Security Research Labs

Security Research Labs Hacking research and consulting think tank in Berlin and Hong Kong. SRLabs is a Berlin-based hacking research collective and consulting think tank.

We are driving security evolution, combining insights from research, industry, and the hacker community. Our consulting work contributes to strategic technology projects at Fortune500 companies where we help in understanding and mitigating risks. Our research focuses on everyday technology that expose many people to risk, most recently mobile communication and payment systems. Our goal is to fix issues before consumers are put at risk. Our lab is an open collective of like-minded thinkers.

30/08/2024

06/08/2024
👨‍🎓 Friends -- Curious about your opinion: Trying out YouTube to teach about hacking. What do you think❓
22/07/2024

👨‍🎓 Friends -- Curious about your opinion: Trying out YouTube to teach about hacking. What do you think❓

Welcome to Hacking Matters, your ultimate destination for cybersecurity education and best practices.

🔒 Mobile network operator tracking methods present privacy risks for users of 4G LTE routers, even those designed for us...
09/02/2023

🔒 Mobile network operator tracking methods present privacy risks for users of 4G LTE routers, even those designed for user anonymization. Our open-source blue merle project mitigates those affecting the GL.iNet Mudi GL-E750 router.

Tracking of the Mudi’s activity, location, and, in some cases, the identification of the purchaser is possible through the International Mobile Equipment Identity (IMEI) number, even if an anonymous SIM card is used. The storage of Basic Service Set Identifier (BSSID) and Media Access Control (MAC) addresses of connected devices also allow for activity and Wi-Fi-based location tracking. We added an IMEI, MAC and BSSID randomizer and a log wiper to mitigate these risks.

🔎 Read our latest blog post about the privacy risk assessment and blue merle's features to mitigate tracking risks here: https://www.srlabs.de/bites/blue-merle
📂 Download the open source software package on our GitHub. We are also looking forward to pull requests: https://lnkd.in/e526jw5K
📎 Find an article about why you need to change your IMEI to achieve cellular anonymity here (p. 38)https://inteltechniques.com/issues/005.pdf

Kudos to our Infrared Team for their great work.

The blue-merle package enhances anonymity and reduces forensic traceability of the GL-E750 Mudi 4G mobile wi-fi router - GitHub - srlabs/blue-merle: The blue-merle package enhances anonymity and re...

🔎 Blockchains make data verifiable and immutable. But what if the data gets added by the wrong people? 🔍We look into the...
22/03/2022

🔎 Blockchains make data verifiable and immutable. But what if the data gets added by the wrong people? 🔍

We look into the role of web applications on top of blockchains. During a recent audit, our researcher Louis found a web app vuln that allowed him to confirm and store credentials on a blockchain for account he does not own. Verifiable and imitable.

Applications interacting with blockchain networks can be an attack surface to malicious actors and therefore need to be reviewed thoroughly.

Our mobile security team looked into the Android banking Trojan FluBot and how it abuses Accessibility features to steal...
21/12/2021

Our mobile security team looked into the Android banking Trojan FluBot and how it abuses Accessibility features to steal credentials. We also added suggestions for app developers to protect their users.

By abusing Accessibility features the FluBot malware circumvents Android's permission system to steal banking credentials. We explain how FluBot does this and what app developers can do to protect their users.

Karsten spoke with Golem about the success of   security -- and how   standards may be holding it back. (Interview in Ge...
02/03/2021

Karsten spoke with Golem about the success of security -- and how standards may be holding it back. (Interview in German)

Mit dem 5G-Standard ist der Sicherheitsforscher Karsten Nohl zufrieden. Die Sicherheitsprobleme im Mobilfunk haben eine andere Ursache.

This month, SRLabs marks the end of its first decade of making our increasingly technological world more secure. What st...
27/08/2020

This month, SRLabs marks the end of its first decade of making our increasingly technological world more secure. What started as a small squad that could share a large pizza in Berlin is now an international team with offices and projects all around the world.

Check us out and see if you'd like to join the team for decade #2! We have new positions open in Berlin, Hong Kong, and Jakarta!

All Bites A decade of hacking – meet the people behind SRLabs It almost seems like eons ago when we were just some geeks having fun solving tech puzzles. We were discovering flaws in systems that we used every day. From this research, we soon realized it would be a bigger benefit for everybody if ...

Our recent Android patch analysis shows positive dynamics in the Android ecosystem since 2018. For more information on h...
22/04/2020

Our recent Android patch analysis shows positive dynamics in the Android ecosystem since 2018. For more information on how vendors are improving patching accuracy and speed, check out our blog:
https://srlabs.de/bites/android-patch-gap-2020/

Adresse

Prenzlauer Berg

Benachrichtigungen

Lassen Sie sich von uns eine E-Mail senden und seien Sie der erste der Neuigkeiten und Aktionen von Security Research Labs erfährt. Ihre E-Mail-Adresse wird nicht für andere Zwecke verwendet und Sie können sich jederzeit abmelden.

Service Kontaktieren

Nachricht an Security Research Labs senden:

Teilen