{"id":8373,"date":"2025-03-18T12:32:02","date_gmt":"2025-03-18T11:32:02","guid":{"rendered":"https:\/\/nethemba.com\/ueber-uns\/research\/"},"modified":"2025-03-31T06:21:58","modified_gmt":"2025-03-31T04:21:58","slug":"forschung","status":"publish","type":"page","link":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/","title":{"rendered":"Forschung"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"8373\" class=\"elementor elementor-8373 elementor-7732\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-128f736 elementor-hidden-mobile e-flex e-con-boxed e-con e-parent\" data-id=\"128f736\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-5d88bba e-con-full e-flex e-con e-child\" data-id=\"5d88bba\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fbca056 elementor-widget elementor-widget-heading\" data-id=\"fbca056\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Forschung\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7733c3a elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"7733c3a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8e72960 e-con-full e-flex e-con e-child\" data-id=\"8e72960\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ff6e8a0 elementor-widget elementor-widget-image\" data-id=\"ff6e8a0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"777\" height=\"640\" src=\"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png\" class=\"attachment-large size-large wp-image-7683\" alt=\"\" srcset=\"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png 777w, https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1-300x247.png 300w, https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1-768x633.png 768w\" sizes=\"(max-width: 777px) 100vw, 777px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3a5a493 elementor-hidden-desktop elementor-hidden-tablet e-flex e-con-boxed e-con e-parent\" data-id=\"3a5a493\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-0e4474d e-con-full e-flex e-con e-child\" data-id=\"0e4474d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7935ce9 elementor-widget elementor-widget-heading\" data-id=\"7935ce9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Forschung\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03cd8ae elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"03cd8ae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-957fe9d e-con-full e-flex e-con e-child\" data-id=\"957fe9d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-81121c2 elementor-widget elementor-widget-image\" data-id=\"81121c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"777\" height=\"640\" src=\"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png\" class=\"attachment-large size-large wp-image-7683\" alt=\"\" srcset=\"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png 777w, https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1-300x247.png 300w, https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1-768x633.png 768w\" sizes=\"(max-width: 777px) 100vw, 777px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a1ada16 e-flex e-con-boxed e-con e-parent\" data-id=\"a1ada16\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-4e77c2b e-con-full e-flex e-con e-child\" data-id=\"4e77c2b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-db6842e elementor-widget elementor-widget-text-editor\" data-id=\"db6842e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p lang=\"en-GB\">Im Falle, dass Sie unsere Publikationen und Pr\u00e4sentationen suchen, fahren sie mit \u201e<a href=\"https:\/\/web.archive.org\/web\/20231023112905\/https:\/\/nethemba.com\/de\/dienste\/it-sicherheitsdienstleistungen\/konsultationen-und-schulungen\/\" data-wpel-link=\"internal\">Konsultationen und Schulungen<\/a>\u201d fort.<\/p><p lang=\"en-GB\">W\u00e4hrend unserer T\u00e4tigkeit in der IT-Sicherheit analysierten und entdeckten wir eine Menge von ernsten Sicherheitsl\u00fccken in verschiedenen \u00f6ffentlichen Systemen. Viele Sicherheitsl\u00fccken haben wir bei Sicherheitskonferenzen pr\u00e4sentiert:<\/p><ul><li lang=\"en-GB\">\u00d6ffentliche Sicherheitsanalyse von slowakischen biometrischen P\u00e4ssen<\/li><li>Ernste Sicherheitsl\u00fccken in slowakischen und tschechischen Mifare Chipkarten<\/li><li>Ernste Sicherheitsl\u00fccken in SMS Fahrkarten<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-cb33260 e-flex e-con-boxed e-con e-parent\" data-id=\"cb33260\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-6c53031 e-con-full e-flex e-con e-child\" data-id=\"6c53031\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-879a22a elementor-widget elementor-widget-heading\" data-id=\"879a22a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Public security analysis of Slovak biometric passports<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8dad2e3 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8dad2e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d005fd elementor-widget elementor-widget-text-editor\" data-id=\"4d005fd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 lang=\"en-GB\">(still in progress \u2013 if you can help us,\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/https:\/\/nethemba.com\/contact\/\" data-wpel-link=\"internal\">do not hesitate to contact us<\/a>)<\/h3><p lang=\"en-GB\">We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.touchatag.com\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">touchatag reader<\/a>\u00a0that\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.touchatag.com\/e-store\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">can be bought<\/a>\u00a0for 30 \u20ac).<\/p><p lang=\"en-GB\">Personal data are encrypted by\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/en.wikipedia.org\/wiki\/Machine-readable_passport\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Machine Readable Zone<\/a>\u00a0which is printed on the last but one page of the passport.\u00a0The MRZ is composed from the passport\u2019s number, the birthdate and date of expiration. With the knowledge of this information\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.highprogrammer.com\/cgi-bin\/uniqueid\/mrzp\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">MRZ can be computed<\/a>. The following information can be obtained from the passport using MRZ:<\/p><ul><li>All personal information that is already printed in the passport (EF.DG1)<\/li><li>Photograph of the passport holder (stored in JPEG)\u00a0(EF.DG2)<\/li><\/ul><p lang=\"en-GB\">The following information cannot be read using MRZ and require a special key\u00a0(owned by the Slovak government):<\/p><ul><li>Fingerprint of the passport holder (EF.DG3)<\/li><li>Active Authentication\u00a0Public\u00a0Key Info (EF.DG15)<\/li><\/ul><p>The passport is not by-default protected by a special\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.rfid-shield.com\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">RFID\u00a0shield<\/a>, so it can be read closed from the distance of 5 cm. In case of using the stronger antenna this distance can be significantly bigger (up to 10 meters and it will increase in the future).<\/p><p>The passport returns a random unique ID\u00a0(UID), so it is not possible to fingerprint it and determine its producer\u00a0(this behaviour can be emulated by NXP JCOP 41 v2.2.1 72K\u00a0<strong>RANDOM_UID smartcard)<\/strong>.<\/p><p>Without \u201cActive Authentication Public Key Info\u201d it is not easy to clone the passport.<\/p><p>To verify:<\/p><ul><li>How do official Slovak biometrical passport readers respond, when they read the passport with invalid hash, digital sign, absence of AA\u00a0information (do they accept an imperfect clone?)<\/li><li>Is it possible to create the imperfect clone (using NXP\u00a0JCOP 41 v2.2.1 72k RANDOM_UID smartcard) where EF.DG3 and EF.DG15 is removed from the passport index?\u00a0Do official Slovak biometrical passport readers accept this clone?<\/li><li>Is it possible to attack the chip using covert channels (e.g. using by<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/wiki.whatthehack.org\/images\/2\/28\/WTH-slides-Attacks-on-Digital-Passports-Marc-Witteman.pdf\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Time-Power Analysis of RSA<\/a>?)<\/li><li>Analysis of MRZ\u00a0entropy:<br \/>date of expiry (10 years) = 3650 values<br \/>birthday (estimation +\/- 5 years)\u00a0= 3650 values<br \/>passport number (2 alpha characters + 7 numbers) = 25 *\u00a025 *\u00a0(10 ^ 7) = 6250000000 values<\/li><li>Is it possible to determine the passport number?\u00a0(what algorithm is used for assigning new passport numbers?)<\/li><\/ul><p><strong>You have a right to be informed about security of technologies that process your sensitive information!<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b97b8d9 e-flex e-con-boxed e-con e-parent\" data-id=\"b97b8d9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-055a454 e-con-full e-flex e-con e-child\" data-id=\"055a454\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c097b0f elementor-widget elementor-widget-heading\" data-id=\"c097b0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Critical vulnerabilities in Czech\/Slovak Mifare Classic cards<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8883849 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8883849\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b85087e elementor-widget elementor-widget-text-editor\" data-id=\"b85087e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p lang=\"en-GB\">We have analysed Czech\/Slovak most used public transport and access smart cards (Bratislava public transport card, University\/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology.<\/p><p lang=\"en-GB\">Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption.<br \/>We have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.<br \/>We have also estimated costs of effective attacks and proposed appropriate effective countermeasures from the most secure ones (replacement of all vulnerable cards) to less secure ones (bind card\u2019s UID with passenger, UID whitelisting, digital signing, \u201cdecrement counter\u201d solution).<\/p><p lang=\"en-GB\">For the demonstration of the seriousness of these vulnerabilities we have implemented and released our own implementation of \u201coffline nested\u201d attack that can be used for offline cracking of all keys for all sectors without valid RFID reader.<\/p><p lang=\"en-GB\"><a href=\"https:\/\/web.archive.org\/web\/20250126092028\/https:\/\/nethemba.com\/resources\/mifare-classic-zranitelnosti.pdf\" data-wpel-link=\"internal\">An official paper of revealed Slovak and Czech Mifare Classic vulnerabilities (in Slovak)<\/a><\/p><p lang=\"en-GB\"><a href=\"https:\/\/web.archive.org\/web\/20250126092028\/https:\/\/nethemba.com\/resources\/mifare-classic-slides.pdf\" data-wpel-link=\"internal\">Technical presentation of Mifare Classic vulnerabilities<\/a><\/p><p lang=\"en-GB\"><a href=\"https:\/\/web.archive.org\/web\/20250126092028\/https:\/\/github.com\/nfc-tools\/mfoc\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Our Mifare Classic Offline Cracker (new version 0.09 for libnfc 1.3.9)<\/a><\/p><p lang=\"en-GB\">(tested with\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/code.google.com\/p\/crapto1\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">crapto1<\/a>,\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.libnfc.org\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">libnfc<\/a>\u00a0and\u00a0<a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/www.touchatag.com\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Tikitag\/Touchatag reader<\/a>)<\/p><p lang=\"en-GB\"><strong>Presentations:<\/strong><\/p><ul><li><a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/konference.iinfo.cz\/tib-2010\/program\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Confidence 2.0 in Warsaw<\/a><\/li><li><a href=\"https:\/\/web.archive.org\/web\/20250126092028\/http:\/\/konference.iinfo.cz\/tib-2010\/program\/\" rel=\"external noopener noreferrer\" data-wpel-link=\"external\">Trendy v Internetov\u00e9 bezpe\u010dnosti in\u00a0Prague<\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5e4f5e4 e-flex e-con-boxed e-con e-parent\" data-id=\"5e4f5e4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-ae87504 e-con-full e-flex e-con e-child\" data-id=\"ae87504\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c9cf207 elementor-widget elementor-widget-heading\" data-id=\"c9cf207\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Ernsthafte Sicherheitsl\u00fccken in SMS-Fahrkarten<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8829b9d elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8829b9d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b388b8f elementor-widget elementor-widget-text-editor\" data-id=\"b388b8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>SMS-Fahrkarten sind in allen Grosst\u00e4ten in Europa (Prag, Bratislava, Kosice, Wien, Warschau und anderen) beliebt und werden gerne genutzt.<\/p><p>Das Ziel unserer Forschung war es, auf ernsthafte Sicherheitsl\u00fccken der SMS-Fahrkarten hinzuweisen, die gar keine Verbindung mit dem Passagier haben. F\u00fcr eine Demonstration haben wir eine spezielle Netzwerkarchitektur entworfen, die die M\u00f6glichkeit bietet, durch verschl\u00fcsselte Verbindungen eine massive Versendung der SMS-Fahrkarten zwischen der Fahrg\u00e4sten durchzuf\u00fchren(SMS-Ticket-Hacker-Server und SMS-Ticket-Hacker-Client).<\/p><p>Die Kritikalit\u00e4t dieser Sicherheitsl\u00fccke wird dadurch erh\u00f6ht, dass in der\u00a0 Gegenwart keine einfache und billige M\u00f6glichkeit existiert, diese Attacke entdecken zu k\u00f6nnen.<\/p><p lang=\"en-GB\">Wir haben einige, aber leider ungen\u00fcgende Teill\u00f6sungen entworfen, die ein Verkehrsbetrieb realisieren kann, um diese Attacke zu entdecken.<\/p><p>Wir haben auch eine sichere und zuverl\u00e4ssige L\u00f6sung entworfen, die die Fahrgastidentit\u00e4t mit einer SMS-Fahrkarte verbindet und somit eine sichere Ausgabe der SMS-Karten sowie eine schnelle Kontrolle durch Kontolleorgane (Revisoren) erm\u00f6glicht.<\/p><p>Trotzdem die Verkehrbetriebe \u00fcber diese Sicherheitsl\u00fccke mit grossem zeitlichem Vorsprung informiert wurden, wird diese Sicherheitsl\u00fccke weiterhin ignoriert und es werden alte Systeme weiterhin genutzt.<\/p><p lang=\"en-GB\"><strong>Pr\u00e4sentation<\/strong><b>: <\/b><a href=\"https:\/\/nethemba.com\/resources\/SMS-ticket-hack4.pdf\">Sicherheitsl\u00fccken in SMS-Fahrkarten (Pr\u00e4sentation auf Englisch)<\/a><\/p><div id=\"__ss_4738280\"><iframe src=\"https:\/\/www.slideshare.net\/slideshow\/embed_code\/4738280\" width=\"425\" height=\"355\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" data-mce-fragment=\"1\"><\/iframe><\/div><p lang=\"en-GB\"><strong>Publikationen auf Konferenzen:<\/strong><br \/><a href=\"https:\/\/har2009.org\/program\/events\/89.en.html\">Hacking At Random 2009 in der Niederlanden<\/a><br \/><a href=\"http:\/\/metalab.at\/wiki\/SMS-Ticket-Vortrag\">Confidence in Krakau \/ Polen<br \/>Metalab in Wien<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Forschung Forschung Im Falle, dass Sie unsere Publikationen und Pr\u00e4sentationen suchen, fahren sie mit \u201eKonsultationen und Schulungen\u201d fort. W\u00e4hrend unserer T\u00e4tigkeit in der IT-Sicherheit analysierten und entdeckten wir eine Menge von ernsten Sicherheitsl\u00fccken in verschiedenen \u00f6ffentlichen Systemen. Viele Sicherheitsl\u00fccken haben wir bei Sicherheitskonferenzen pr\u00e4sentiert: \u00d6ffentliche Sicherheitsanalyse von slowakischen biometrischen P\u00e4ssen Ernste Sicherheitsl\u00fccken in slowakischen und [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":8344,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-8373","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Forschung - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Forschung - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Forschung Forschung Im Falle, dass Sie unsere Publikationen und Pr\u00e4sentationen suchen, fahren sie mit \u201eKonsultationen und Schulungen\u201d fort. W\u00e4hrend unserer T\u00e4tigkeit in der IT-Sicherheit analysierten und entdeckten wir eine Menge von ernsten Sicherheitsl\u00fccken in verschiedenen \u00f6ffentlichen Systemen. Viele Sicherheitsl\u00fccken haben wir bei Sicherheitskonferenzen pr\u00e4sentiert: \u00d6ffentliche Sicherheitsanalyse von slowakischen biometrischen P\u00e4ssen Ernste Sicherheitsl\u00fccken in slowakischen und [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-31T04:21:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"777\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"6\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/\",\"name\":\"Forschung - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/HeroImg-squared-5-1-1.png\",\"datePublished\":\"2025-03-18T11:32:02+00:00\",\"dateModified\":\"2025-03-31T04:21:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/HeroImg-squared-5-1-1.png\",\"contentUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/HeroImg-squared-5-1-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/forschung\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u00dcber uns\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/uber-uns\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Forschung\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Forschung - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/","og_locale":"de_DE","og_type":"article","og_title":"Forschung - Nethemba","og_description":"Forschung Forschung Im Falle, dass Sie unsere Publikationen und Pr\u00e4sentationen suchen, fahren sie mit \u201eKonsultationen und Schulungen\u201d fort. W\u00e4hrend unserer T\u00e4tigkeit in der IT-Sicherheit analysierten und entdeckten wir eine Menge von ernsten Sicherheitsl\u00fccken in verschiedenen \u00f6ffentlichen Systemen. Viele Sicherheitsl\u00fccken haben wir bei Sicherheitskonferenzen pr\u00e4sentiert: \u00d6ffentliche Sicherheitsanalyse von slowakischen biometrischen P\u00e4ssen Ernste Sicherheitsl\u00fccken in slowakischen und [&hellip;]","og_url":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2025-03-31T04:21:58+00:00","og_image":[{"width":777,"height":640,"url":"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"6\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/","url":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/","name":"Forschung - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/#primaryimage"},"image":{"@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png","datePublished":"2025-03-18T11:32:02+00:00","dateModified":"2025-03-31T04:21:58+00:00","breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/uber-uns\/forschung\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/#primaryimage","url":"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png","contentUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2025\/03\/HeroImg-squared-5-1-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/uber-uns\/forschung\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"\u00dcber uns","item":"https:\/\/nethemba.com\/de\/uber-uns\/"},{"@type":"ListItem","position":3,"name":"Forschung"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/8373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=8373"}],"version-history":[{"count":5,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/8373\/revisions"}],"predecessor-version":[{"id":8380,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/8373\/revisions\/8380"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/8344"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=8373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}