Twenty Year Anniversary
Showing 1 - 25 of 66 RSS Feed

Files from Matthias Deeg

First Active2014-09-01
Last Active2018-07-11
Rikki Don't Lose That Bluetooth Device
Posted Jul 11, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

In this article, the authors want to present an example of exploiting a trust relationship between two technical devices that can put the confidentiality of sensitive data or the integrity of a computer system at risk. This trust relationship they exploit exists between two Bluetooth devices: On the one side a computer system you want to remain secure and you don't want to be compromised, for example your laptop, or your smartphone, and on the other side a Bluetooth device you usually do not consider worth protecting with special diligence as it simply is an output device of a specific kind and does not persistently store any of your valuable data locally, for example headphones.

tags | paper
MD5 | ca29bc7edd73c43f926cb262ce678f74
Case Study: Security Of Modern Bluetooth Keyboards
Posted Jun 22, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

tags | paper, vulnerability
MD5 | 066966c0a18d2c6ee4c885c5fb48bd21
Microsoft Surface Hub Keyboard Replay
Posted Jan 30, 2018
Authored by Matthias Deeg

The Microsoft Surface Hub Keyboard is a wireless keyboard that can be used in combination with the digital whiteboard/collaboration system Microsoft Surface Hub. Due to an insecure implementation of the encrypted data communication, the Microsoft Surface Hub Keyboard is vulnerable to replay attacks with certain restrictions.

tags | advisory
MD5 | 514b6aba1a5ec8c2a7181198929fe797
Microsoft Windows Hello Face Authentication Bypass
Posted Dec 19, 2017
Authored by Matthias Deeg, Philipp Buchegger

Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.

tags | advisory, spoof
systems | windows
MD5 | 27d01277917e11c6b9cd575274f17600
Of Mice And Keyboards
Posted Jun 1, 2017
Authored by Matthias Deeg, Gerhard Klostermeier

Whitepaper call Of Mice and Keyboards. This write up gives you an overview on the security of modern wireless desktop sets.

tags | paper
MD5 | 82baeb29b56fe4569ce8c6faa36623bc
HP Wireless Mouse Spoofing Issue
Posted May 16, 2017
Authored by Micha Borrmann, Matthias Deeg

HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.

tags | advisory
MD5 | c2aa6929abe16f687a30bf704401e63e
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
MD5 | b293531296a344dda48b8ff307777b9b
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0047da464e35dbebfaf88dadaf2cde82
ABUS Secvest 1.01.00 Replay Issue
Posted Feb 22, 2017
Authored by Matthias Deeg

SySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will.

tags | advisory, remote, protocol
MD5 | ebfcb46164f30132e5781bd7c7528633
Blaupunkt Smart GSM Alarm SA 2500 Kit 1.0 Replay Attacks
Posted Nov 24, 2016
Authored by Matthias Deeg

Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.

tags | advisory
MD5 | eed744c98c76ab47d78d565ccfbc9dce
Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
MD5 | aef9f3339073a9ee80368ab5ac42e3e2
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
MD5 | f93defe9672b26e5f08c198f16c16202
Targus Multimedia Presentation Remote AMP09-EU Mouse Spoofing
Posted Oct 12, 2016
Authored by Matthias Deeg

Targus Multimedia Presentation Remote model AMP09-EU suffers from insufficient verification of data authenticity and mouse spoofing attack vulnerabilities.

tags | advisory, remote, spoof, vulnerability
MD5 | 6ddd04dc3e625005fec6be102a675258
Logitech Wireless Presenter R400 R-R0008 Keystroke Injection
Posted Oct 12, 2016
Authored by Matthias Deeg

Logitech Wireless Presenter R400 model R-R0008 suffers from insufficient verification of data authenticity and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | dbe8fd1e60b09a5f24e994b8e0d1ce84
Microsoft Wireless Desktop 2000 Cryptography Issues
Posted Oct 11, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.

tags | advisory
MD5 | 54d372628a150a3fca1374e2a5247216
Wireless Keyboard Set LX901 GK900 Replay Attack
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.

tags | advisory
MD5 | b2e2f5586748b67b748f9ac80253a72f
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
MD5 | b8100d53ca3844d785d9989a182491f2
Perixx PERIDUO-710W KG-1027 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 786794983fa22e6d262be85e6012d757
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 6c60fa01fe36c0ed55e8b489eff1ab20
Logitech M520 Y-R0012 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 24cbc381780c56dd465a278120f568d4
Deactivating Endpoint Protection Software In An Unauthorized Manner (Revisited)
Posted Sep 27, 2016
Authored by Matthias Deeg, Sven Freund

In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.

tags | paper, local, vulnerability, bypass
MD5 | 38830fe267b188fd72a1344628a1ad82
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
MD5 | ede1d4f2aa61104f3c3b4333be7aa391
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
Posted Jul 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.

tags | exploit, vulnerability
MD5 | 8c597da97e25637517b491380da4f20e
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
MD5 | b73986f6554a8d1cc61cf81fe43805d5
Perixx Computer PERIDUO-710W Keystroke Injection
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | d7c52d85bb5b49cc8ba2df7470e40e92
Page 1 of 3
Back123Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close