSM networks. At the Chaos Communication Congress in Berlin, he was the first to publicly demonstrate the hacking process.
In 2013, he discovered a vulnerability in SIM cards, which was contained in the DES (Data Encryption Standard) encryption algorithm - it was used by many manufacturers and was supported by millions of SIM cards. The essence of the attack was to send a special message to the phone, the device took it for SMS from the operator and issued a cryptographic signature in the response message. Having received this, an attacker could eavesdrop on the phone owner’s conversations, intercept SMS and make payments. It could take a couple of minutes to crack the phone from the attacker.
Together with Jakob Lell, a researcher at Security Research Labs, Carsten in 2014 reported the vulnerability of USB devices. With its help, attackers could hack the microcontroller and gain the ability to control the victim’s computer. The method is called BadUSB. In the same year, at the Chaos Communication Congress, Carsten Zero and researcher Tobias Engel talked about serious vulnerabilities in SS7 that allow attackers to easily intercept phone calls and SMS messages, even if the most modern encryption standards are used in cellular networks. All phones and smartphones are vulnerable, regardless of operating system.
Last year, Carsten Zero and Jacob Lell at the Hack In The Box conference shared the results of a two-year study, during which they examined the composition of security updates issued by the largest manufacturers of Android-based devices. It showed that many large manufacturers only create the appearance of patches, but in fact, many bugs remain uncorrected.
At PHDays 9, which will take place on May 21-22, 2019, Carsten Zero will make a presentation “What's under the iceberg under water: let's talk about real cyber threats”. A global analysis of data on the level of security of thousands of companies from dozens of industries shows how difficult it is for most organizations to integrate basic security principles. Karsten will discuss with the forum participants what really should concern a society striving for information security.
By the way, Carsten is not the first time participating in PHDays. In 2014, he spoke at PHDays IV with a report on attacks on mobile networks and ways to circumvent traditional protection measures taken by telecom operators.
Do not miss the chance to listen to the performance live, register and come to Positive Hack Days! And if you want to speak on the same platform with eminent experts, send the application before March 31. Read more about topics and rules of participation on the forum website .
Carsten first made his name in 2009 when he managed to crack the encoding algorithm for data in GSM networks. At the Chaos Communication Congress in Berlin, he was the first to publicly demonstrate the hacking process.
In 2013, he discovered a vulnerability in SIM cards, which was contained in the DES (Data Encryption Standard) encryption algorithm - it was used by many manufacturers and was supported by millions of SIM cards. The essence of the attack was to send a special message to the phone, the device took it for SMS from the operator and issued a cryptographic signature in the response message. Having received this, an attacker could eavesdrop on the phone owner’s conversations, intercept SMS and make payments. It could take a couple of minutes to crack the phone from the attacker.
Together with Jakob Lell, a researcher at Security Research Labs, Carsten in 2014 reported the vulnerability of USB devices. With its help, attackers could hack the microcontroller and gain the ability to control the victim’s computer. The method is called BadUSB. In the same year, at the Chaos Communication Congress, Carsten Zero and researcher Tobias Engel talked about serious vulnerabilities in SS7 that allow attackers to easily intercept phone calls and SMS messages, even if the most modern encryption standards are used in cellular networks. All phones and smartphones are vulnerable, regardless of operating system.
Last year, Carsten Zero and Jacob Lell at the Hack In The Box conference shared the results of a two-year study, during which they examined the composition of security updates issued by the largest manufacturers of Android-based devices. It showed that many large manufacturers only create the appearance of patches, but in fact, many bugs remain uncorrected.
At PHDays 9, which will take place on May 21-22, 2019, Carsten Zero will make a presentation “What's under the iceberg under water: let's talk about real cyber threats”. A global analysis of data on the level of security of thousands of companies from dozens of industries shows how difficult it is for most organizations to integrate basic security principles. Karsten will discuss with the forum participants what really should concern a society striving for information security.
By the way, Carsten is not the first time participating in PHDays. In 2014, he spoke at PHDays IV with a report on attacks on mobile networks and ways to circumvent traditional protection measures taken by telecom operators.
Do not miss the chance to listen to the performance live, register and come to Positive Hack Days! And if you want to speak on the same platform with eminent experts, send the application before March 31. Read more about topics and rules of participation on the forum website .