Google Play Protect is a built-in Android solution that enhances devices’ security. Its main job is to detect and block malware on Android devices. Several malware families were known for bypas...
https://insinuator.net/2024/05/is-google-play-protect-a-reliable-defense-mechanism/
During a customer project, we identified a logic flaw in Jitsi Meet, an open-source video conferencing and messaging platform for secure video conferencing, voice calls, and messaging. The vulner...
Recently, we held a talk at the Winterkongress1 of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not ...
https://insinuator.net/2024/04/breaking-gls-parcel-tracking/
The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) has published several papers ERNW created as part of the long-term SiSyPHuS Win10...
Today, we describe our findings at United Parcel Service of America, Inc. (UPS), another German parcel market player, and the corresponding vulnerabilities’ disclosure process. Findings Only a ...
https://insinuator.net/2024/04/breaking-ups-parcel-tracking/
Dennis and I already published blog posts about our research project dealing with vulnerabilities in parcel tracking implementations at DHL and DPD. At the Winterkongress (winter congress) in Win...
https://insinuator.net/2024/04/i-know-what-you-ordered-last-summer-winterkongress-2024/
Hey there! This is the first blog post in a series about issues we think are currently relevant in the field of AI-Security. The intention is not to get full coverage of the topic, but to point o...
https://insinuator.net/2024/02/considerations-on-ai-security-part-i-introduction-and-nondeterminism/
Introduction In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations agai...
https://insinuator.net/2023/10/student-project-audit-framework/
Two weeks ago, I was at the c0c0n conference in Cochin (India). This conference is quite special for at least two considerations. At first, this is – to the best of my knowledge – one of the ...
https://insinuator.net/2023/10/c0c0n-2023-a-short-retrospective/
I was writing some challenges for PacketWars at TROOPERS22. One was intended to be a JWT key confusion challenge where the public key from an RSA JWT should be recovered and used to sign a symmet...
https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/