Fraunhofer research team demonstrates how to subvert the most popular method for issuing web certificates
A research team at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, Germany, has found a way to issue fraudulent website certificates that are used to ensure trustworthiness of Internet domains. The team lead by Dr. Haya Shulman has shown that the weakness in the domain validation can be exploited in real life and that the security of Internet infrastructures needs to be improved. To do so the researchers have informed Web CAs (Certificate Authorities) and suggest a new implementation that Web CAs may use to mitigate the attack. Further information at https://www.sit.fraunhofer.de/en/dvpp/
Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) has enabled a new open source software stack. It makes work easier for developers who want to use the Trusted Platform Module (TPM) 2.0 – a standardized hardware-based security solution for securing industrial, automotive and other applications such as network equipment.
Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.
Automated electric mobility: The research project iKoPA presents architecture for secure and privacy-aware mobility services.
The project partners of the research project integrated communications platform for automated electric vehicles (iKoPA) presented on May 23, 2018 in Merzig the technical groundwork for a communications system that will accelerate the implementation of mobility services for automated electric mobility by simple, secure and privacy-aware concepts. Technologies that have been advanced by the project were presented during demonstration drives.
Everybody, who uses the Internet, is familiar with the problem: you need information of a web site urgently, want to make a booking or an online-purchase, but the required web site does not load. Common measures, such as restarting your computer or checking the WiFi connection, are not always successful, sometimes it also helps to wait for some time and then try again. Scientists at the Center for Research in Security and Privacy, CRISP demonstrate that malicious intentions may cause such scenarios.
Whether in the automotive, the energy or the financial sector: information technology is increasingly penetrating all aspects of life. At the same time, security gaps in closed hardware and software produced in globalised supply chains are becoming increasingly incalculable. This is the result reached by IT security experts from the Karlsruhe Institute of Technology (KIT), Fraunhofer Institute for Secure Information Technology, Fraunhofer Singapore, RheinMain University of Applied Sciences, and Technical University of Berlin.
Whether online-banking or blockchain – most IT security mechanisms for protecting data and digital communication are based on cryptography. Quantum computers and new forms of attacks are threatening many of these IT security mechanisms. How businesses and society can protect the cyber world from such devastating threats in the future was discussed by experts from business, research, and politics at the “Eberbacher Gespräch” on “Next Generation Cryptography”. The experts’ opinion: Cryptography must become more flexible in order to be able to react quickly to technical changes. If this does not happen soon, the cyber world could experience a security meltdown.
Verification of Cloud Services, Internet Security and Protection of Spam and DoS attacks: Cyersecurity premiere of HIPA - Hessian-Israeli Partnership Accelerator
Boris Rhein, the Hessian Minister of Science, and Yigal Unna, Chief Technologist for cyber security of the Israeli government, have launched the Hessian-Israeli Partnership Accelerator (HIPA) for Cybersecurity.
Nanyang Technological University, Singapore (NTU Singapore) and FraunhoferGesellschaft (Fraunhofer), a renowned German institution for applied research, are launching a research institute to develop digital technologies to help companies move into the digital era and remain competitive.
At the Hannover Messe from April 24 to 28, 2017, Fraunhofer researchers will present two new procedures for the protection of Industrie 4.0 production facilities (Hall 2, Booth C16/C22): here, a self-learning system recognizes security incidents in manufacturing facilities without knowledge of the underlying system architecture. Hardware-based security modules report manipulation tests on machines and components.
The Fraunhofer Institute for Secure Information Technology SIT has identified serious security gaps in Android's password apps. In many of the most popular password managers, cybercriminals could easily gain access to protected information, for example, if the attacker is on the same network. The manufacturers were informed and have corrected the vulnerabilities. However, users should ensure that they are using the updated app version.
The Fraunhofer Institute for Secure Information Technology has discovered severe security vulnerabilities in security apps for Android. These vulnerabilities can be exploited to turn such apps into attack tools, taking control of smartphones and then extorting their owners financially. “According to our estimates, up to 675 million devices worldwide could be affected,” says Michael Waidner, director of Fraunhofer SIT.
Fraunhofer Institute for Secure Information Technology SIT presents CodeInspect at CeBIT, a new tool for analyzing Android apps. With CodeInspect, companies can track vulnerabilities and malware in the compiled program code very quickly; library developers can analyze their library to identify software defects. Fraunhofer SIT demonstrates the ready-to-use tool at CeBIT in Hanover from March 14 to 18 in hall 6 at stand B36. More information on the technology and product trials are available at https://codeinspect.de .
The Hebrew University of Jerusalem and Fraunhofer SIT, Germany’s leading institute for applied cybersecurity research, agreed to jointly create a project center for cybersecurity in Jerusalem
Fraunhofer app security check integrated into MobileIron: EMM customers have easy access to the latest app security assessments
Israeli Ambassador Yakov Hadas-Handelsman visits Fraunhofer SIT in Darmstadt. German-Israeli research activities aim at improving security of the Internet, Critical Infrastructures, Cyberphysical Systems, Cloud Computing, Big Data and Business Software. Key Actors meet at Cybersecurity Innovation Workshop in Tel Aviv at the End of June.
Technische Universität Darmstadt and Fraunhofer SIT: App Data Vulnerability Threatens Millions of Users
Developers Misuse Authentication for Cloud Services leaving Millions of Data Sets open to Attacks.
In the wake of the revelations that intelligence agencies have been engaged in mass surveillance activities, both industry and society at large are looking for practicable encryption solutions that protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user friendly enough. Fraunhofer has launched an open initiative called “Volksverschlüsselung” with the aim of bringing end-to-end encryption to the masses. Fraunhofer researchers will be presenting a prototype of their easy-to-use software and the infrastructure concept behind it at CeBIT 2015 (Hall 9, Booth E40).
Hackers and cyber criminals are using “sleeper” malware more and more to hide malicious code for mobile devices in apps. This “sleeper” malware does nothing initially. After a certain amount of time or predetermined action, though, it becomes active - making its recognition very difficult. Therefore, security researchers at the TU Darmstadt and Fraunhofer Institute for Secure Information Technology have developed the analysis tool Harvester, which helps security analysts uncover malicious “sleeper” code in Android apps within minutes.
Fraunhofer SIT and Arkoon Netasq team up to provide better protection against advanced persistent cyber threats
The Fraunhofer Institute for Secure Information Technology SIT and Arkoon Netasq, a subsidiary of Airbus Defence and Space, have jointly developed Hash Guard, a proof of concept for protecting enterprises against widespread pass-the-hash attacks, as part of a new cooperation agreement.
Many popular android apps, including those from banks, publishers, and other large organisations, pose massive security issues. This is the conclusion reached by researchers in the test-lab at Fraunhofer Institute for Secure Information Technology in Darmstadt.
it-sa 2013: The "Secure VPN GovNet Box" from NCP and Fraunhofer SIT has just obtained German Federal Office for Information Security (BSI) approval for governmental use. This hardware solution encrypts Internet connections between two sites and protects against eavesdropping.
Security Solution BizzTrust Makes Devices Simultaneously and Securely Available for Private and Business Use
CeBIT 2013: Innovative security solution separates business and private data and services on Android devices and protects against attacks on company infrastructure
It’s already possible to open doors using an app – but we are a long way from seeing widespread acceptance of this in the market. Now, researchers have developed a piece of software that will make the technology even more secure and versatile.
Fraunhofer SIT receives award for the development of the BizzTrust security solution for smart devices – the IT Security Association Germany (TeleTrustT) confers award for a solution that separates business and private data and services on mobile devices.
Global Leaders Address Top Emerging Issues on Cloud Security and Privacy. Co-hosted by the CSA, ENISA, ISACA, CASED, and the Fraunhofer Institute SIT, the Industry’s Only European Conference on Cloud Security Will Highlight Mobile and Policy Aspects of Cloud Computing Security
First PlugFest on trusted computing in Europe: Experts test new IT security products for corporate networks