The end of 2018 is here already! X41 wishes you a lot of fun in the next few weeks and hopes all of you are able to get some time off.
2018 was exciting for X41 and everyone involved. We are proud that our contributions to research were accepted by several conferences, and that public audits were released by some of our customers. X41 is growing and our team has got bigger, with new, highly skilled members on board!
2018 began with a talk by Markus at Offensive Con about the dangers of WebUSB. He and Michele Orrù presented attacks against FIDO U2F and showed a demo against YubiKey. The research attracted a lot of attention and was featured in several articles, including one from Wired.
@antisnatchor and @marver killing it at @offensive_con pic.twitter.com/Uh8867pysH— Carroll (@n0x00) March 19, 2018
In March, Eric traveled to the beautiful beaches of Goa to present some insights into different IoT Operating Systems (Contiki, Apache MyNewt, RIOT, Zephyr) at Nullcon. Furthermore, other results of Kudelski and our audit of the Wire mobile phone and web clients were released.
Windchill outside is -20°C and your co-worker sends you pics from @nullcon .. pic.twitter.com/nXS1yyFvib— Markus Vervier (@marver) March 1, 2018
In July, Niklas went to Lille to present his research on shadowsocks at Pass The Salt in Lille. He identified several flaws in implementation and design that could impact users of shadowsocks in significant ways.
Our researcher @CyberCl0wn shared his knowledge about ShadowSocks VPN (in-)security at @passthesaltcon.— X41 D-SEC GmbH (@X41Sec) July 5, 2018
Slides: https://t.co/AkhpKvYDkd#pts18 pic.twitter.com/wDECJh4kBE
Eric went to Las Vegas in August, to attend defcon 26, where he demonstrated some attacks on smartcard drivers and released several fuzzing tools that aid in finding further bugs. He went into a bit more detail in October at beVX in Hong Kong.
. @X41Sec on smartcard hacking #bevxcon pic.twitter.com/gzkqzf1cgp— Aviram Jenik (@aviramj) September 21, 2018
In the same month, we were happy that Mozilla decided to publish the results of our review of the updater for Mozilla Firefox. It is available here.
One of the most interesting research projects we had in 2018 was hacking faxes! X41 started this research early in 2018, and discovered several flaws in enterprise-class fax servers and fax clients. The vulnerabilities even allowed remote compromise-and-command execution using only the phone line! We released advisories on bugs in Linux fax software, and Luis did a great writeup on the topic. Unfortunately, he could not join Markus and Eric in Saint Petersburg at zeronights in November to present the topic. Nevertheless, our slides were made available.
Research «Zero Fax given» by Eric Sesterhenn, Luis Merino and Markus Vervier #ZeroNights #ZeroNights2018 pic.twitter.com/x4kMrWqWJJ— ZeroNights (@ZeroNights) November 21, 2018
In 2019, X41 will have more exciting contributions to make, so stay tuned! Happy Holidays!
About X41 D-Sec GmbH
X41 D-Sec GmbH is an expert provider of application security services. Having extensive industry experience and expertise in information security enables X41’s strong core team of world-class experts to perform premium security services.
Fields of expertise in application security are security-centric code reviews, binary reverse engineering, and vulnerability discovery. Custom research and IT-security consulting and support services are core competencies of X41.