38C3: Day 3 brings hacked prisons, location data and tax fraud

A major component of the Chaos Communication Congress has always been the critical examination of state structures. Fighting hacker laws and decriminalizing the creative use of technology is part of the club’s DNA. In Hamburg, however, there were also people on stage who denounced tax fraud and unfair monopolies. There was even a standing ovation for it.

Anzeige

A team of Netzpolitik and BR journalists explained their research on a treasure trove of mobile phone location data which was openly offered to them for sale. They hadn’t received a conspiratorial tip – as in the recent VW data breach – from a whistleblower, but they were shopping at a data trading platform. As a free “trial snack,” a retailer gave them billions of location data records that contained unique device IDs. Using these ad IDs, journalists were able to create detailed movement profiles of suspected secret service and government employees, including a possible NSA agent.

System flaws and the phone monopoly

Lilith “influencer” Wittmann demonstrated to the audience how she jailbreak phone systems and used publicly available API endpoints to cause them to leak sensitive inmate information. The activist also took a closer look at the systems and software manufacturer and found unpleasant things. Not only had the company long been charging unusually high rates for calls, but it was now a de facto monopolist on which the judicial authorities had to come down hard. In a live demo, Wittman also showed the audience the “Vauzettchen” program, which is still used for administration in some youth detention centers and contains all kinds of problematic content in its GUI and source code.

Wittmann’s research made use of the Freedom of Information Act (IFG), which Arne Semsrott of “Frag den Staat” also sees as a tool for authorities and government surveillance. However, the activist said that is becoming increasingly clear, as authorities and courts do not always comply with legal requirements. Additionally, anonymous requests are no longer allowed, making IFG less useful as a monitoring tool for authorities. Transparency is a currency, criticized Semsrott, who distributed the final edition of the newspaper FragDenStaat (DE) with helpers – DE stands for Druck-Erzeugnis.

Two presentations dealt with a rather unusual subject for the Congress: tax fraud. Pentester “martin” showed in his presentation how tax fraud à la CumEx and CumCum is a kind of art form. Former prosecutor Anne Brorhilker, the former central driving force behind the CumEx investigations, then highlighted the fraud scam and how she dealt with the fraudsters. She criticized the fact that there was no culture of cooperation between the authorities and that they often took incompatible decisions, for example on data protection. For example, PGP email encryption is sometimes explicitly prescribed and sometimes just as explicitly forbidden, which made his day-to-day work difficult. Brorhilker, who now works for the NGO Finanzwende eVhe received a standing ovation for his educational work from a hall full of three thousand people.

Free hacking in gatherings

If you want to treat 38C3 like a traditional conference, you can create a seamless lecture schedule from over 140 contributions and hop back and forth between rooms for four days – queue included. However, such a group of lectures misses an equally important part of the congress. Because there is just as much to see away from the lectures, namely in the gatherings. In several rooms of CCH, hackers sit at rows of tables and islands, play, talk and show off their projects. There are regional groups such as Hackwerk Aalen and project-related assemblies such as the OpenStreetMap project. While some hackers only need a table, plug and network cable, the Center for Political Beauty has brought a former prison bus to Hamburg, and other gatherings have built their own workshop rooms out of partition walls.

The combination of technology, art and politics is what makes the Gatherings so attractive and is a further development of the previous Hackcenter events. C’t editor Keywan met Florian from Hamburg and his soccer robot at a gathering.

Auracast is cool, but unreliable

Auracast is a component of Bluetooth Low Energy Audio and stands for audio streaming in public spaces. It is primarily intended to make life easier for people with hearing aids: if several people with hearing aids are sitting in front of an Auracast-compatible TV, they can subscribe to the same Bluetooth stream.

With higher transmission power, Auracast installations are possible in train stations and airports or in sports bars, where each person with hearing aids or normal Bluetooth headphones can subscribe to a specific station or announcement channel. This also makes the technology interesting for audio advertising, which is played in the streams offered. The encryption specified in Auracast is designed to prevent unwanted hijacking of audio streams.

At 38C3, security researchers Frieder Steinmetz and Dennis Heinze used BISCrack to demonstrate how Auracast encryption can be broken in just seconds. Previously, Austrian researchers used BISON (PDF) to show how unencrypted Auracast streams can be manipulated. The BIS abbreviation contained in both acronyms stands for Broadcast Isochronic Streams from Auracast. Steinmetz and Heinze called on streaming tool makers Auracast to take care of secure encryption so that the “cool technology” is widely accepted in the future.

The 38th Chaos Communication Congress is taking place at the Congress Center Hamburg (CCH) and will run until December 30, 2024. The congress is sold out and one-day tickets are no longer available. However, almost all presentations will be available as RECORDS on the congress website.

(no)