News

Client Side Scanning and Deep Perceptual Hashing Vulnerabilities

ATHENE scientists at TU Darmstadt have identified significant vulnerabilities and manipulation possibilities in client-side scanning and deep perceptual hashing. The process came into focus when Apple introduced "NeuralHash" in 2021, a new approach to detecting child abuse imagery, but withdrew the introduction after massive criticism. The research results of the scientists now prove the dangers of client-side scanning methods for users.

read more

Fragile protection of our communications via submarine cables

ATHENE researchers study states' vulnerability to submarine cable failures
Today, we take it for granted that we can call up a website, stream a movie or be active in social networks within seconds. Many people are often unaware that the data transfer takes place via thousands of kilometers of cable laid at the bottom of the ocean. Today, around 98 percent of international Internet traffic is handled via undersea communication cables. Coastal and island states are highly dependent on this physical infrastructure to provide Internet connections. However, although an annual average of about 100 submarine cable failures of human or natural origin occur, there is currently no global analysis that assesses the vulnerability of individual states to failures on a global scale.
ATHENE scientists Jonas Franken, Thomas Reinhold and Prof. Christian Reuter from the Chair of Science and Technology for Peace and Security (PEASEC) at TU Darmstadt have tackled this issue.

read more

Post by ATHENE researcher on APNIC Blog: Stalloris: RPKI downgrade attack

Cybersecurity expert Prof. Haya Shulman and her team have demonstrated that RPKI deployments in the Internet are vulnerable to downgrade attacks: adversaries can disable RPKI validation exposing networks to BGP prefix hijacks attacks. Haya Shulman describes the findings and conclusions the researchers draw from their attack in her latest blog post on APNIC. 

read more

ATHENE scientist issues new commentary on data protection

Data protection law presented in an comprehensible way – this is what a new commentary on the General Data Protection Regulation (GDPR) and other data protection standards offers. Until now, there has been no work that explicitly addresses not only students and graduates of law, but also those outside the field. This gap has now been closed by the new commentary published by ATHENE researcher Dr. Annika Selzer. The data protection expert has been working intensively on questions of legal and technical data protection for more than ten years. At ATHENE, she leads projects in the research area User-centered Security and Privacy (UCSP).

read more

AirGuard declares war on stalkers

AirTags are small Bluetooth transmitters from Apple that people can use to quickly and easily find lost items, misplaced keys and bags. But what is intended as a help can also be used to track people unnoticed. Apple itself warns against AirTag stalking. A research-team at the Secure Mobile Networking Lab at TU Darmstadt is conducting research on this topic in ATHENE. Last year, the team published AirGuard, an app that also warns users of Android devices about unwanted AirTag tracking. Now, in a new paper, the researchers use user reports and data donations from 38,000 users to show that the app works well - and even warns faster than the Apple protection mechanism.

read more

Post by ATHENE researcher on APNIC Blog: Resurrection of injection attacks

In his blog post ATHENE researcher Philipp Jeitner, scientist at Fraunhofer SIT and TU Darmstadt, describes how the Domain Name System (DNS) can be exploited for injection attacks against a variety of different applications. He also shows why countermeasures aren't as easy as to apply patches to vulnerable implementations. A tool to test DNS resolver for vulnerabilities is also linked in the post.

read more

Optimizing cybersecurity through visual analytics

Six hours without Facebook, Instagram and Co.: For the US-based Meta Inc. this meant losses in the billions. But how do such problems occur and how can they be identified as quickly as possible? ATHENE researchers at Fraunofer IGD have been working on this complex of issues for several years with the goal of making network data more understandable. This will enable more people to assess what is happening in their own network. Current and future possibilities for visual analysis should simplify the work of security experts.

read more

Post by ATHENE researchers on the APNIC blog: DNS-over-TCP is considered vulnerable

In their latest post on the APNIC blog, ATHENE-researchers discuss recent recommendations to use TCP instead of UDP for sending DNS packets. In order to be able to traverse a network more easily, large packets are often divided into smaller packets by means of so-called IP fragmentation. TCP with Path MTU Discovery (PMTUD) was recently proposed as an alternative to this IP fragmentation. In this context, the recommendation was made to use TCP instead of UDP for sending DNS packets. This is based on the assumption that TCP is resistant to IP fragmentation attacks.

read more

KIKu project launched - ATHENE researchers develop app to support cultural and investigative authorities

A central challenge in combating the illegal trade in stolen cultural property is that illegally traded objects are difficult to identify. The KIKu project - AI for the Protection of Cultural Property - funded by the Federal Government Commissioner for Culture and the Media, aims to facilitate the work of the responsible actors, especially customs and police: To this end, researchers at Fraunhofer SIT are working with cosee GmbH to develop an app that uses artificial intelligence to provide automated information on whether, for example, an antique vase or statue could come from a looted dig or was illegally acquired in some other way.

read more

ATHENE researchers facilitate exchange on migration and agility of PQC procedures

Prof. Andreas Heinemann and Prof. Alexander Wiesmaier from Darmstadt University of Applied Sciences (h_da) are working on post-quantum cryptography in the ATHENE project "Agile and Easy-to-Use Integration of PQC Schemes" and on how existing IT architectures can be converted to quantum computer-resistant encryption methods. Because when the powerful quantum computer arrives, the internet as we know it today would no longer be secure. Currently used, so-called public-key encryption methods would then no longer be valid. The two h_da professors are working with their teams to be prepared for this time. In order to be able to use the knowledge of as many scientists as possible for their research, they have set up the freely accessible community website https://fbi.h-da.de/cma.

read more