Fraunhofer SIT Finds Serious Security Flaws in TwitterKit for iOS

The Fraunhofer Institute for Secure Information Technology SIT in Darmstadt has discovered serious flaws in the TwitterKit for iOS 3.4.2 that can result in account abuse and data loss. The TwitterKit is an end-of-life software library that is no longer updated but is still used in apps. The Fraunhofer researchers urge app developers to stop using the TwitterKit for iOS app developments and to replace it in existing apps. Technical details about the vulnerability can be found here: www.sit.fraunhofer.de/cve.

Read the press release


Danger over the phone

Hackers can access sensitive data and services also via telephone devices: Most companies use VoIP telephones that are integrated into the company network. Security researchers at the Fraunhofer Institute for Secure Information Technology have found a total of 40 partly serious vulnerabilities in these VoIP telephones. Attackers can misuse these gaps to intercept calls, deactivate the telephone or gain further access to the company network via weak points in the device. The VoIP telephones producers have by now closed these vulnerabilities. Users are strongly recommended to install the appropriate updates of the device’s firmware. Further technical details on the vulnerabilities can be found at www.sit.fraunhofer.de/cve . The researchers presented the results of their investigations at DEFCON, one of the world’s largest hacker conferences.

Read the press release


Innovations for more Cyber Security

The second round of the Hessian-Israeli Partnership Accelerator (HIPA) was concluded with a final event on the panorama floor of the Commerzbank headquarters in Frankfurt/Main. Three German-Israeli teams presented their research results to around 80 guests from international politics and the financial and cyber security sectors, including Sandra Simovich, Consul General of the State of Israel, Dr. Stefan Heck, State Secretary in the Hessian Ministry of the Interior, and Jörg Hessenmüller, COO and member of the Board of Managing Directors of Commerzbank AG.

Read the press release


Two Fraunhofer Project Centers opened in Israel

The Fraunhofer-Gesellschaft is collaborating globally with excellent partners to create synergies for research and to build bridges to regional markets. With this in mind, two new Project Centers were opened in Israel on May 21 during a ceremony at the Hebrew University of Jerusalem: The “Fraunhofer Project Center for Cybersecurity at The Hebrew University of Jerusalem” and the “Fraunhofer Project Center for Drug Discovery and Delivery at The Hebrew University of Jerusalem”. The two Project Centers combine the expertise of the Israeli partners from the Hebrew University of Jerusalem (HUJI) with the competencies of the Fraunhofer Institute for Secure Information Technology SIT and the Fraunhofer Institute for Interfacial Engineering and Biotechnology IGB and are the first project centers of the Fraunhofer-Gesellschaft in Israel.

Read the press release


Fraunhofer research team demonstrates how to subvert the most popular method for issuing web certificates

A research team at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, Germany, has found a way to issue fraudulent website certificates that are used to ensure trustworthiness of Internet domains. The team lead by Dr. Haya Shulman has shown that the weakness in the domain validation can be exploited in real life and that the security of Internet infrastructures needs to be improved. To do so the researchers have informed Web CAs (Certificate Authorities) and suggest a new implementation that Web CAs may use to mitigate the attack. Further information at https://www.sit.fraunhofer.de/en/dvpp/

Read the press release


Infineon enables open source software stack for TPM 2.0

Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) has enabled a new open source software stack. It makes work easier for developers who want to use the Trusted Platform Module (TPM) 2.0 – a standardized hardware-based security solution for securing industrial, automotive and other applications such as network equipment.

Read the press release


Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.

Read the press release


Automated electric mobility: The research project iKoPA presents architecture for secure and privacy-aware mobility services.

The project partners of the research project integrated communications platform for automated electric vehicles (iKoPA) presented on May 23, 2018 in Merzig the technical groundwork for a communications system that will accelerate the implementation of mobility services for automated electric mobility by simple, secure and privacy-aware concepts. Technologies that have been advanced by the project were presented during demonstration drives.

Read the press release


Freezing the Web

Everybody, who uses the Internet, is familiar with the problem: you need information of a web site urgently, want to make a booking or an online-purchase, but the required web site does not load. Common measures, such as restarting your computer or checking the WiFi connection, are not always successful, sometimes it also helps to wait for some time and then try again. Scientists at the Center for Research in Security and Privacy, CRISP demonstrate that malicious intentions may cause such scenarios.

Read the press release


Transparent IT Production for Digital Sovereignty

Whether in the automotive, the energy or the financial sector: information technology is increasingly penetrating all aspects of life. At the same time, security gaps in closed hardware and software produced in globalised supply chains are becoming increasingly incalculable. This is the result reached by IT security experts from the Karlsruhe Institute of Technology (KIT), Fraunhofer Institute for Secure Information Technology, Fraunhofer Singapore, RheinMain University of Applied Sciences, and Technical University of Berlin.

Read the press release

Job offers

Fraunhofer SIT seeks scientific staff, partly also for management positions

You will be responsible for planning, leading, executing and representing applied R&D projects, jointly with clients and partners from industry, government agencies and academia.