Jared Naude (140)
We've not been trained for this: life after the Newag DRM disclosure by Michał Kowalczyk (@redford), q3k, Jakub Stepniewicz #38c3
The team also found that if you open the cabin doors of the train and push the emergency button in the toilet. The train will unlock itself. #38c3
It was found that trains were stopping at a certain train station that was close to a train workshop of the competitors. This was due to the GPS lock that was implemented. When they unplugged the GPS module, the issue went way. #38c3
This talk follows on from the talk last year about how trains have code that will detect servicing attempts. This was presented last year and this talk presents what happened afterwards. #38c3
A journalist put out an erroneous article stating that the software was put on the trains by the hackers which is not true. Many other news sites repeated the false claims.
2 Lawsuits have been filed against the teams. The first lawsuit complains about software modification and that they broke the copyright, that they were incompetent. The first lawsuit is for 1.3 Million Euros. #38c3
In the following meetings, they did not have a presentation slide so they bought paper slides.
DELAY. DEFLECT. DERAIL. 😂
Breaking NATO Radio Encryption by
Lukas Stennes.
The US Miltary and NATO uses the HALFLOOP-24 algorithm. This talk explores how to break it. #38c3
Work is underway to get the privacy-preserving technology like zero knowledge proofs into the European Digital Identity Wallet. This would require the original law to be updated. #38c3
The fifth challenge is deniability which was debated a lot in Germany. The law does not make a specific mention of it but it should be included. There is a trend to signed data which could be a problem in a data breach. #38c3
