The time had come to turn a passion into a profession and become a company. Client work started right away and the first SRLabs research release shows how GSM communication can be intercepted cheaply.
After breaking GSM, we found weaknesses in the 2G mobile data encryption and developed an open source radio sniffer based on cheap feature phones.
We release gsmmap.org to track the security of mobile networks globally. Our client projects in Europe and the US focus on chip security and security maturity checks.
At BlackHat Luca and Karsten showcase and demonstrate how a phone’s encryption keys can be leaked via the SIM card; by simply sending a specially crafted message the target’s phone.
We started our journey to ramp up the security team for one of the largest telecommunications companies in the world - Reliance Jio in India. That same year, Karsten and Jakob presented BadUSB at BlackHat.
SRL publishes research on flaws in payment terminals that lead to merchant abuse.
Found major flaws in SS7, mobile interconnect protocol, showing that calls and SMS can be remotely intercepted from any part of the world.
Found hidden risks in cloud connected IP cameras. Successfully studied in reaching 100 million subscribers for Jio and establishing the team for Jio.
We expanded deeper into financial institutes and the banking sector.
As soon as Google and a group of mobile operators launched RCS (next generation messaging service), we found critical vulnerabilities allowing to steal OTP codes. In parallel, we supported the launch of first fully virtualized telco network in Japan - Rakuten Mobile.
To better cater to our clients’ needs, we developed our first product which aggregates all vulnerability information across an organisation Autobahn.security.
After identifying severe vulnerabilities in the most common blockchain framework, we intensified our efforts to make the blockchain ecosystem more secure by collaborating with most important players worldwide.
Hacking mobile networks has gotten a lot more interesting with 5G and Open RAN, while securing 5G deployments, we identified standard IT vulnerabilities reappear in modern 5G clouds.
With ransomware as an increasing threat, we investigated some threat actors and developed a decrypter for BlackBasta.
We infiltrated a large-scale fraud operation with thousands of fake shops harvesting credit card data: #bogusbazaar. We also released Certiception, our ADCS honeypot. Most importantly, we joined Allurity, a premier collective of top-tier IT security service providers.
