UCL Department of Science, Technology, Engineering and Public Policy


Dr Leonie Tanczer attends the 35th Chaos Communication Congress in Leipzig

3 January 2019

From 27th-30th December 2018, the 35th Chaos Communication Congress (35c3) took place in Leipzig, Germany. Dr Leonie Tanczer presents her top five presentations from the event

This annual hacker conference organised by the German Chaos Computer Club (CCC), was held for the second time in the most populous city in the federal state of Saxony, following previous events in Hamburg and Berlin. This year, the Congress attracted more than 16.000 visitors, offered a lot of relevant introductory talks such as “How does the Internet work?”, and brought together various communities with lectures having focused on highly technical to artistic and socio-political topics.

Dr Leonie Tanczer, Lecturer in International Security and Emerging Technologies at STEaPP, attended the event which has become part of her usual end-of-year activities. She has - as in her blog post on the 34c3 back in 2017 - chosen her top five presentations which she considers worth (re-) watching:


1. Stalking, Spy Apps, Doxing: Digital Violence against Women [German with English Translation]


The blogger and digital rights activist Anne Roth discussed the risks of technology-facilitated abuse and the effects spy apps, tracking systems, but also emerging technologies such as the Internet of Things have on victims/survivors of domestic abuse. The talk referenced the “Digital Violence” resources by the German Bundesverband Frauenberatungsstellen und Frauennotrufe (bff), which is a nation-wide umbrella organisation of over 180 German support services working with women and girls. The talk very closely aligns to the ongoing “Gender and IoT” (GIoT) research project taking place at STEaPP. Its Principal Investigator, Leonie Tanczer gave a Lightning Talk at the 35c3 Congress and invited conference attendees and the wider hacker community to get involved in making digital systems less prone to such intimate forms of abuse. 


2. Hacking Vein Authentication [German with English Translation]


Two German security researchers showed in this talk how they can bypass the less known biometric vein authentication system. The latter is increasingly being used in the Asian region, but also reported to be deployed in the headquarters of Germany’s signals intelligence agency. The presenters Jan Krissler (aka starbug) and Julian Albrecht created a fake hand using wax to model the position of their veins to trick the sensor. The presentation received a lot of media attention, with outlets such as Motherboard having reported on the findings.


3. Election Cybersecurity Progress Report


J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, gave his evaluation on election security in the US and around the world. Since his last Chaos Communication Congress presentation two years ago at the 33c3, Halderman conducted further research and also held a mock election with a current US voting machine to demonstrate how cyberattacks on election infrastructure could potentially change the results of national polls. Considering the upcoming US presidential election in 2020, the talk is a total must see and follow up on his previous work on the topic such as in the context of Estonia's Internet Voting System.


4. Inside the Fake Science Factories [German with English Translation]


The Congress is also a space to discuss scientific developments, with a talk by the three investigative journalists Svea Eckert, Till Krause, and Peter Hornung uncovering the pseudo-academic publishing world. Fake journals and conference endanger scientific credibility and generate millions of dollars every year. In the course of this presentation, the presenters expose the scale and value of two fake science operations and showcase the findings, outcomes and methodology of their extensive research.


5. How Facebook Tracks You on Android

In this talk, Frederike Kaltheuner and Christopher Weatherhead from the digital rights group Privacy International looked at third party tracking on Android systems. The presenters captured and decrypted data in transit between devices and Facebook servers. It turns out that some apps (61% of 34 analysed apps) routinely send information about devices and their usage to Facebook, even for users who do not own a Facebook account or while logged out from the platform. This not only leads to the unconsented sharing of data, but also the exact profiling of users. The insights of the presentation are summarised also in a newly released report by Privacy International and offer insights into the negative consequences of digital technologies data sharing abilities.


If you would like to browse through all of this and the previous years’ talks and presentations, visit CCC’s media portal. - Get out the popcorn, sit back, learn, and enjoy!