CCC: Favorite talks from 34C3

From December 27th to 30th of last year, the 34th edition of the Chaos Communication Congress (34C3) took place in Leipzig. The Congress moved out of Hamburg seeking more space in Leipzig’s Conference Center (CCL). This post lists the talks that I consider the best of this edition. As always the recordings are of very high quality thanks to the effort of the Chaos Computer Club.

Talks by category

Art & Culture

Dude, you broke the Future!

Sci-fi author Charles Stross has some very interesting thoughts about the world we live in today. One very interesting idea is how companies can be considered artificial intelligence entities that optimize costs down for specific products, and maximize benefits of shareholders, with its brain power provided by the human employees that serve its purpose.

Security

Squeezing a key through a carry bit

Filippo Valsorda discusses how the Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit. He also shows how to build a full practical key recovery attack exploiting the bug.

How to drift with any car

Guillaume Heilles (a.k.a. P1kachu) wanted to sniff the CAN traffic on his car, he discovered that the most talkative CAN buses are on 2010-ish italian cars. With all of the data exposed to him through CAN bus, he connected his car to his computer, faked an XBox360 controller and played car drifting games from the real car. Using gas pedal and steering wheel as controllers.

Console Security - Switch

plutoo, derrek and naehrwert are back this year to tell us all about how they hacked the Nintendo Switch. This is a very detailed technical talk about how the Switch is built, its attack surface, how each layer plays a role, and what are the vulnerabilities in each layer.

LatticeHacks

Daniel J. Bernstein, Nadia Heninger, and Tanja Lange made a great presentation, with a bit of math and code snippets, to teach use about lattices and why they matter. Lattices can be used for many things from generating attacks on other cryptographic methods to building new cryptography algorithms.

Are all BSDs created equally?

Ilja van Sprundel took a few months to audit the code of the three main BSD kernels (OpenBSD, FreeBSD and NetBSD) for vulnerabilities. He found out a few dozens for each kernel, this demystifies the idea that BSDs are more secure than Linux. In fact, he supports the idea that BSDs have less security bug reports because there are less eyes checking their code than Linux. He also shows that OpenBSD has a lower attack surface, while NetBSD has the biggest attack surface among the three kernels.

Ethics, Society & Politics

Social Cooling - big data’s unintended side effect

Technology critic and privacy designer, Tijmen Schep, discusses how the reputation economy is turning us into conformists. This does not only concern China, but most countries where social media is widespread and machine learning is heavily used to derive more data on users.

BGP and the Rule of Custom

Caleb James DeLisle explains the basics of the BGP protocol and how its design choices favor civil distributed systems.

Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

Veronica Valeros and Sebastian Garcia delve into a detailed review of current technology of microphone bugs, mostly commercially available devices. They also show us a tool they developed to turn Software-Defined Radios (SDRs) into microphone bug detectors with reasonably high accuracy.

Internet of Fails

A nice summary of IoT fails over the past few years by journalist Barbara Wimmer. She also argues that failure is the First Attempt In Learning (FAIL), and how we can and should learn from previous mistake to build safer connected devices.

Net Neutraliy Enforcement in the EU

A review EU law and how EU countries enforce it to keep the net neutral in EU.

Internet censorship in the Catalan referendum

An insightful summary of what happened during the Catalan referendum last year and how Spain actively censored it.

Hardware & Making

The Ultimate Apollo Guidance Computer Talk

The ultimate talk for space nerds and computer geeks about the very intringuing Apollo Guidance Computer that flew aboard the Apollo missions and managed flights and landings. Michael Steil and Christian Hessmann go into depth about the hardware, the instruction set, and software used for guidance on the Apollo missions. This is a dense technical talk, if you like it you should check out the series of ultimate computer talks at CCC they previously covered the Commodore 64 and the Game Boy.

Resilience

Deep Learning Blindspots

Katharine Jarmul discusses how we can build adversarial attacks against state of the art machine learning algorithms used by most service providers that apply machine learning to optimize user experience. This could be used for data poisoning or privacy protection.

Science

UPSat - the first open source satellite

In 6 months, space enthusiasts from the Libre Space Foundation managed to build a 2U cubesat with a scientific payload from scratch. They decided to open source it from the beginning, which makes it the first open source satellite. Their work is impressive since the satellite was functional, although its operation is limited due to some design flaws, but they built it in 6 months!

SatNOGS: Crowd-sourced satellite operations

Another interesting project from the Libre Space Foundation: a network of satellite ground stations. Based on Raspberry Pis, they built an open source ground station on which satellite observations can be scheduled and carried automatically. Data is then made available on the network for others to analyse.