Research cooperation between SCHUTZWERK and Lauterbach
December 10, 2024 #event #news #cooperation
SCHUTZWERK and Lauterbach research new fuzzing and manual pentesting methods to improve the security of embedded and automotive devices.
SCHUTZWERK and Lauterbach research new fuzzing and manual pentesting methods to improve the security of embedded and automotive devices.
Seminar Announcement: Successfully Planning and Implementing IT Security Assessments Organized by SCHUTZWERK and udis - Ulmer Akademie für Datenschutz und IT-Sicherheit, this seminar offers the perfect opportunity to take your IT security strategy to the next level. What is it about? This practice-oriented seminar shows how companies can improve their IT security through targeted assessments such as penetration tests, vulnerability analyses, or phishing simulations. Christoph Wolfert, Managing Consultant at SCHUTZWERK, teaches the basics of planning and implementing such tests in a compact seminar day.
German OWASP Day 2024 is just around the corner! On the 12th and 13th of November 2024, the conference organized by the German branch of OWASP will take place in Leipzig. As in the previous year, SCHUTZWERK is an official sponsor of the conference. We are happy to do our part and support OWASP and its conference. At the conference will be both technical and non-technical presentations on application security.
We’re Heading to the Elbsides 2024 Conference ! SCHUTZWERK has been awaiting the Elbsides conference for a while, and now it’s just around the corner. However, we are not only participating, but, as we have previously announced, we are also sponsoring Elbsides, as a Bronze Sponsor. Elbsides relies on sponsors to keep the lights on and we’re glad to lend a hand, as Elbsides is truly a conference worth supporting.
ASQF Safety & Security Day 2024: In-depth insights into cybersecurity from SCHUTZWERK experts We are pleased to be participating in the ASQF Safety & Security Day 2024 on September 17 in Wiesbaden! This event offers a unique opportunity to experience the latest trends in hardware and software development in the field of IT security. We are proud that two of our SCHUTZWERK experts, Dr. Bastian Könings and Heiko Ehret, will provide in-depth insights into two highly topical cybersecurity issues during the event.
The Elbsides 2024 Conference will take place in Hamburg on 13 September 2024. We are happy to be a sponsor again. After last year’s successful Elbsides Light Conference, this year’s conference from the BSides series will once again be a full-day event. The Security BSides are organised by the security experts to bring the IT security community together. We are looking forward to exciting presentations and a good personal exchange on site.
We from SCHUTZWERK will be at the Embedded World in Nuremberg from April 9th to 11th, 2024! The Embedded World is a trade fair for experts in embedded systems. Come visit our booth 372 in Hall 5 and meet our special companion: Our Glitching Setup, which we use for Fault-Injection attacks as part of Embedded Security Assessments , for example, to bypass security checks like password prompts.
SCHUTZWERK is visiting Munich! From February 21st to 22nd, 2024, we will be at the building IoT Conference participating with a presentation. The building IoT has been the meeting point since 2016 for those developing software applications and digital products in the Internet of Things and Industrial Internet of Things. On February 22nd, in our presentation Breaking Through the Wall: Side Channel Attacks and Fault Injection we will showcase invisible methods through which attackers obtain confidential information.
On 2023-11-14 the CISPA Helmholtz Center for Information Security published a new Attack on AMD-SEV called CacheWarp (CVE-2023-20592), in which I am one of the original authors. This attack allows a malicious hypervisor to drop memory writes on an encrypted VM using the invd
instruction. Due to the difficulty of the setup, a feasible attack should only drop memory once to achieve its goal. In this article, we examine how one memory drop is enough to break openssh
and sudo
to completely hijack the victim system.
We are excited to announce that Telechips, a leading supplier of System-on-Chip (SoC) components for automotive In-Vehicle Infotainment and cockpit solutions based in Seoul, South Korea, has selected SCHUTZWERK as their strategic partner for SoC cybersecurity assessments. Telechips has chosen to partner with SCHUTZWERK, a renowned and experienced provider of automotive and embedded security assessments , to conduct comprehensive cybersecurity assessments of their entire SoC portfolio through the end of 2024.
On June 15, Baral Connect 2023 takes place in Reutlingen. SCHUTZWERK GmbH is an official sponsor and speaker of the event.
SCHUTZWERK will be at the building IoT conference in Munich from April 26 to 27, 2023 giving a talk. Since 2016, building IoT has been the meeting place for those who develop software applications and digital products in the Internet of Things and the Industrial Internet of Things. On April 27, we will give the talk Easy prey for hackers? Finding and avoiding typical vulnerabilities in IoT solutions , presenting the most common and relevant vulnerabilities in IoT devices from our assessment practice.
After a pause of several years the GERMAN OWASP DAY 2023 will take place in Frankfurt on the 30th and 31st of May 2023. SCHUTZWERK is an official sponsor of the event. The GERMAN OWASP DAY 2023 will be hosted by the German OWASP Chapter. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting talks about secure development, operation, testing and management in the field of applications.
SCHUTZWERK will be present at Embedded World in Nuremberg from March 14-16, 2023. Embedded World is the trade fair for experts along the entire value chain of embedded systems. Visit our booth 4-104c in hall 4 and see our PROBoter in action. We will be happy to present our services in the area of Embedded Security Assessments and explain which vulnerabilities we can uncover from silicon to the cloud.
Our colleagues Fabian Weber and Florian Schmid will be speaking at the automotive security conference “Secure Our Streets 2022” on the 15th September. The “Secure Our Streets 2022” is a conference on automotive and embedded cyber security, organized by the Automotive Security Research Group (ASRG). Our talk “PROBoter - Automating PCB analysis tasks to support penetration tests of embedded systems” is only one of many interesting topics on the agenda (more about the PROBoter in our blog ).
We are pleased to announce that we successfully completed our project for triple certification (ISO 27001, ISO 9001 and TISAX) in April 2022. Thus, the implementation of our always high demands on security, quality, and trustworthiness, related to our services, is now confirmed by an independent party. A high level of security, quality, and trustworthiness are of central importance to us to provide our services. To systematically implement and maintain this demand, a corresponding Integrated Management System (IMS) has already been established at SCHUTZWERK in the past.
Christoph Wolfert, Managing Consultant at SCHUTZWERK GmbH, was a guest at the 10. Ulmer Logistiktag on 12th of May 2022 to give insights to the topic of phishing attacks and the threats for (logistics) companies. Phishing attacks are omnipresent and currently one of the most spread variants to attack companies. Also logistics companies are affected. Due to their strong dependency on IT (e. g. in the field of warehouse management, dispatching and transport) phishing attacks are always on the agenda.
On May 15, 2022, BSides Munich will start with workshops, followed by interesting talks the next day! After during the last two years all onsite events either had to be cancelled, were only feasible under difficult conditions or were planned virtually, we SCHUTZWERKers are happy that this year a bit of normality has returned. As a bronze sponsor, we are therefore happy to support BSides Munich , which will once again be held as an onsite conference in Munich!
SCHUTZWERK answers important questions for Südwestpresse (SWP) newspaper regarding the data leakage at Legoland with thousands of affected customers. On 12th of April 2022 it was published (see the announcement of the heise-online-Redaktion ), that for half a year the booking history of every customer was accessible, caused by the introduction of a new booking system. The booking system was turned off and the Data Protection Authority was informed, but important questions remain unanswered.
The PROBoter is a modular, self-calibrating probing machine to support PCB analysis tasks in penetration tests of embedded systems. The video of the PROBoter demonstrates its four main contributions: 1) The automatic visual detection of components and contact points on a PCB, 2) the automatic probing of contact points for net reversing and signal detection, 3) the mapping of signal lines to given bus protocols, and 4) the support in identification of potential attack vectors.
This year, SCHUTZWERK is not only a sponsor of Elbsides , but will also hold a talk on June 22, 2021 at 4:10 p.m. The topic of our colleague Dr. Henning Kopp will be ‘Padding Oracle Attacks - The critical bug in your home-brewed crypto protocol’
The current situation and the preventive measures taken around the COVID-19 pandemic not only severely restrict public and private life, but also have a major impact on work culture. re and more companies are being forced to allow their employees to work from home in order to keep operations running as smoothly as possible despite the restrictions and prohibitions. Where otherwise concepts are developed over months, preparations are made and test runs are carried out, home office possibilities must currently be created within a few days.
This time the OWASP Day will take place in Karlsruhe on 10th of December. As an official sponsor SCHUTZWERK GmbH will take part again! The German Chapter will host this year’s GOD. This event is the most important, independent and non-commercial conference on web application security in Germany. The OWASP Day is characterized especially by its vendor neutrality and is free of marketing presentations. There will again be numerous lectures on secure development, operation, testing and management in the field of web-based applications.
Since October 2019 we are a cooperation partner of the University Association Wedel of the University of Applied Sciences Wedel (FH Wedel). In our third year in Hamburg we are now also setting sail in the academic context in order to inspire students for IT security. As a link between the university and business, the association has been supporting students for over 25 years. With its courses of studies in Computer Engineering, Computer Science and, above all, IT Security, FH Wedel covers exactly the needs of the areas in which we are looking for IT security consultants.
The first BSides will take place in Hamburg on September 16, 2019. We are an official sponsor of this event. After three successful years in Munich and since this year also in Stuttgart, the North of Germany finally won the BSides' heart! Under the title Elbsides , all security interested people are invited who live especially in the North of the Elbe. The Security BSides is organized by experts of IT security to bring the IT security community together.
Our new office in the historic building of the Hanse-Viertel offers growth potential and best working conditions for the Hamburg team of SCHUTZWERK. After a long search, we were able to find a new home for our Hamburg team in a popular inner city location. It offers sufficient space for the grown team and space to grow further. Some things are still under construction, but we have Internet, club-mate, coffee, height-adjustable desks and equipment for the meeting room.
As part of the 10 years IT security anniversary lecture series at Aalen University, Bastian Könings has given an introduction to the security of today’s and future vehicles. In his talk, he outlined known security issues and demonstrated existing attacks on cars. How these issues are being addressed in current development processes was discussed by showing the goals and approaches of penetration tests conducted by SCHUTZWERK in the automotive domain.
In cooperation with the Aalen University of Applied Sciences, SCHUTZWERK organized another successful hacking event for their students. As part of the all-day event, the students were invited to solve challenges from different categories and levels of difficulty. New this year were, besides the updated Challenges in the existing areas, challenges from the topic Hardware / Embedded Security. At this point we would like to thank the University for the cooperation and congratulate the winners of the event.
Team With two new employees in Ulm and two new employees in Hamburg, we have successfully expanded our team. Competences We were able to further expand our competencies, particullary in the embedded, automotive and cloud security area. In addition to assessments in the Azure and AWS environments, penetration tests of whole vehicles and ECUs were a key focus in 2018. Operational goals Together with our customers we have successfully mastered more than 100 projects and were able to achieve our own goals.
The 10th German OWASP Day will take place in Münster on the 20th of November. SCHUTZWERK GmbH is an official sponsor of the event. The German OWASP Day 2018 , like every year, will be hosted by the German OWASP Chapter, this year for the tenth time. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting lectures on secure development, operation, testing and management in the field of applications.
hardwear.io will take place in Den Haag/Netherlands on 11th-13th of September 2018. SCHUTZWERK GmbH is an official sponsor of the event. hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The conference will present and discuss current topics of hardware security, for example concerning automotive and IoT sectors. SCHUTZWERK regularly conducts technical assessments and security consulting in the area of embedded systems and IoT, see also Embedded Systems Assessment .
Munich, Germany – 25 May 2018 – The more electronics steer, accelerate and brake cars, the more important it is to protect them against cyber-attacks. That is why 15 partners from industry and academia will work together over the next three years on new approaches to IT security in self-driving cars. The joint project goes by the name Security For Connected, Autonomous Cars (SecForCARs) and has funding of €7.2 million from the German Federal Ministry of Education and Research.
The last year was exciting and full of challenges for the SCHUTZWERK-Team. We were personally touched by the leave of our Managing Director Holger Gerlach. He left the company for personal reasons. Greetings from the whole team and all the best for you and your family, dear Holger! From 2018, Christoph Wolfert and Dr. Bastian Könings will take over more responsibility in their new role as Managing Consultants. Hamburg - We are coming!
The 9th German OWASP Day will take place in Essen on the 14th of November. SCHUTZWERK GmbH is an official sponsor of the event. The German OWASP Day 2017 , like every year, will be hosted by the German OWASP Chapter. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting lectures on secure development, operation, testing and management in the field of applications.
This year the it-sa, one of the biggest trade fairs for IT-Security in the German-speaking region, will take place from 10th to 12nd October at the Nuremberg Exhibition Centre. SCHUTZWERK GmbH will be present in hall 9, booth 9-615. This is the joint booth of the Bavarian IT security cluster. Visitors who want to prove their hacking skills can do so at one of two capture-the-flag contests. Here, participants experience a lack of IT security in practice and can take advantage of one of the rare opportunities for hacking legally.
hardwear.io will take place in Den Haag/Netherlands on 21st-22nd of September 2017. SCHUTZWERK GmbH is an official sponsor of the event. hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The conference will present and discuss current topics of hardware security, for example concerning automotive and IoT sectors. SCHUTZWERK regularly conducts technical assessments and security consulting in the area of embedded systems and IoT, see also Embedded Systems Assessment .
On March 24, 2017, SCHUTZWERK, in cooperation with the Institute for Distributed Systems, held a "Capture-The-Flag" hacking competition for about 60 students of the University of Ulm. As part of the all-day workshop at the University of Ulm, students were given various hacking tasks in multiple categories and difficulty levels. A part of the tasks were concerned with a forensic investigation of IT systems, based on provided memory images. Further tasks covered the areas of security of web applications, algorithms and cryptography.
In cooperation with the Universities of Furtwangen and Aalen, SCHUTZWERK organized a hacking event on the 25th resp. 30th of November 2016, which also included a ‘‘Capture the Flag Contest’’. With overall nearly 100 participants and a lot of positive feedback the events were a full success. We like to say thank you for the professional cooperation to those responsible on the side of the Universities of Furtwangen and Aalen. Also a big thank you to all participating students for the awesome participation!
In cooperation with the University of Aalen, SCHUTZWERK is organizing a Hacking Workshop with “Capture the Flag Contest” on the 30th November 2016. The event enables the participants to achieve IT security know-how in a playful way. The workshop covers diverse areas, for example the forensic analysis of IT systems, on the basis of a working storage map. Further topics in the area of web application hacking, algorithmics and cryptographiy will be addressed additionally.
Since 2012 SCHUTZWERK is sponsoring the mens handball team I of the SG Ulm & Wiblingen. This year it was time again for new tracksuits and warm-up shirts. The best wishes from SCHUTZWERK to the regional league team from SG Ulm & Wiblingen for the game season 2016 / 2017.
In cooperation with the University of Furtwangen, SCHUTZWERK is organizing the Hack2Improve event on the 25th November 2016, focusing on the latest IT security topics. Hack2Improve is a hands-on event that attracts beginners as well as advanced attendees year after year. For example, they learn how to read a secure WLAN connection. Another key issue includes the basics for examining a smartphone app and the sensitive data it contains. Intermediate participants learn the forensic investigation of IT systems as well as advanced topics in the field of hacking web applications.
The 8th German OWASP Day will take place in Darmstadt on the 29th of November. SCHUTZWERK GmbH is an official sponsor of the event. The yearly German OWASP Day conference is hosted by the OWASP German Chapter. The event features interesting talks and presentation concerning secure development, operations, test and management in the area of application security, with a focus on web applications. In addition, interdisciplinary and non-technical topics are also presented.
SCHUTZWERK at the first IT-GRC Congress in Berlin. On the 15th and 16th June 2016 the first IT-GRC Congress took place in Berlin. The organizers "ISACA Germany Chapter e.V." and “Quadriga Hochschule Berlin” focus the event on “Cyber Security & Digital Transformation”. But the topics went beyond Governance, Revision and Compliance and covered also the current threat landscape in information technology. At the event Christoph Wolfert, Senior Security Consultant at SCHUTZWERK GmbH, spoke about targeted attacks.
After a lot of work and dedication, our new website has now gone online this August. In close collaboration with the web specialists of the agency Halma and with the ongoing support of the graphic design agency greenergrass, we have now taken our online presence to a new level. At the same time, we have also streamlined our portfolio in order to take account of increasing specialization requirements in information and IT security.
On 14th June 2016, the 13th Cyber Security Day took place in Leipzig. This event was organized by the Alliance for Cyber Security, an initiative of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI). This time the event was dedicated to the topic of "Web Application Security". Owing to the huge demand, the contents were, for the first time, specifically aimed at “engineers” as target audience.
We support you through difficult times! Dear customers, business partners and interested parties, we, the SCHUTZWERK team, hope that all of you are well and remain healthy. We would like to assure you that we will continue to be at your full disposal and will gladly support you in this difficult situation. Our Forensics and Incident Response Team already supports many customers in analyzing the increasing number of IT-based attacks. With our dedicated security review for home office and remote work solutions we support our customers in dealing with current challenges.