Durch den Titel hätte ich NIE vermutet was hier präsentiert worden ist , wahnsinn... Danke für Eure Arbeit!

So there are RCEs not only in street lights but also in power plant controls? Excellent, I wouldn't have expected less.

"No, no, no. You can't make this public." EFR lawyers learning the Streisand effect the hard way.

What a great presentation. It demonstrates how what once started as a beautiful, simple hack (Blinkenlights) has flourished into providing tremendous value and security insights for whole cities. This is CCC at its best. Ethical, valuable and still fascinating to watch. And as educational and relevant as a presentation could possibly be. Kudos to all involved. Brilliant, exceptional work!

Danke für den guten Vortrag. Ich habe auch schon mit Freunden, die Ampelsteuerungen programmieren, gesprochen und war schockiert wie wenig das abgesichert wird.

Geiler Scheiß. Echt, danke für den Vortrag! Was ich heute gelernt habe: 1. Ich brauche nen Flipper! 2. am besten noch einen zweiten, man weiß ja nie. 3. vielleicht ausrangierte Lampenkontrollen von eBay… 4. ??? 5. Photovoltaik Besitzer hassen diesen Trick.

one of the best talks this year.

07:30 I have had to wait decades to hear this divine music again. Now, at last, I can die filled with happiness. Nein, im Ernst, großartiger Talk und eine wiederholte Demonstration, warum Open Source/Open Hardware in manchen Bereichen, auf jeden Fall in Bereichen, die als notwendige Infrastruktur angesehen werden, Pflicht sein sollte. Und selbstverständlich kann die Erfüllung dieser absoluten Notwendigkeit auch nur den ersten Schritt bedeuten.

For the long antenna idea, you CAN use a drone; all you need to do is run a pair of wires along the antenna that float the battery as it flies. This can be fed up a single co-ax to the drone using the +DC feed in the centre and shield as ground, with the shield also acting as the antenna carrying the transmission signal.

Fun Fact, this scenario has been theorised in the Book "Blackout" by Marc Elsberg... (Almost exactly the same attack, expect it was done over the wire) Quite scary stuff...

This needs to be seen by more persons in power of changing the course of the iMSys rollout. I totally afree the most valueable targets need to be protected first.

You should look at a tophat antenna. These can resonate at much lower frequencies than a vertical mast of the same height. The ARRL Antenna Book covers this design, but for a slightly higher frequency. It might be a good idea for the authorities to have some idea what a jamming or spoofing antenna might look like...

They had a security flaw, fixed it by developing a new, encrypted protocol but never used it because no client wanted to pay for it? wtf? I'm imagining websites making HTTPS and 2FA premium features to be only accessed behind a paywall...

57:00 this plan makes sense, it’s a new tech, it needs trial and deployment experience on smaller scale, then extending it to more critical systems. Imagine one bug wrecking a havoc on even 1% of the plants

Das gleiche dachte ich mir schon bei den (Gateway) Funksteckdosen welche über T...a oder S..e in der Cloud laufen. Ein Promt vom gehackten Cloud-Dienst @ 8h00 Uhr morgens "alle an" ; oder 13h00 im Sommer "alle aus" könnte sicher auch für Aufmerksamkeit sorgen. Viele dieser Geräte sitzen zwischen PV und Ladegeräte.

Cycling load or sources at an appropriate frequency could probably destabilize the algorithms that attempt to stabilize the grid. This might make it possible for a smaller transmitter to have the same impact. This really is one of those things where untill it breaks or is abused to cause some massive disruption, no one one in government will spend a plugged nickel on it. But I for one am sure that it is only a matter of time until this is used to kill thousands, assuming it hasn't already happened, perhaps in Ukraine.

Sure as heck sounds like pager POCSAG modulation, I am 8 minutes in don't spoil the suprise~

why all this complexity when a simple LDR will turn the lights on when its dark?....

Wo gibts das Flipper Plugin für die Straßenlaterne? 🪄😁

Haahahahaha, Berlin.... yeah... _but can it play Doom_ ??

The 60GW are misleading. Solar numbers can never be taken at face value, since the orientation can wildly differ and lead to the peak never being reached. Probably saying only 80% can be reached is reasonable. Another factor I can not estimate at all is how good the solar parks are connected, it could very well happen that as soon as they start to input close to peak power, they automatically shut down due to overload of something during peak production. This means on the other hand that during peak times for sure not the full 20GW are available in terms of solar, more likely 10 at best id say. And that is assuming perfect sunshine over all of europe, which is rare. Then there is the issue of wind needing to blow - usually this happens more during the winter when the solar power is way weaker. But sure, for arguments sake this is also the case, a very windy but sunny day. Again, with wind the direction needs to be taken in account, so its unlikely we will ever reach the 20GW. Heat pumps are usually used when its cold, so not very sunny. So at peak disruptible power we can say its winter since else its possible a lot of systems are disconnected from the system somehow, alternatively we can argue that either little wind or little solar is found. So we shed maybe 40GW in differential if EVERYTHING goes well, which to be honest I doubt - I would be surprised if we reached 30. Thats still a dangerous number, dont get me wrong, but its distributed. Distributed means the automatic shutdowns will absolutely work and once certain frequencies are reached, the solar parks in general shut themselves down too. The load shedding will also help a lot more than its calculated to since it will also shut down the hacked loads. In other words, I find the 60GW to be a bit too much to reasonably assume. Its a danger, no doubt, and its wild to me that EFR is not encrypted. But we can probably halve that number even on the days with the best conditions. By then its only 10% of the low number of 300GW assumed here (not saying its wrong - but during winter at its peak its 400GW and 300GW is the minimum. That is ofc different in the summer.) and can thus easily be solved by load shedding, if it doesnt solve itself with batteries that follow the frequency or other fun gadgets. Its just very distributed, so I dont think it will harm the grid THAT much in terms of too much load either? not entirely sure. What happened a few times is the grid getting ripped apart due to frequency differences, that could happen too. It could also be the last tipping point if the grid is already unstable to make it fully collapse. I dont want to downplay the risk. But the numbers dont feel reliable.

Mal wieder schlimmer als erwartet! Ließe so eine "Fernbedienung" eine persönliche "grüne Freifahrt-Welle" schalten ? (Oder demnächst als integrierte PKW Ausstattungsoption erwerben im Sinne eines PKW mit integrierter Vorfahrt?) Worse than expected! could such a remote control switch a personal traffic green phase free drive through wave ? (Or car integrated accessory option like a car with integrated right of way)

Awesome, so 60GW worth of power plants are controlled by open unauthenticated radio broadcast for who knows how long and nobody even tried to exploit that. And there is a mitigation plan somewhere in 10 years from now. Right. That's both scary and reassuring. In opposite ways. Scary because how dumb the system is. Reassuring because no "state level actor" had even thought to look at that (either has no capabilities, or desire, or just luck). Otoh, it shows much of the modern world is just hanging on a string and the fact that nobody is rocking the boat seriously. Everyone one scared of connecting infrastructure to the "scary internet with hackers", nobody scared of connecting infrastructure via RADIO WITH 1900 ERA PROTOCOL with zero audit or security

And the antennas being a problem to jamming. How likely is it the mast will be able to doge a few drones flying into it? (ukraine drone pilots have quite the skill set ive heard, on moving targets)

Warum hält man solche Vorträge auf Englisch, wenn man dann ständig deutsche Worte einstreut ohne sie zu übersetzen 😂