During my Bachelor’s thesis, I identified several XSS vulnerabilities and a PHP Code Execution vulnerability via an insecure file upload in the learning management system (LMS) ILIAS. The XSS vulnerability can be chained with the code execution vulnerability so that attackers with tutor privileges in at least one course can perform this exploit chain.
Continue readingLinux Character Devices: Exploring systemd-run and pkexec
In this blog post, we quickly look into issues involving character devices. As is typical for Linux, everything is a file, so character devices are referenced as files, such as pseudo terminals (pts) under /dev/pts/. man pty briefly introduces the topic. Essentially, it is used to connect a program, such as a terminal emulator, to a shell. In the end, a pty can read and write like a regular file. A colleague already brought up the topic of ptys and character devices. But more recently a Twitter post and the accompanying advisory piqued my interest.
Continue reading “Linux Character Devices: Exploring systemd-run and pkexec”
Continue readingIs Google Play Protect a Reliable Malware Detector?
Google Play Protect is a built-in Android solution that enhances devices’ security. Its main job is to detect and block malware on Android devices. Several malware families were known for bypassing Play Protect checks in recent years. This brings us to an important question: “Is Google Play Protect a Reliable Malware Detector?”. This blog post shows how Play Protect deals with various Android malware in different scenarios. I deal with Play Protect as a black box.
Continue reading “Is Google Play Protect a Reliable Malware Detector?”
Continue readingVulnerability in Jitsi Meet: Meeting Password Disclosure affecting Meetings with Lobbies
During a customer project, we identified a logic flaw in Jitsi Meet, an open-source video conferencing and messaging platform for secure video conferencing, voice calls, and messaging. The vulnerability affects password protected Jitsi meetings that make use of a lobby. This logic flaw leads to the disclosure of the meeting password when a user is invited to the call after waiting in the lobby.
Jitsi offers two security options to meeting moderators. Firstly, the meeting can be assigned a password that must be entered when joining. Secondly, a lobby mode can be activated, which first adds joining users to a lobby, from where they can then be added to the meeting by a user with moderation permissions.
Continue readingBreaking GLS Parcel Tracking
Recently, we held a talk at the Winterkongress1 of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not name all the parcel services for which we identified vulnerabilities respecting disclosure timelines. Today, we describe our findings at GLS, another player in the German parcel market, and the disclosure process of corresponding vulnerabilities.
Continue reading “Breaking GLS Parcel Tracking”
Continue readingBSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service
The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) has published several papers ERNW created as part of the long-term SiSyPHuS Win10-Project. This project focuses on system analysis of selected parts of the Windows 10 operating system performed by ERNW.
Continue readingBreaking UPS Parcel Tracking
Today, we describe our findings at United Parcel Service of America, Inc. (UPS), another German parcel market player, and the corresponding vulnerabilities’ disclosure process.
Continue reading “Breaking UPS Parcel Tracking”
Continue readingI know what you ordered last summer @ Winterkongress 2024
Dennis and I already published blog posts about our research project dealing with vulnerabilities in parcel tracking implementations at DHL and DPD. At the Winterkongress (winter congress) in Winterthur, Switzerland, we had the great opportunity to give a talk about the matter. The talk was recorded and can be watched here.
DigiGes held the Winterkongress, which took place in Winterthur on 01.03. till 02.03.2024. The main topics are ethics, threats, and opportunities of IT. This year, many talks looked at AI in some way. Continue reading “I know what you ordered last summer @ Winterkongress 2024”
Continue readingConsiderations on AI-Security – Part I: Introduction and Nondeterminism
Hey there!
This is the first blog post in a series about issues we think are currently relevant in the field of AI-Security. The intention is not to get full coverage of the topic, but to point out things that seem practical and relevant. We will base some of our statements on lab setups and real-life examples. The technology that we will focus on is chat bots based on generative AI, mainly OpenAI’s ChatGPT. Right now, this specific application of AI in the wild seems to be the best way to demonstrate issues and pitfalls when it comes to IT security.
Continue reading “Considerations on AI-Security – Part I: Introduction and Nondeterminism”
Continue readingStudent Project – Audit Framework
Introduction
In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations against security procedures. This project is part of the education program of the university to give the students the chance to utilize the knowledge gained throughout the first semesters in a real world project. ERNW posed as the fictitious customer, providing a requirements document and regular meetings with all project groups for feedback. We planned to process and adapt the results for an open source auditing framework. Unfortunately, we were not able to finish this project yet, but we think the students should get some attention for their work independent from our side. So here is a short summary of what the students created and the corresponding repositories.
Continue reading “Student Project – Audit Framework”