35C3 – Moving sofas, intelligent light bulbs and government birds

For the 35th time, the Chaos Computer Club hosted the biggest hacker meeting in Europe - the Chaos Communication Congress, abbreviated to 35C3. This year, the slogan was "Refreshing Memories", to recall the previous annual meetings. The number of visitors is growing year on year, with around 17,000 guests attending this year's congress in Leipzig. Of course, those of us in the InfoGuard Red Team were there day and night. In this article, I will be giving you an insight into the fascinating world of the 35C3 and introducing you to our Top 9 Talks.

The 35th Chaos Communication Congress - far more than "just" lectures

35c3-ccc-infoguard-4-enAs well as lectures, at 35C3 this year there was again a huge hall filled with what are known as assemblies. These are booths where you can discover, learn and experiment. For example, you could try your hand at cracking a lock, brewing your own beer or just doing some soldering on a whim. The hacking atmosphere was complemented by impressive light installations, projectors and evocative 8-bit music. Of course, the large congress halls provide a lot of space, which is why there were so many different forms of art to be admired, with a robotic beetle that trudged along a chain in a circle and could be reprogrammed by visitors, a neural network that reacted to sound and pulsated brightly, or even tents where you could rest and recharge your batteries.

35c3-ccc-infoguard-7-enSome visitors had even brought their own electric vehicles with them for getting them from A to B as quickly as possible (or to save their own internal batteries!). Among these, there were hoverboards, scooters decorated with LEDs and even totally homemade vehicles, like driveable sofas. Vehicles were parked all over the place and they were not locked - that was just unnecessary. At 35C3, friendly, respectful cooperation is a given.

Of course, the Congress's own "meme" had to be included. In the course of the first day, more and more notes appeared with the words: “Birds aren’t real – Wake up 35C3”, wake up people, they are the surveillance drones of the state”. This reference to conspiracy theories about government surveillance drones escalated over the four days, taking every possible guise.



The Top 9 Talks at 35C3

This year, the congress covered a very broad spectrum with over 160 lectures, ranging from highly technical talks like iOS Jailbreaking to discussions on ethical and moral topics around hacking, to cyber Slam poetry. Many of the lectures were specifically aimed at beginners in order to give future Infosec experts an intelligible insight into the world of hacking. Of course, we could not attend all the talks.

Everything can be hacked - just don't get caught

There was a crash course in Operations Security (OpSec) and how as a hacker to avoid going to prison. The lecture focused on the risks of "hacker sports" and how young hackers can benefit from the mistakes of others. The bottom line is - stay away from cyber crime. In any case, Bitcoin is currently in the doldrums.

Watch the Video


Hacker ethics – an introduction

This talk was supplementary to the OpSec talk, which made it all even more exciting. Frank Rieger talked about vital questions that hackers should be asking themselves when they are doing “what they love best". A talk that definitely made you think!

Watch the Video

Smart Home – Smart Hack

IoT (Internet of Things) remains a thorn in the side of security experts - and rightly so, as this talk showed. If you think a "smart" light bulb is harmless, you should definitely watch this talk.

Watch the Video

Compromising online accounts by cracking voicemail systems

Martin Vigo showed that voicemail is still a relevant attack vector, even after 30 years. Among other things, he demonstrated how a WhatsApp account can be transferred via voicemail.

Watch the Video

Switzerland: Network policy between Lake Constance and the Matterhorn

A review of the 2018 network policy year in Switzerland. Topics such as mass monitoring, network blocking and, of course, e-voting were covered. The following topics were also discussed: Which issues will be of interest to Switzerland in 2019?

Watch the Video

All Your Health Records Belong To Us

"As secure as online banking": The electronic patient file is coming - for everyone. Using five concrete examples, it was demonstrated how hugely thoughtless decisions were being made by online platforms and apps in the health records sector and how easy it is to gain mass access to confidential health data.

Watch the Video 

Security Nightmares 0×13

What's so good about mistakes? You learn from them. A very entertaining lecture about the (wrong) developments and news of last year.

Watch the Video


The Layman’s Guide to Zero-Day Engineering

Over and over again you hear about mysterious "Zero-Days", although very few people can imagine what the process behind it is. In this talk, Ret2 Systems explained their process of zero-day-engineering on the basis of a case study.

Watch the Video

What the flag is CTF?

The gaming concept of the traditional terrain game "Capture the Flag" (CTF) is widely used in computer games - and obviously also in the hacker scene. Usually, several teams compete against each other and try to defend their own network within a given period of time. Points are awarded for successful defence as well as for successful attacks. A more detailed explanation of Capture the Flag was given in this talk, as well as why you should take a look at it in your spare time.

Watch the Video

35C3 – a review of the four best hacker days

For me as a Pentest newcomer, it was extremely impressive to see how huge the Infosec area is and what exciting subjects there are all around it. It was also very nice to see the respectful way people worked together. For example, I was given a "consolation crane" (an origami bird) because unfortunately, I couldn't find a seat in a full hall.

Will we be attending the Chaos Communication Congress again next year? Absolutely! But I will definitely take a laptop with me to take part in the internal CTF and conquer flags - my fingers are already getting itchy.

Always stay up-to-date!

You don't want to miss another post? Then subscribe to our blog updates! Receive the latest blog posts weekly from our Cyber Security experts conveniently in your inbox. Subscribe now!

Subscribe to blog updates now!

Image source:

Cover image: Florian Kleiner, Flickr ( 
Image 1: Yves Sorge, Flickr (
Image 2: Waithamai, Flickr ( 
Image 3: Leah Oswald, Flickr (

<< >>

Cyber Security

David Haas
About the author / David Haas

InfoGuard AG - David Haas, Penetration Tester / Cyber Security Analyst

More articles from David Haas

Related articles
Cyber Security Blog

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media