One of Fabian Bräunlein’s first hacks (of the ones which he is willing to share with me) is from when he was 15 years old. With the help of a friend, he successfully hacked into their school’s network in Weissenburg, Bavaria.
He was almost expelled from the school district, but managed to get off with only a 6-month computer ban, he says with a smirk.
After finishing his studies in IT Systems Engineering at the Hasso Plattner Institute in Potsdam, Bräunlein’s continuing desire to outwit, outmaneuver and outthink others, brought him to Security Research Labs (SRL), a young Berlin-based hacking research and consultancy firm.
Bräunlein is one of 20 researchers who look for vulnerabilities in telecommunications, hardware devices, access cards and encryption software at their fifth-floor office in Mitte. Another five colleagues work out of their Hong Kong office.
“To find vulnerabilities you need to understand [the technology] better than the people that build it,” the 22-year-old says. The ability to outwit the creators is what brings the industry forward: “You need to be curious and playful to be a great hacker.”
Some of SRL’s research is also focused on legacy systems, like in banking and the travel industry. Legacy systems were built in another time and are often not updated to meet today’s security best practices, he tells the Heureka.” In combination with its complexity and interconnection this gives huge room for security vulnerabilities,” Bräunlein says.
One major project at SRL, for example, looked into booking systems that disclose travelers’ private information. And all you need is their last name and a 6-digit booking code, that many people unwittingly post on social media channels.
Ждём ???? #airport #flight #travel #around #moment #trip #boardingpass #lovesmile
Ein Beitrag geteilt von Evgenia Shumilina (@shumilinaaa) am
Anyone savvy with this information could potentially steal flights, frequent flyer information or private information, like passport details, phone number and travel dates.
This is just one example of security weaknesses the SRL team has detected.
And everyone at SRL is happy to spend their days digging to identify these vulnerabilities and letting industry players know what they should do about it.
New projects are approached like Christmas, Bräunlein says. “Everyone gathers around when something arrives.”
“[They] pack it out, plug it in – and can’t wait to see what it does.”