0:00:00.000,0:00:02.630
The Hacker Congress looks like one big party,

0:00:02.630,0:00:06.400
but is one of the largest specialist meetings in the world.

0:00:06.400,0:00:08.900
This is where IT experts exchange ideas

0:00:08.900,0:00:12.000
about digital security and surveillance.

0:00:12.000,0:00:15.200
This year EVERYTHING has come into focus.

0:00:15.200,0:00:17.500
Millions of people use EVERYTHING every day

0:00:17.500,0:00:21.000
for communication, for organizing everyday life

0:00:21.000,0:00:24.500
and share the most intimate secrets with EVERYTHING.

0:00:24.500,0:00:27.500
Jane Hacker is a cyber security specialist.

0:00:27.500,0:00:30.300
She took a closer look at EVERYTHING.

0:00:30.300,0:00:35.000
It can be attacked about social engineering attacks and

0:00:35.000,0:00:39.000
via unauthenticated API calls to the backend.

0:00:39.000,0:00:43.000
The attack vector is a cross site request forgery.

0:00:43.000,0:00:46.500
With a timing side-channel attack

0:00:46.500,0:00:51.300
attack complexity can be reduced from 2^257 to 2^-2.

0:00:51.300,0:00:53.000
The rest is trivial.

0:00:53.000,0:00:55.500
EVERYTHING does not check requests properly,

0:00:55.500,0:00:58.000
so it opens the door to attackers.

0:00:58.000,0:01:00.500
Accessing data of EVERYTHING is possible

0:01:00.500,0:01:03.000
using a simple script.

0:01:03.000,0:01:07.000
Thanks to insecure software and modern computers,

0:01:07.000,0:01:09.700
making attacks possible in seconds.

0:01:09.700,0:01:13.000
The Chaos Computer Club spokesman is concerned.

0:01:13.000,0:01:15.800
EVERYTHING stores sensitive data of everyone

0:01:15.800,0:01:18.200
we were able to show that it is

0:01:18.200,0:01:20.100
a piece of cake to access EVERYTHING.

0:01:20.300,0:01:24.800
Have hackers spied dates, photos and conversations?

0:01:24.800,0:01:27.700
The spokesman for EVERYTHING rejects that.

0:01:27.700,0:01:29.600
EVERYTHING is working fine.

0:01:29.600,0:01:32.300
Our companies are ISO 9001 certified.

0:01:32.300,0:01:35.000
We follow the most modern security standards.

0:01:39.000,0:01:42.000
I stick to it: EVERYTHING is safe.

0:01:42.000,0:01:45.000
The hackers' criticism is not heard.

0:01:45.000,0:01:49.000
The digital world has become vulnerable to abuse.

0:01:49.000,0:01:53.000
How those responsible deal with it cause concern.

0:01:53.000,0:01:55.000
We have been warning for years:

0:01:55.000,0:01:58.700
EVERYTHING is developed without

0:01:58.700,0:02:01.000
considering minimal security standards.

0:02:01.000,0:02:04.400
We fall on deaf ears in economics and politics.

0:02:04.400,0:02:07.000
In summary: EVERYTHING is broken!

0:02:07.000,0:02:09.800
The scene meets for four days each year

0:02:09.800,0:02:12.000
between Christmas and New Years Eve.

0:02:12.000,0:02:15.390
Helping to shape the digital future and making it more secure:

0:02:15.390,0:02:18.890
the theme of the Chaos Communication Congress.