Publication date: March 5, 2019

Karsten Nohl to speak at PHDays 9

World-renowned GSM security researcher Dr. Karsten Nohl will give a keynote talk at Positive Hack Days 9. A member of the Chaos Computer Club in Germany during his student days, Karsten is a leading specialist in data security and encryption. He likes to test security assumptions in proprietary systems and typically breaks them. He is personally behind the security for Reliance Jio, the world's fastest-growing telecom network.

Karsten Nohl

Karsten first entered the spotlight in 2009, when he succeeded in breaking the GSM encryption algorithm. He publicly debuted the hack in action at the Chaos Communication Congress in Berlin.

В 2013, he discovered a vulnerability in the Data Encryption Standard (DES) encryption algorithm used in hundreds of millions of SIM cards from numerous manufacturers. By sending a special message to a phone, an attacker could trick it: the phone would think the message was from the mobile operator and include a cryptographic signature in its reply message. Deriving the phone's encryption key from this code takes around two minutes. With the key, the attacker could listen to the conversations of the phone owner, intercept SMS messages, and make fraudulent payments.

Together with Jakob Lell, a researcher at Security Research Labs, Karsten made news again in 2014 with the announcement of the BadUSB vulnerability. Attackers could target the controller chip of USB devices in order to take control of the victim's computer. Later that year at the Chaos Communication Congress, Karsten and Tobias Engel described serious SS7 vulnerabilities, which enable easy interception of phone conversations and SMS messages even on mobile networks compliant with all modern encryption standards. All phones and smartphones were found to be vulnerable, regardless of operating system.

Last year, Karsten and Jakob presented at Hack In The Box about the contents of security updates issued by major Android vendors. After two years of painstaking research, the duo reached a sobering confusion about the existence of a "patch gap." Many major Android brands put out security patches only for show: many of the bugs supposedly addressed by patches remain unfixed.

This year will not be Karsten's first time at PHDays. In 2014 he presented at PHDays IV about attacks on mobile networks and methods of bypassing traditional protections used by telecom operators.

Don't miss the chance to learn from the best in person: sign up and come to Positive Hack Days! For those interested in presenting from the same stage as world-name experts, the call for papers is open until March 31. Details about topics and guidelines are available on the PHDays website.

All news