1 00:00:00,000 --> 00:00:02,630 The Hacker Congress looks like one big party, 2 00:00:02,630 --> 00:00:06,400 but is one of the largest specialist meetings in the world. 3 00:00:06,400 --> 00:00:08,900 This is where IT experts exchange ideas 4 00:00:08,900 --> 00:00:12,000 about digital security and surveillance. 5 00:00:12,000 --> 00:00:15,200 This year EVERYTHING has come into focus. 6 00:00:15,200 --> 00:00:17,500 Millions of people use EVERYTHING every day 7 00:00:17,500 --> 00:00:21,000 for communication, for organizing everyday life 8 00:00:21,000 --> 00:00:24,500 and share the most intimate secrets with EVERYTHING. 9 00:00:24,500 --> 00:00:27,500 Jane Hacker is a cyber security specialist. 10 00:00:27,500 --> 00:00:30,300 She took a closer look at EVERYTHING. 11 00:00:30,300 --> 00:00:35,000 It can be attacked about social engineering attacks and 12 00:00:35,000 --> 00:00:39,000 via unauthenticated API calls to the backend. 13 00:00:39,000 --> 00:00:43,000 The attack vector is a cross site request forgery. 14 00:00:43,000 --> 00:00:46,500 With a timing side-channel attack 15 00:00:46,500 --> 00:00:51,300 attack complexity can be reduced from 2^257 to 2^-2. 16 00:00:51,300 --> 00:00:53,000 The rest is trivial. 17 00:00:53,000 --> 00:00:55,500 EVERYTHING does not check requests properly, 18 00:00:55,500 --> 00:00:58,000 so it opens the door to attackers. 19 00:00:58,000 --> 00:01:00,500 Accessing data of EVERYTHING is possible 20 00:01:00,500 --> 00:01:03,000 using a simple script. 21 00:01:03,000 --> 00:01:07,000 Thanks to insecure software and modern computers, 22 00:01:07,000 --> 00:01:09,700 making attacks possible in seconds. 23 00:01:09,700 --> 00:01:13,000 The Chaos Computer Club spokesman is concerned. 24 00:01:13,000 --> 00:01:15,800 EVERYTHING stores sensitive data of everyone 25 00:01:15,800 --> 00:01:18,200 we were able to show that it is 26 00:01:18,200 --> 00:01:20,100 a piece of cake to access EVERYTHING. 27 00:01:20,300 --> 00:01:24,800 Have hackers spied dates, photos and conversations? 28 00:01:24,800 --> 00:01:27,700 The spokesman for EVERYTHING rejects that. 29 00:01:27,700 --> 00:01:29,600 EVERYTHING is working fine. 30 00:01:29,600 --> 00:01:32,300 Our companies are ISO 9001 certified. 31 00:01:32,300 --> 00:01:35,000 We follow the most modern security standards. 32 00:01:39,000 --> 00:01:42,000 I stick to it: EVERYTHING is safe. 33 00:01:42,000 --> 00:01:45,000 The hackers' criticism is not heard. 34 00:01:45,000 --> 00:01:49,000 The digital world has become vulnerable to abuse. 35 00:01:49,000 --> 00:01:53,000 How those responsible deal with it cause concern. 36 00:01:53,000 --> 00:01:55,000 We have been warning for years: 37 00:01:55,000 --> 00:01:58,700 EVERYTHING is developed without 38 00:01:58,700 --> 00:02:01,000 considering minimal security standards. 39 00:02:01,000 --> 00:02:04,400 We fall on deaf ears in economics and politics. 40 00:02:04,400 --> 00:02:07,000 In summary: EVERYTHING is broken! 41 00:02:07,000 --> 00:02:09,800 The scene meets for four days each year 42 00:02:09,800 --> 00:02:12,000 between Christmas and New Years Eve. 43 00:02:12,000 --> 00:02:15,390 Helping to shape the digital future and making it more secure: 44 00:02:15,390 --> 00:02:18,890 the theme of the Chaos Communication Congress.