Post by ATHENE researchers on the APNIC blog: DNS-over-TCP is considered vulnerable
In their latest post on the APNIC blog, ATHENE-researchers discuss recent recommendations to use TCP instead of UDP for sending DNS packets. In order to be able to traverse a network more easily, large packets are often divided into smaller packets by means of so-called IP fragmentation. TCP with Path MTU Discovery (PMTUD) was recently proposed as an alternative to this IP fragmentation. In this context, the recommendation was made to use TCP instead of UDP for sending DNS packets. This is based on the assumption that TCP is resistant to IP fragmentation attacks.read more
KIKu project launched - ATHENE researchers develop app to support cultural and investigative authorities
A central challenge in combating the illegal trade in stolen cultural property is that illegally traded objects are difficult to identify. The KIKu project - AI for the Protection of Cultural Property - funded by the Federal Government Commissioner for Culture and the Media, aims to facilitate the work of the responsible actors, especially customs and police: To this end, researchers at Fraunhofer SIT are working with cosee GmbH to develop an app that uses artificial intelligence to provide automated information on whether, for example, an antique vase or statue could come from a looted dig or was illegally acquired in some other way.read more
ATHENE researchers facilitate exchange on migration and agility of PQC procedures
Prof. Andreas Heinemann and Prof. Alexander Wiesmaier from Darmstadt University of Applied Sciences (h_da) are working on post-quantum cryptography in the ATHENE project "Agile and Easy-to-Use Integration of PQC Schemes" and on how existing IT architectures can be converted to quantum computer-resistant encryption methods. Because when the powerful quantum computer arrives, the internet as we know it today would no longer be secure. Currently used, so-called public-key encryption methods would then no longer be valid. The two h_da professors are working with their teams to be prepared for this time. In order to be able to use the knowledge of as many scientists as possible for their research, they have set up the freely accessible community website https://fbi.h-da.de/cma.read more
Effective security notifications for website operators
An interdisciplinary study by researchers from TU Darmstadt, Otto Friedrich University Bamberg and Goethe University Frankfurt shows how website operators can be most effectively informed about inadequate data protection configurations. In this way, authorities and security researchers will be able to persuade website providers to recognise and correct deficiencies as effectively as possible in the future. The research team also provides the tool "Check Google Analytics", which can be used to check the correct activation of IP anonymisation when integrating Google Analytics.
The study was supported by the German Research Foundation (DFG) as part of the Research Training Group 2050 "Privacy and Trust for Mobile Users" and by the Federal Ministry of Education and Research (BMBF) and the Hessian Ministry of Science and the Arts (HMWK) as part of the ATHENE funding.
Tracking down lost keys or stolen bicycles made easy
While it was previously possible to track down Apple devices that were thought to have disappeared thanks to the "Find My" tracking app, it is now possible to better locate all kinds of Bluetooth devices - or important objects equipped with them, such as keys, bicycles or suitcases. A research team led by ATHENE researcher and emergenCITY coordinator Prof. Matthias Hollick at TU Darmstadt has developed and published an open-source framework for locating personal Bluetooth devices based on Apple's "Find My Network".read more
Fraunhofer study on the IT security of political parties
At the end of 2020, ATHENE launched a study on its own initiative to support the parties currently represented in the Bundestag in assessing and improving their security against cyber attacks. The project is being carried out for ATHENE by staff of the participating Fraunhofer Institute for Secure Information Technology SIT and led by Dr. Haya Shulman, head of the department Cybersecurity Analytics and Defences at Fraunhofer SIT.read more
ATHENE scientists find security vulnerabilities in Tapplock Bluetooth locks
Researchers at Fraunhofer SIT were able to pick Bluetooth locks from the US manufacturer Tapplock in seconds using simple means. All they needed was a homemade directional radio antenna made from crisp cans and two commercially available mini-computers. The manufacturer was informed about the vulnerabilities and has since fixed them in one of its models.read more
New research project from ATHENE: Disinformation and Corona (DisCo)
Disinformation and fake news are circulating around the world about the corona pandemic. Especially on social media platforms such as Facebook, Twitter and YouTube, people share news that have not been checked, so that it spreads rapidly. "We are not only fighting a pandemic, but also an info-demie," said Tedros Adhanom Ghebreyesus, WHO Director General. Researchers at Fraunhofer SIT want to meet this challenge in the DisCo project from the ATHENE research area Secure Digital Transformation in Health Care (SeDiTraH).read more
Apple AirDrop shares more than files
ATHENE researchers from TU Darmstadt have discovered that Apple users can not only share files with each other using AirDrop. Rather, uninvited persons can also access data. The resarchers developed a solution that could replace the insecure AirDrop. Apple was informed about the privacy gap, but has not yet closed it.read more
ATHENE researchers reveal vulnerabilities in the Apple operating system macOs
A research team led by ATHENE scientist Prof. Matthias Hollick from the TU Darmstadt has uncovered security gaps in the tracking app "Find my iPhone?" Offered by the Apple group.
In their paper “Who Can Find My Devices?” They publish the two vulnerabilities they identified in the macOS operating system. They presented the paper at the international flagship conference for data protection technologies "PETS - Privacy Enhancing Technologies Symposium".read more