BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.c3voc.de//camp2023//speaker//NLE8H3
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-camp2023-DA8G9D@pretalx.c3voc.de
DTSTART;TZID=CET:20230815T143000
DTEND;TZID=CET:20230815T151500
DESCRIPTION:Hardware FIDO U2F tokens are security devices which are meant t
 o defend user second factor keys from physical and remote attacks.\nIn thi
 s presentation different security features and implemented by FIDO U2F tok
 ens and how they are meant to protect a user from various attack scenarios
 .\nWe will focus on the open source implementation of FIDO U2F token devel
 oped and Common Criteria certified by Federal Office for Information Secur
 ity (BSI).\nHaving access not only to the source code of the token applet\
 , but the certification documents as well gives a unique opportunity of \n
 Finally\, a design flaw in the solution is discussed (CVE-2022-33172) and 
 an attack on hardware token security feature will be presented\, which cou
 ld allow an attacker in control of user PC to fake user presence and execu
 te a number of unauthorized sensitive operations.
DTSTAMP:20260316T090942Z
LOCATION:Milliways
SUMMARY:What de.fac2? Attacking an opensource U2F device in 30 minutes or l
 ess - Sergei Volokitin
URL:https://pretalx.c3voc.de/camp2023/talk/DA8G9D/
END:VEVENT
END:VCALENDAR