Many devices and services of daily life process sensitive data or perform security-critical operations. Mobile devices in particular have access to the user's location, payment data (mobile payment) or text messages at any time. It is essential for the user that this data does not fall into the hands of unauthorized persons. From only a few data points, unique identifiers for devices and users can be derived, which can be linked to other data sources. Location data allow conclusions to be drawn about the user's place of work and residence and thus, by means of statistical data, about income and living conditions.
In this whitepaper we summarize the security analyses of the offensive security group TeamSIK at Fraunhofer SIT from the last four years, draw comparisons between vulnerabilities from different domains and years and derive suggestions for the improvement of IT security.
A document on this subject is available in German. Would you like to read it? Switch to the German view.