Karsten Nohl

[4] Together with Henryk Plötz and CCC Berlin's Starbug, Nohl gave a presentation in December 2007 on how the encryption algorithm used in Mifare Classic RFID smart cards was cracked.

The talk demonstrated how the system employed multiple layers of strange and obscure techniques in lieu of standard encryption and cryptographic protocols.

[9] At SIGINT-2013, Nohl gave a presentation on the insecurity of electronic car immobilizers used to prevent vehicle theft, documenting vulnerabilities in the three most widely used systems: DST40 (Texas Instruments), Hitag 2 (NXP Semiconductors) and Megamos (EM Micro).

[18][19] At Chaos Communication Camp 2011, Nohl and Luca Melette gave a presentation showing how GPRS networks do not securely encrypt their mobile traffic.

[20] The pair stated that they had recorded data transmissions in the networks of several German mobile providers, including Deutsche Telekom, O2 Germany, Vodafone and E-Plus.

[2] At both Black Hat 2013 and OHM 2013, Nohl demonstrated that many SIM cards use the outdated and insecure DES encryption, undermining the privacy and security of mobile phone users.

[21][22][23] Through "Over The Air (OTA)" communication, such as SMS messages, it is possible to provide a SIM card with updates, applications, or new encryption keys.

[22][23] Nohl generated a Rainbow Table for 56-bit DES within a year based a on specially signed error message with known plain text.

Initially designed for use on a Galaxy S2 or S3 (including root access), the app collects information on the level a mobile network secures its traffic.

The collected data can be uploaded, with the app user’s consent, to a database that evaluates the security of mobile networks worldwide, based on selected protection capability criteria.

Nohl released an updated version of the open source “Snoopsnitch” app with new features to allow users to run tests on their Android phones to check for a "patch gap" on their device.

At the 33C3, Nohl and colleagues highlighted security holes in Amadeus, Sabre, and Travelport, three of the largest Global Distribution Systems (GDS) which combined, handle approximately 90% of worldwide flight reservations and a large proportion of hotel, car rental, and other travel bookings.