Press Releases
14.02.2024
Serious Vulnerability in the Internet Infrastructure
The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
20.09.2023
Hacking contest with virtual Mars mission
The National Research Center for Applied Cybersecurity, ATHENE, and the European Space Agency, ESA, are jointly launching an international hacking contest for students. Themed "PWN the Rover", teams of participants must first complete a series of hacking challenges. The eight teams that qualify in this preliminary round will then be allowed to compete in the finals at the ESA’s European Space Operations Centre (ESOC) in Darmstadt on 17 October 2023 and put their hacking skills to the test on ESA’s ExoMy 3D printed rovers. The winning team will receive attractive prizes such as Hak5 USB Rubber Duckies, participation in a practical training simulation by ESA (Ladybird Guide to Mission Operations Training) for the support of a real space mission and security training at the Fraunhofer Cyber Range, where IT teams train for the severity of a cyberattack. For more information, visit www.pwn-the-rover.space.
08.05.2023
AI against money laundering
In the fight against money laundering, established software-based detection methods work imprecisely and often raise false alarms. Consequently, investigating authorities are frequently overburdened because they must follow up on every suspicion. In the new research project MaLeFiz (Machine Learning for the Identification of Conspicuous Financial Transactions), researchers are now working on a solution that uses machine learning – an artificial intelligence technique – to improve the search for illegal money flows and make it more precise so that fewer false alarms are generated. In addition, the project partners are developing minimum requirements and control mechanisms for AI solutions used in the financial industry. Furthermore, the results of the AI are to be made traceable. Project partners are Deloitte GmbH, the Fraunhofer Institute for Secure Information Technology SIT, the Martin Luther University Halle-Wittenberg, the University of Leipzig as well as the Center for Technology and Society at TU Berlin. The MaLeFiz project is funded by the German Federal Ministry of Education and Research and will run for three years. Fraunhofer SIT is leading the project and is responsible for the development of the AI-based tool. For more information, visit www.sit.fraunhofer.de/en/malefiz.
21.04.2023
SmartID – Detect product piracy quickly
Counterfeits of high-quality products such as medicines, cosmetics, watches, or food and beverages circulate in large numbers, especially in online retail. Consumers barely have a chance to verify the authenticity of a product. In the SmartID project, scientists at Fraunhofer are now developing a counterfeit-proof barcode system for authenticity verification simply by using a smartphone without accessing a database. The team is presenting a SmartID demonstrator for the first time at the Interpack 2023 trade fair for packaging in Düsseldorf.
30.11.2022
Strengthening Hessen's Cybersecurity Research
Protecting the cybersecurity of society, business and the state, and fending off threats: That is the goal of ATHENE, the National Research Center for Applied Cybersecurity. Through its research and development, Goethe University now is contributing to Europe's largest cybersecurity research center.
11.10.2022
Document protection with colorful barcode
The Fraunhofer Institute for Secure Information Technology SIT presents a new solution for protection against document forgery at itsa fair in Nuremberg. The digitized world offers plenty of opportunities for fraud, and every year German companies incur huge losses as a result. With the new DocSeal solution of Fraunhofer SIT, companies and public authorities can quickly and easily provide digital documents and paper documents with forgery protection. For this purpose, a colorful barcode (JAB code) is printed on the document, which records important document contents and their placement in the document in a tamper-proof manner. An app can then be used to check document authenticity and automatically detect tampering. To use DocSeal, one does not need Internet access or a central database. All the necessary information is stored directly in the colorful barcode. The barcode technology is ISO-standardized and open source. The solution was developed within ATHENE research center. For more information, visit www.sit.fraunhofer.de/docseal.
04.10.2022
Mechanism for Internet security broken
The National research center for Cybersecurity ATHENE has found a way to break one of the basic mechanisms used to secure Internet traffic. The mechanism, called RPKI, is actually designed to prevent cybercriminals or government attackers from diverting traffic on the Internet. Such redirections are surprisingly common on the Internet, e.g., for espionage or through misconfigurations. The ATHENE scientist team of Prof. Dr. Haya Shulman showed that attackers can completely bypass the security mechanism without the affected network operators being able to detect this. According to analyses by the ATHENE team, popular implementations of RPKI worldwide were vulnerable by early 2021. The team informed the manufacturers, and now presented the findings to the international expert public.
16.09.2021
Study: IT security for electric cars in China
The world's largest automotive market, China, is experiencing high growth rates for electric cars. In order to successfully compete in China, international automakers must comply with Chinese cybersecurity, cryptography and data security regulations. Fraunhofer SIT and Fraunhofer Singapore have summarized these in a joint study: It contains an overview of laws and regulations, including the responsible institutions in China, since 2015. The study also addresses research and development facilities as well as standardization authorities. The study is available for download free of charge at www.sit.fraunhofer.de/NEVChinaSurvey.
15.09.2021
Original or fake? Counterfeit-proof and unique identification shows authenticity of products
Counterfeit-proof product protection and resilient supply chains are the goals of the Fraunhofer SmartID project. The Fraunhofer Institutes for Applied Polymer Research IAP, for Secure Information Technology SIT and for Open Communication Systems FOKUS are developing a novel marking system that can determine the authenticity of products via smart devices even while being offline, i.e. without access to a database. SmartID will be embedded in existing track & trace infrastructures and can be printed on products or their packaging using commercially available printing processes.
13.07.2021
Celebrating the winners of the first Fraunhofer CyberStar Award
The winners of the first Fraunhofer CyberStar Award (FCSA) were announced today: They are Eyal Ronen, Ph.D., from the Tel Aviv University and Anatoly Shusterman from the Ben-Gurion University. The Fraunhofer CyberStar Award promotes excellent graduates in applied cybersecurity and their thesis. The award ceremony took place as part of the first German-Israeli Cyber Conference and was held online. It was supported by high-level speakers from both Israel and Germany such as Yigal Unna, Director General of the Israel National Cyber Directorate, Arne Schönbohm, the President of Germany’s Federal Office of Information Security, and other well-known cybersecurity experts. The conference was opened by Susanne Wasum-Rainer, the German Ambassador in Tel Aviv, and Jeremy Nissim Issacharoff, the Israeli Ambassador in Berlin. The conference was chaired by Haya Shulman.
29.06.2021
Fraunhofer researchers hack Bluetooth locks from Tapplock
A homemade directional antenna made of potato chip cans and two commercially available mini-computers are enough to hack Bluetooth locks made by the US manufacturer Tapplock in seconds, as proven by researchers at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt. The manufacturer was informed about the vulnerabilities and has since fixed them in one of its models.
18.06.2021
ESORICS – this year with exclusive run-up tutorials
This year's ESORICS – European Symposium on Research in Computer Security – will be held virtually. For the first time it will start with monthly tutorials in advance. The first two tutorials will be free of charge. The tutorial series will start at the end of June with cybersecurity expert Dr. Yossi Oren from Ben-Gurion University in Israel. More information and registration: https://esorics2021.athene-center.de/
12.02.2021
Fraunhofer researcher wins German IT Security Award
Dr. Haya Shulman wins first place in the 8th German IT Security Award, securing prize money of 100,000 euros. The prize is awarded by the Horst Görtz Foundation and is considered the most prestigious and highest endowed prize for IT security in Germany.
05.11.2020
AI helps to detect illegal cultural assets
A key challenge in combating the illegal trade in stolen cultural goods is that illegally traded objects are difficult to identify. The KIKu project – a German acronym for Artificial Intelligence for Cultural Property Protection – aims to facilitate the work of the responsible authorities, especially customs and police, and is funded by the Federal Government Commissioner for Culture and the Media. To this end, the Fraunhofer Institute for Secure Information Technology SIT and cosee GmbH are developing an app that can use artificial intelligence to provide automated information on whether, for example, an antique vase or statue could have come from a looted dig or was otherwise illegally acquired. The project was presented on November 4th, 2020 to numerous relevant actors in the field of cultural property protection from Germany and the EU, who met at the invitation of the Minister of State for Culture Monika Grütters for the 7th EU CULTNET meeting in the context of the German EU Council Presidency.
17.07.2020
Conference radar for cybersecurity
Starting immediately, the National Research Center for Applied Cybersecurity ATHENE offers a wide-ranging overview of the most important scientific conferences in the fields of cybersecurity and data protection at https://www.athene-center.de/cfp. Currently, the list includes more than 100 events and it can be filtered by event dates and submission deadlines. Additional filtering options allow for quickly finding suitable publication opportunities of various research topics, while taking into account the scientific reputation of each event listed.
26.06.2020
Color barcode becomes ISO standard
JAB-Code, the color barcode of the Fraunhofer Institute for Secure Information Technology SIT, is on the way to becoming an international ISO standard. JAB-Code – Just Another Barcode – is to be brought to a full ISO standard by 2022. The globally uniform rules for data formats and their use in practice provide both device manufacturers and user companies with planning security for innovative developments – an important prerequisite for the successful dissemination of JAB-Code in industry. The advantage of the color code compared to the common black and white barcodes is that it can store much more data in the same space. Besides securing job certificates, training certificates and last wills, JAB-Code can also provide proof of authenticity for products. JAB-Code is not subject to licensing. It is open source and ready to be put into practice. To test the color barcode, go to www.jabcode.org.
24.10.2019
New code scanner finds software vulnerabilities without source code
Errors and vulnerabilities in software cause damage running into billions, can ruin a company's reputation and, in the worst case, endanger the safety of people. That's why the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt developed VUSC – the code scanner. VUSC (for VUlnerability SCanner) helps companies and developers to detect vulnerabilities in code within minutes. VUSC does not require any source code for this. The code scanner works on premises in a data protection-friendly manner.
07.10.2019
Fraunhofer SIT Finds Serious Security Flaws in TwitterKit for iOS
The Fraunhofer Institute for Secure Information Technology SIT in Darmstadt has discovered serious flaws in the TwitterKit for iOS 3.4.2 that can result in account abuse and data loss. The TwitterKit is an end-of-life software library that is no longer updated but is still used in apps. The Fraunhofer researchers urge app developers to stop using the TwitterKit for iOS app developments and to replace it in existing apps. Technical details about the vulnerability can be found here: www.sit.fraunhofer.de/cve.
14.08.2019
Danger over the phone
Hackers can access sensitive data and services also via telephone devices: Most companies use VoIP telephones that are integrated into the company network. Security researchers at the Fraunhofer Institute for Secure Information Technology have found a total of 40 partly serious vulnerabilities in these VoIP telephones. Attackers can misuse these gaps to intercept calls, deactivate the telephone or gain further access to the company network via weak points in the device. The VoIP telephones producers have by now closed these vulnerabilities. Users are strongly recommended to install the appropriate updates of the device’s firmware. Further technical details on the vulnerabilities can be found at www.sit.fraunhofer.de/cve . The researchers presented the results of their investigations at DEFCON, one of the world’s largest hacker conferences.
08.07.2019
Innovations for more Cyber Security
The second round of the Hessian-Israeli Partnership Accelerator (HIPA) was concluded with a final event on the panorama floor of the Commerzbank headquarters in Frankfurt/Main. Three German-Israeli teams presented their research results to around 80 guests from international politics and the financial and cyber security sectors, including Sandra Simovich, Consul General of the State of Israel, Dr. Stefan Heck, State Secretary in the Hessian Ministry of the Interior, and Jörg Hessenmüller, COO and member of the Board of Managing Directors of Commerzbank AG.
20.05.2019
Two Fraunhofer Project Centers opened in Israel
The Fraunhofer-Gesellschaft is collaborating globally with excellent partners to create synergies for research and to build bridges to regional markets. With this in mind, two new Project Centers were opened in Israel on May 21 during a ceremony at the Hebrew University of Jerusalem: The “Fraunhofer Project Center for Cybersecurity at The Hebrew University of Jerusalem” and the “Fraunhofer Project Center for Drug Discovery and Delivery at The Hebrew University of Jerusalem”. The two Project Centers combine the expertise of the Israeli partners from the Hebrew University of Jerusalem (HUJI) with the competencies of the Fraunhofer Institute for Secure Information Technology SIT and the Fraunhofer Institute for Interfacial Engineering and Biotechnology IGB and are the first project centers of the Fraunhofer-Gesellschaft in Israel.
07.09.2018
Fraunhofer research team demonstrates how to subvert the most popular method for issuing web certificates
A research team at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, Germany, has found a way to issue fraudulent website certificates that are used to ensure trustworthiness of Internet domains. The team lead by Dr. Haya Shulman has shown that the weakness in the domain validation can be exploited in real life and that the security of Internet infrastructures needs to be improved. To do so the researchers have informed Web CAs (Certificate Authorities) and suggest a new implementation that Web CAs may use to mitigate the attack. Further information at https://www.sit.fraunhofer.de/en/dvpp/
16.08.2018
Infineon enables open source software stack for TPM 2.0
Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) has enabled a new open source software stack. It makes work easier for developers who want to use the Trusted Platform Module (TPM) 2.0 – a standardized hardware-based security solution for securing industrial, automotive and other applications such as network equipment.
09.08.2018
Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps
Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.
23.05.2018
Automated electric mobility: The research project iKoPA presents architecture for secure and privacy-aware mobility services.
The project partners of the research project integrated communications platform for automated electric vehicles (iKoPA) presented on May 23, 2018 in Merzig the technical groundwork for a communications system that will accelerate the implementation of mobility services for automated electric mobility by simple, secure and privacy-aware concepts. Technologies that have been advanced by the project were presented during demonstration drives.
05.04.2018
Freezing the Web
Everybody, who uses the Internet, is familiar with the problem: you need information of a web site urgently, want to make a booking or an online-purchase, but the required web site does not load. Common measures, such as restarting your computer or checking the WiFi connection, are not always successful, sometimes it also helps to wait for some time and then try again. Scientists at the Center for Research in Security and Privacy, CRISP demonstrate that malicious intentions may cause such scenarios.
21.03.2018
Transparent IT Production for Digital Sovereignty
Whether in the automotive, the energy or the financial sector: information technology is increasingly penetrating all aspects of life. At the same time, security gaps in closed hardware and software produced in globalised supply chains are becoming increasingly incalculable. This is the result reached by IT security experts from the Karlsruhe Institute of Technology (KIT), Fraunhofer Institute for Secure Information Technology, Fraunhofer Singapore, RheinMain University of Applied Sciences, and Technical University of Berlin.
20.03.2018
Next Generation Cryptography
Whether online-banking or blockchain – most IT security mechanisms for protecting data and digital communication are based on cryptography. Quantum computers and new forms of attacks are threatening many of these IT security mechanisms. How businesses and society can protect the cyber world from such devastating threats in the future was discussed by experts from business, research, and politics at the “Eberbacher Gespräch” on “Next Generation Cryptography”. The experts’ opinion: Cryptography must become more flexible in order to be able to react quickly to technical changes. If this does not happen soon, the cyber world could experience a security meltdown.
10.01.2018
German-Israeli Partnership Accelerator presents new ideas and solutions in Cybersecurity
Verification of Cloud Services, Internet Security and Protection of Spam and DoS attacks: Cyersecurity premiere of HIPA - Hessian-Israeli Partnership Accelerator
14.11.2017
Fraunhofer SIT launches the first German-Israeli cyber security accelerator
Boris Rhein, the Hessian Minister of Science, and Yigal Unna, Chief Technologist for cyber security of the Israeli government, have launched the Hessian-Israeli Partnership Accelerator (HIPA) for Cybersecurity.
06.06.2017
NTU and Germany’s Fraunhofer launch new institute to develop digital solutions for the industry
Nanyang Technological University, Singapore (NTU Singapore) and FraunhoferGesellschaft (Fraunhofer), a renowned German institution for applied research, are launching a research institute to develop digital technologies to help companies move into the digital era and remain competitive.
03.04.2017
New security procedures secure the intelligent factory
At the Hannover Messe from April 24 to 28, 2017, Fraunhofer researchers will present two new procedures for the protection of Industrie 4.0 production facilities (Hall 2, Booth C16/C22): here, a self-learning system recognizes security incidents in manufacturing facilities without knowledge of the underlying system architecture. Hardware-based security modules report manipulation tests on machines and components.
28.02.2017
Many Android password managers insecure
The Fraunhofer Institute for Secure Information Technology SIT has identified serious security gaps in Android's password apps. In many of the most popular password managers, cybercriminals could easily gain access to protected information, for example, if the attacker is on the same network. The manufacturers were informed and have corrected the vulnerabilities. However, users should ensure that they are using the updated app version.
08.06.2016
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
The Fraunhofer Institute for Secure Information Technology has discovered severe security vulnerabilities in security apps for Android. These vulnerabilities can be exploited to turn such apps into attack tools, taking control of smartphones and then extorting their owners financially. “According to our estimates, up to 675 million devices worldwide could be affected,” says Michael Waidner, director of Fraunhofer SIT.
10.03.2016
Analysis tool for Android apps
Fraunhofer Institute for Secure Information Technology SIT presents CodeInspect at CeBIT, a new tool for analyzing Android apps. With CodeInspect, companies can track vulnerabilities and malware in the compiled program code very quickly; library developers can analyze their library to identify software defects. Fraunhofer SIT demonstrates the ready-to-use tool at CeBIT in Hanover from March 14 to 18 in hall 6 at stand B36. More information on the technology and product trials are available at https://codeinspect.de .
19.11.2015
TrueCrypt is safer than expected
Fraunhofer experts analyze the widespread encryption software and classify it as relatively safe
21.10.2015
German and Israeli Research Leaders Join Forces to Launch Global Cybersecurity Center
The Hebrew University of Jerusalem and Fraunhofer SIT, Germany’s leading institute for applied cybersecurity research, agreed to jointly create a project center for cybersecurity in Jerusalem
05.10.2015
Enterprise Mobility Management Using App Security Information
Fraunhofer app security check integrated into MobileIron: EMM customers have easy access to the latest app security assessments
09.06.2015
German-Israeli Platform for Defensive Cybersecurity Research
Israeli Ambassador Yakov Hadas-Handelsman visits Fraunhofer SIT in Darmstadt. German-Israeli research activities aim at improving security of the Internet, Critical Infrastructures, Cyberphysical Systems, Cloud Computing, Big Data and Business Software. Key Actors meet at Cybersecurity Innovation Workshop in Tel Aviv at the End of June.
26.05.2015
Technische Universität Darmstadt and Fraunhofer SIT: App Data Vulnerability Threatens Millions of Users
Developers Misuse Authentication for Cloud Services leaving Millions of Data Sets open to Attacks.
16.03.2015
Encryption for everyone
In the wake of the revelations that intelligence agencies have been engaged in mass surveillance activities, both industry and society at large are looking for practicable encryption solutions that protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user friendly enough. Fraunhofer has launched an open initiative called “Volksverschlüsselung” with the aim of bringing end-to-end encryption to the masses. Fraunhofer researchers will be presenting a prototype of their easy-to-use software and the infrastructure concept behind it at CeBIT 2015 (Hall 9, Booth E40).
11.03.2015
Harvester Wakes “Sleeper” Malware
Hackers and cyber criminals are using “sleeper” malware more and more to hide malicious code for mobile devices in apps. This “sleeper” malware does nothing initially. After a certain amount of time or predetermined action, though, it becomes active - making its recognition very difficult. Therefore, security researchers at the TU Darmstadt and Fraunhofer Institute for Secure Information Technology have developed the analysis tool Harvester, which helps security analysts uncover malicious “sleeper” code in Android apps within minutes.
07.10.2014
Fraunhofer SIT and Arkoon Netasq team up to provide better protection against advanced persistent cyber threats
The Fraunhofer Institute for Secure Information Technology SIT and Arkoon Netasq, a subsidiary of Airbus Defence and Space, have jointly developed Hash Guard, a proof of concept for protecting enterprises against widespread pass-the-hash attacks, as part of a new cooperation agreement.
07.03.2014
Auto-Correction for Software Developers
Fraunhofer SIT has published a vulnerability scanner for Android, allowing app developers to find and close a frequently occurring SSL security gap automatically.
09.12.2013
Massive Security Issues with Apps
Many popular android apps, including those from banks, publishers, and other large organisations, pose massive security issues. This is the conclusion reached by researchers in the test-lab at Fraunhofer Institute for Secure Information Technology in Darmstadt.
24.09.2013
Eavesdropping protection in a box
it-sa 2013: The "Secure VPN GovNet Box" from NCP and Fraunhofer SIT has just obtained German Federal Office for Information Security (BSI) approval for governmental use. This hardware solution encrypts Internet connections between two sites and protects against eavesdropping.
01.07.2013
App security testing tool
Most apps, be they for internet shopping, gaming or social networking, are aimed at private users. But there are hidden risks for businesses. A new test framework will help to uncover gaps in app security and detect malware.
15.02.2013
Mobile Access to Encrypted Cloud Storage
OmniCloud enables secure mobile access to critical business data in the cloud – Fraunhofer SIT demonstrates the new version of cloud storage enhancement (Hall 9, stand E08).
12.02.2013
Security Solution BizzTrust Makes Devices Simultaneously and Securely Available for Private and Business Use
CeBIT 2013: Innovative security solution separates business and private data and services on Android devices and protects against attacks on company infrastructure
02.01.2013
Turning smartphones into secure and versatile keys
It’s already possible to open doors using an app – but we are a long way from seeing widespread acceptance of this in the market. Now, researchers have developed a piece of software that will make the technology even more secure and versatile.