KRACK: Vulnerability in WPA2 protocol (WLAN security hole)

18 October 2017 / From Johannes Domke / News / Post a comment

KRACK is the name of a current WLAN security gap that results from a vulnerability in the WPA2 protocol. The abbreviation stands for Wi-Fi Protected Access 2 and thus actually for a security standard in Wifi networks of the standards IEEE 802.11a, b, g, n and ac. However, an update of this security protocol now seems to be necessary - because a KRACK attack, according to many sources, can be done by every single WLAN Device. In this post I would like to explain the topic a little more.

KRACK is a weak point in the WPA2 security standard for wireless networks. The WLAN vulnerability affects every device. You can find safety tips, details and Apple's statement on the subject here.

Chapter in this post:

1 All routers affected by the KRACK vulnerability
2 What can happen to me as a user in the event of an attack?
3 What is the solution to the problem?
4 What should I do, how do I stay safe?
5 Is KRACK dangerous for macOS, iOS, watchOS, and tvOS?
6 Spatial proximity: the most important requirement
7 Similar posts

Sir Apfelot recommendation: Clean up your Mac hard drive with CleanMyMac

All routers affected by the KRACK vulnerability

The risk is independent of the WLAN router used or the device that is dialed into the corresponding wireless network. The security gap is in the WPA2 security standard, which is used around the world and pretty much everywhere. This is actually used for encryption, but can be attacked and used as access to the individual devices. The dangers here are espionage, the placement of malware by attackers and the like.

What can happen to me as a user in the event of an attack?

As mentioned, attackers could use malware (viruses, Trojans, Ransomware, etc.) on the device used. Passwords, emails, chat messages, photos and other files, and credit card numbers can also be stolen. However, and this is the positive side, end-to-end encrypted data paths are safe. This means that, for example, the Google password or the bank details cannot be read out per se in online banking. If you use a network printer via WLAN, unwanted printouts could appear - depending on how creative the hackers are.

Laut Spiegel Online Linus Neumann, spokesman for the Chaos Computer Club (CCC) said the following about KRACK and online banking:

"I am not aware of any online banking provider where this attack method would be successful."- However, the addition:"If, for example, a certificate warning pops up, you should definitely not simply click it away - especially not when doing online banking."

What's the solution to the problem?

The solution consists of updates from device manufacturers. Not (only) the manufacturers of routers are responsible, but also and above all the manufacturers of end products such as computers, laptops, smartphones, tablets, printers and other WLAN devices. A hardware update is not necessary, but a software update, which can basically be offered and distributed very quickly. So, no matter which devices you use, keep your smartphone, tablet and notebook up to date and activate the automatic updates of the system for the near future.

What should I do, how do I stay safe?

At this point one could point out sources that describe how exactly the security hole works, how one can hack oneself and how one can use KRACK for attacks. However, I don't want to open the door to opportunistic hackers. So here are a few tips that you can follow without understanding the WPA2 security vulnerability KRACK down to the smallest detail:

Avoid public WiFi networks. This also applies to the hotspots of network operators such as Telekom or technology giants such as Google. The best thing to do is to switch off the WiFi function completely when you're out and about. (Instructions: Deactivate WiFi under iOS 11)
Whether active data exchange (personal data, account data, files such as photos and videos) or simply calling up a website: make sure that the service is secure. As with this blog, you will find the reference to a secure connection in the address bar of the browser: HTTPS
If you use a secure (and therefore probably chargeable) VPN service, leave it activated permanently. Signing up head over heels with a free VPN provider does not do much if it cannot offer optimal data security.
If possible, do without the WLAN connection and use an Ethernet or LAN connection with the respective network / router. Since the KRACK security vulnerability only relates to 802.11 WiFi connections, you are safe with wired internet.
Keep an eye out for updates or contact the manufacturer of your devices for an update regarding the KRACK security hole in WPA2.

Is KRACK dangerous for macOS, iOS, watchOS, and tvOS?

Since Monday, October 16, 2017, Apple has released beta versions for iPhone, iPad and iPod with iOS, for Mac, iMac and MacBook with macOS as well as for watchOS on the Apple Watch and for tvOS beta versions, which contain a fix / patch for the Have problem. The online magazine iMore Apple has confirmed its knowledge of the KRACK vulnerability and the corresponding counter-work:

"Apple is deeply committed to protecting our customers' data. The fix for the KRACK WLAN vulnerability is currently in the beta of iOS, macOS, watchOS and tvOS and will be delivered to customers soon."

If you do not want to install the developer betas for developers or the public beta versions, but only want to stick to official updates, then you should also note the tips mentioned above. Soon, however, the betas should result in proper updates, which will then fully protect you again. Apple is on to it.

Spatial proximity: the most important requirement

If you use your WiFi in your house in the country, then you don't need to worry. As it results from WLAN technology and as can be read in many media, attackers who want to hack your WLAN devices via KRACK vulnerabilities need a certain spatial proximity. In a public café, in an apartment building, in the neighborhood, in an office complex or at the train station hotspot, you are more likely to be at risk.

Johannes Domke

After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment Cancel comment

Sir Apfelot newsreel week 22, 2023
Before we lose ourselves completely in new operating systems and innovative devices from Apple next week, there is a Sir Apfelot newsreel at the end of this "normal" week. This time I'll show you which Apple and tech news I noticed in calendar week 22 of 2023. Among other things, the following reports are included: Top-level domain “.zip” opens the door to new scams, neuro-implants could become a human rights issue, Apple is discontinuing the “My Photo Stream” service, the mixed-reality headset is said to be Apple’s so far most complicated hardware, The Verge uncovers the history of buried Lisa computers, and more!
The Sir Apfelot newsreel as a podcast
If you like podcasts, you can also listen to the current newsreel. Lynne and Jens present you the latest blog posts as well as the individual news from the newsreel - they add their own experiences and opinions to the mix. You can access the podcast with these links:
In the Sir Apfelot newsreel for calendar week 22 of 2023 you will find the following reports, among others: Top-level domain .zip enables new methods of fraud, removal of helping brain implants fuels human rights discussion, last rumors before the WWDC23 keynote, the last part of the "Apple Lisa" story, and more!

Top-level domain .zip - Confusion about archive format encourages fraud
Google has released the top-level domain .zip for web addresses, along with .mov, .dad and .phd. Anyone who now feels reminded of file archives packed in .zip format is quite right. Because next to .rar, .zip is one of the most used archive formats. This brings a whole new scam onto the scene: scammers can send links with a .zip extension or embed them on websites and state that it is an archive (e.g. for files or an app). If you now click on the link, you will be directed to a website that looks like an unpacking program (e.g. WinRAR). If you open the files displayed in this way, you download malware. details in this blog post by mr.d0x.
Final report on the “Online Advertising Sector Investigation” by the Federal Cartel Office
The Federal Cartel Office carried out a so-called sector inquiry without too much evaluation and only with a focus on search-independent online advertising. Among other things, iFun points this out in a Entry there. Reference is made to the 65 pages PDF publication taken on the subject, classified in advertising by and by tech giants like Amazon, Apple, Alphabet and the like. iFun sets e.g. B. the focus on a concluding remark that shows the ambivalence of online advertising, but also on the investigation of the Federal Cartel Office against Apple, since the tracking restrictions on mobile devices prevent providers from collecting data, but Apple collects data itself, which advantage over other providers.
Cyberpunk meets reality: Brain implant removal fuels human rights debate
Brain implants designed to help with neuronal disorders are basically nothing new. How to Articles from heise online, they have been used successfully for over 10 years. But what happens if the private company responsible for it goes bankrupt? That's exactly what's at stake in the case of Australian Rita Leggett, who had to have a life-changing implant removed. Thanks to the measurement of brain waves, it showed her the risk of epileptic seizures, which gave her more planning security in everyday life. Also presented is the case of Ian Burkhart, who received a neuro-implant to aid in recovery after spinal cord injury. Both serve as a framework for the report on the paper How I became myself after merging with a computer: Does human-machine symbiosis raise human rights issues? at this point can watch. Among other things, the question of whether the removal of helpful implants is a violation of human rights is examined. In the case of Rita Leggett, for example, one can see that a high degree of quality of life was taken away from her and she (loosely translated) experienced a “persistent discontinuity in her ability to act”. From an ethical and legal point of view, it must therefore be clarified whether functioning and helpful neuro-implants may be removed at all.
Maker projects with IKEA products
So this week I actually have a few IKEA messages for Lynne and Jens in the Sir Apfelot Newsreel Podcast :D Both are unfortunately behind a payment barrier in the “Make:” area in the heise magazine. But you can already see from the respective preview what will be produced in the end:
- A balcony raised bed made from an old IKEA loft bed: Check it out here
- A digital lava lamp alternative in an IKEA picture frame: Check it out here
Contact Key Verification – Apple appears to be implementing new iMessage security technology
In the code of Beta version iOS 16.6 should contain references to the so-called "Contact Key Verification", such as the iPhone ticker this week notes. Apple had already presented this new security technology in December 2022: Three new technologies presented: More security for Apple users. The goal of this security key is to verify the iMessage contact and thus ensure that you are not communicating with unrelated third parties who have hacked into the contact's Apple ID. With the iPhone ticker, this is compared with the security number in the Signal app.
My Photo Stream is over - Apple is ending 12-year-old iCloud service
"My Photo Stream is shutting down on July 26, 2023," the Apple support document states HT205743. The service, called “My Photo Stream” in German, was introduced by Apple in 2011 in connection with the iCloud. It stores up to 1.000 photos from the last 30 days, making them available to other devices using the same Apple ID. The photos are not counted towards the iCloud storage. However, the whole thing will be discontinued on July 26, 2023, so you should switch the automatic storage of photos on the iPhone, iPad or iPod touch to the “iCloud Photos” service. This counts against the iCloud storage, but applies all images and changes across devices. More to compare the services here .
Final rumors ahead of Monday's WWDC23 keynote
Before on Monday the World Wide Developers Conference 2023 starts, there are still a few last rumors and guesses. These are now fueled by official Apple releases as well. in one Tweet Apple means "A new era begins." (A new era begins.), and in the developer blog it's called "Code new worlds". BeatSaber co-founder Jaroslav Beck also tweeted a bit cryptic on June 5, suggesting his VR game will be part of the launch of Apple's mixed reality headset. There is actually no question that it will be presented on Monday. At the same time, Mark Gurman thinks so here that it could be Apple's longest keynote at well over two hours (this speaks against the information on the on-site schedule of the invited developers). MacRumors means also with reference to a payment barrierArticles from The Information that the headset is Apple's most complicated hardware design to date. Curved glass, an aluminum bezel, a curved motherboard and lens inserts with magnetic mounts are said to have made the mixed reality headset a challenge for production companies. Due to the design, it should not be able to be used in combination with glasses.
Apple Lisa: The Verge unearths an interesting part of the company's history
The "Apple Lisa" was a computer sold from the early to mid-1980s, partly in direct competition with the first Macintosh. In addition to the internal power struggle, the subsequent dismissal of Steve Jobs and other well-known and often retold developments, there is an additional part of the story. This includes the sale of old Lisa stocks to Bob Cook and later the scrapping of Apple's computers in a landfill. Apple probably wanted to literally bury part of the company's history and eliminate the competition created by Cook. The whole story is there here at The Verge and in Video: https://www.youtube.com/watch?v=rZjbNWgsDt8
iPad Air (1st Gen) and Thunderbolt Display are obsolete, iPad (5th Gen) is vintage
Apple has added new entries to its Obsolete and Vintage lists. Apple refers to devices that have not been sold for seven years as discontinued or obsolete. The designation is also associated with a suspension of support; Repairs are then no longer offered. This is now the case for the first iPad Air (2013 to 2016) and the Thunderbolt Display (2011 to 2016). Apple devices that have not been sold for five years are referred to as vintage. The service is only offered subject to parts availability. It is now z. B. iPad 5th generation (2017 to 2018).
The official Apple lists of obsolete and vintage products
If you want to know which Apple products are considered obsolete and which are considered vintage, I recommend the English language support document HT201624. As always, this one is ahead of the translations and has the most up-to-date list. This is how you find it there – currently in contrast to the German version – under the obsolete iPads these new entries:
- iPad Air WiFi
- iPad Air Wi-Fi + Cellular
- iPad Air Wi-Fi + Cellular (TD LTE)
Another difference can be found in the vintage list, where the German version still lacks the 5th generation iPad from 2017. However, it is already listed in the English version for the US region:
- iPad (5th generation) Wi-Fi
- iPad (5th generation) Wi-Fi + Cellular
Incidentally, the discontinued Thunderbolt display with a 27-inch screen diagonal can be found among the Mac products described as obsolete worldwide, as well as there in the "Peripherals" column. This monitor, offered from 2011 to 2016, has a resolution of 2.560 x 1.440 pixels, multiple ports for USB, Ethernet, Thunderbolt and the like, as well as built-in multimedia components such as a webcam, microphone and speakers. It was the last Apple monitor before Pro Display XDR in 2019 and the Studio display in 2022.
Information about Apple devices and service for old devices
- Free Apple encyclopedia for information on all devices and systems: Mactracker app
- Repair service for current Apple computers and legacy Macs: Sadaghian workshop
In the test: xade nano iPhone colorimeter and microscope
The company eveloar GmbH offered me a report about their product xade nano to write. I gladly accepted the offer because I am always extremely curious about tech gadgets and how well the products work. With the xade nano, however, I have to say right away that I don't have enough technical background knowledge to evaluate all the functions. Why? Because the xade nano is not just an iPhone microscope, but with the apps "xade finder"And"xade roast“ is also an accurate colorimeter and a device for determining the degree of roasting of coffee beans. Yes, you heard me right. All this is in the small device in connection with the right apps from eveloar GmbH.
Here you can see me measuring the hue of the orange part of my power bank.
I usually mention the technical data at the top of the article, but since these are probably only understandable for experts on the xade nano, I have moved them further down. The most common area of application for the xade nano is the determination of color values, which is why I deal with this function in detail in the test.
Why accurate color measurements are difficult with iPhone
There are some apps in the App Store that allow you to measure the color of objects using the iPhone's camera. However, this "measurement" is far from accurate, since the app has no influence whatsoever on the lighting that comes from outside. Depending on whether the apps measure in artificial light, in daylight, in the morning or in the evening - you always get different results. To eliminate these inaccuracies, the xade nano was developed, which is a combination of app and lighting attachment for the iPhone. Because the area to be measured is only illuminated with a certain light, xade nano can precisely assess the lighting and carry out a very precise color analysis.
This is what it looks like when the xade nano is attached to the iPhone 14 Pro Max. The wiring is necessary so that the LEDs in the device are supplied with power from the iPhone.

This is how the color measuring device xade nano is structured
The xade nano is basically a small cylinder that has an opening on one side to put it over the iPhone camera. On the other side is a much smaller opening, which is basically the "measuring opening". LED lighting is installed inside the xade nano, which illuminates the color surface to be measured. A small plate with a hole in the middle is attached to the underside of the device, which contains various colored dots on the edge. As far as I understand it, these color points are recorded with every shot and used as a sort of color map for the calibration.
A color card is installed in the xade nano, which is automatically evaluated for the calibration of the color measurement. The actual color is measured through the hole in the middle (photos: Sir Apfelot).
If you want to use the xade nano as a microscope, you can remove this color card by sticking your little finger through the top hole and pushing the card down. The iPhone is connected to the xade nano via a USB-C to Lightning cable to power the light source. The xade finder app is the right software that records the data from the iPhone camera and then evaluates it to carry out the color analysis.
With the xade nano you can also use the iPhone as a microscope. Here is a Lightning connector that I photographed.

My test: color measurement with the iPhone
If you now want to perform color recognition with the xade nano, start the xade finder app and plug the device into the iPhone camera lens. In the app you can then choose between the following modes:
- nano - if you want to perform a measurement with the "hardware" xade nano
- picker – if you just want to pick a color with the iPhone camera (less accurate)
- micro – if you want to use the iPhone as a microscope (works with or without xade nano)
Of course I chose "nano" because in this mode I can use the hardware xade nano and the color measurement has the maximum accuracy.
This is the main part of the xade nano: the "measuring chamber" with the built-in LEDs and the color chart (both not visible here).
In the following, the iPhone shows a measuring point in the middle, which you have to align so that it is completely covered with the color area you want to measure. To prevent stray light from entering the measuring chamber, the xade nano and the iPhone must also be placed flush on this surface. When you're done, you press the button in the app that starts the measurement. It now takes about 4 to 5 seconds for the measurement to be completed and the result to be available.
Here you can see the lighting and some of the color chart at the bottom of the case.
The analysis of the measurement seems to take place in the cloud (internet connection required!), because during the analysis the app connects to an external service (probably the manufacturer's server) and then gets the corresponding color data back. When the measurement is finished, the app gives you two color tones, which are marked with "#1 match" and "#2 match” – i.e. the best hit and the second best hit. In addition to the second hit, there is also an icon with three dots in the app, which can be used to call up other matching colors – similar to a digital color fan.
Here you can see the white circle with the three dots, which you can use to call up all the results of the measurement.

Available color spaces: Lab, sRGB and HEX
The Lab color space is the default choice when displayed in the app, as this color space is the largest and can reproduce the most tones. The Lab color space also covers all the colors that the human eye can perceive. In addition, the Lab color space is device-independent. However, the color values can also be displayed in other color spaces such as sRGB and HEX. Web designers will surely appreciate the HEX value as it contains the "web colors" that can be used by HTML codes. You won't find an output in CMYK in the app, but since this color space is always dependent on the output device, it makes more sense to use Lab.
With the HEX code you can choose your colors for buttons or background on the website.

How good is the color measurement?
Unfortunately I don't have a measuring device to check the results, but I can see the colors detected on my iPhone and see the color on the items I used for the tests. The color values that came out in my tests are convincing so far. If the displayed color does not match the real color, it is because the RAL colors do not contain all shades and some nuances simply do not appear in the RAL spectrum. You can also use the xade finder app to take less accurate color measurements without the xade nano by selecting the "picker" mode in the app.
In "picker" mode, you can also measure a color range using the iPhone camera.

In the app you will then find the usual display of the determined color tone. The color here in the screenshot differs from the one in the image above because I took the actual measurement further to the right in the lighter blue (photos: Sir Apfelot).

NCS, RAL and Colors of Nature
In the app you can switch between different color spectrums and thus get the app to find the best matching color from these specifications. The following color collections are represented in the app and some of them can be unlocked with an in-app purchase:
- RAL Classic (216 shades)
- RAL DESIGN SYSTEM plus (1.825 colors)
- NCS 2050 Colors (2.050 shades)
- colors of nature
Quote from the manufacturer eveloar GmbH:
The Colors of Nature palette is our own and growing list of colors found in nature. They are color measurements of leaves, flowers, etc. to illustrate the principle of operation.
As a special feature, you can also create your own color palettes and save color tones in them. If you now measure a color and choose your own color palette, the app shows two colors that best match the measured color.
The "Powerbank" palette is a palette I created in which I saved the different colors of a powerbank as a test.

For iPhone 14 Pro/Pro Max users only
One thing to keep in mind when purchasing the xade nano is the fact that the device can only plug into the iPhone 14 Pro or Pro Max camera. The reason for this is that the xade nano is placed around the protruding lens. Since the lens on the older iPhone models and also on the iPhone 14 (without Pro) does not have the same diameter, the xade nano does not hold on to these models. It's hard to say how things will fare with the upcoming iPhone 15, as there's still no information on the diameter of the lenses. It would be perfect if the manufacturer of the xade nano could find a way to adapt the device to different lens diameters with a small adapter.
The xade nano is placed on the right lens of the iPhone 14 Pro or Pro Max. This makes it clear why it only works on these two iPhone models (photos: Sir Apfelot).

My conclusion on the xade nano
As far as I can judge as a layman, the combination of the hardware - i.e. the attachment for the iPhone camera - and the xade finder app is an effective solution for taking binding measurements in a defined lighting situation. The results I got back from my test measurements all looked very good and - depending on the color collection selected - were very close to the shade I saw. Bottom line: If you want to measure colors with your iPhone, you should definitely take a look at the xade nano. As long as you have an internet connection, you can measure any color anywhere with the xade nano and the iPhone 14 Pro or Pro Max and have the best approximation in various color collections determined. If you are interested in the xade nano, please take a look via this link on Amazon or directly from the manufacturer. Here in the appendix I have compiled the technical data of the device.
Technical data
- Brand: xade
- Manufacturer: eveloar GmbH
- Compatible Devices: iPhone 14 Pro Max, iPhone 14 Pro
- System Requirements: iOS 16.0 or newer.
- Magnification levels: 5x/10x/15x magnification of the magnifying glass or microscope simply set the app and take a photo.
- Repeatability: dE00 ~ 0,01 mean deviation from mean of 10 measurements on white BCRAII tile with app xade finder.
- Device agreement: dE00 ~0,4/1,0 mean/maximum deviation on 12 BCRAII tiles using xade finder.
- Illumination geometry: 45°/0°
- Light source: CRI > 97
- Measuring range: diameter flexible between ~ 0.2-4 mm (xade roast and xade finder).
- Coffee repeatability: ~ 0,1 mean deviation from the mean of 10 measurements, with an xade degree of roasting of 45, on a comparison scale with 100 units.
- Sharp Image: Fixed distance and focus gives a sharp image directly when xade nano is held on the surface.
- Standard Geometry: 45/0 geometry ensures standardized physical properties of light. This makes it ideal for color measurement and color determination.
- Determine RAL color: 1 year Classic & Design System plus color tones. A digital fan deck.
- Precise color representations: measurement results are displayed in an extended color space. See what you measured: The measured color is highlighted in a photo.
- Pro features: 1 year of custom color lists and spectral graph (beta), for xade finder & roast.
- Premium library NCS 2050 optional: Determine the NCS2050 shade with the optional NCS 2050 subscription.
- Made in Germany: Developed and manufactured in Germany.
Here you can see the scope of delivery of the xade nano colorimeter for the iPhone.

What's in the box
- xade nano (measuring device and light source)
- xade nano card (color chart; is already inserted in the nano)
- Connection cable (USB-C)
- Sample holder for coffee powder
- German instructions
Also included: 1 year free subscriptions for these apps
- RAL Classic & Design System plus for xade finder
- Pro features for xade finder & roast
Additional subscriptions in the apps allow matching colors to be found in the premium databases of NCS 2050 and RAL (Classic and RAL DESIGN SYSTEM plus).
Caution: Federal Ministry of Finance scam "Digital Euro" is entering the next round!
In April I have here in the blog before warned about an alleged e-mail from the Federal Ministry of Finance. It is about the digital euro, the NextGenerationEU project and the promise that you can secure a whopping 1.000.000% subsidy on deposits of up to 29 euros. Of course, this all sounds too good to be true. Because it's not true. And so are the new emails that build on April's news. These should serve as a "reminder" and draw you back to a fake website where you are supposed to disclose your data. I have summarized all the information for you below.
If you were already made aware of the Digital Euro pilot project in April, which is supposed to bring you up to 29% funding on deposits of up to 1.000.000 euros, then you are probably also currently receiving the successor. Both are cheating. Do not click on any links and do not disclose your data!

Subject of the scam email

Last chance: Exclusive participation in the "Digital Euro" pilot program

Text of the scam email

We recently informed you about a unique opportunity to participate in our special funding program as part of the NextGenerationEU package of measures. This program was created to offer you the opportunity to protect and preserve your wealth in the face of inflation, which has exceeded 2022 percent since October 1.000.000. If our communication has missed your attention, or if you are still undecided, we encourage you to reconsider this opportunity. The number of participants is limited and interest in the program is high. We want to make sure that you, as one of our valued customers, don't miss the chance to be part of this exclusive initiative. We therefore invite you again to consider participating in the pilot program. Remember that you have the opportunity to switch equity of up to 29 euros into the Digital Euro, backed with a subsidy of up to XNUMX% on your investment made. Please revisit our website for more information about the program and its benefits. To participate in the program [link removed, d. R.] Your personal, assigned access code to participate in the pilot program is: [character string removed, editor's note. R.] You can unlock the special content with this personal key. Note that the link is only valid until enough potential attendees are registered. So don't hesitate and take the first step towards the future of digital money today. We look forward to your participation. Best regards, Your BFM - Digitization Department

Signs of a fake email - indications of scam and phishing
Of course, you already know the “analysis” of scam signs in emails if you have already read the numerous other phishing warnings here in the blog. For newcomers, however, I am happy to repeat them again, because of course we want all readers to be protected and to know their way around:
- Sender: The sender name in your mail program is probably "Federal Ministry of Finance", but if you display the e-mail address, you will see "digitaler-euro-foerderprogramm@logosmarcas.com". LogosMarcas.com is a Spanish-language website that claims to be about company logos. I have no idea what the connection is here.
- Link: If you hover the mouse over the "To the program participation" link, the URL "http://darren-and-orla.com/bmf/?[character string]" appears. According to a who-is query, the Darren-and-Orla.com page was created in August 2022, probably just to redirect clicks from scam emails.
- link target: After the redirection, you get to a page with the URL “https://bundesfinanzministerium-reg.com”, which looks like a BFM registration page at first, doesn’t it? No, because why should a German Federal Ministry use the top-level domain ".com"? It is completely a fake site and you should NOT interact with it. According to a who-is query, it was not created until May 26, 2023.
- Personal access code: The code described in the email as "personally assigned" appears to be the same in each of these emails. I found the same code as in the mail addressed to me in other reports, such as the LKA Lower Saxony (Message about the old mail from April 2023).
- Careless action desired: Once again, quick, thoughtless action is encouraged. Not only is the greed of the recipients aroused with the large numbers. It also clearly states "So don't hesitate and take the first step towards the future of digital money today", which is typical of such scam emails. Others aren't even more pushy.
What is the aim of scammers?
I don't know exactly what the scammers are aiming for with the email. Because I opened the link in the mail in a safe detour and looked at what was asked for and what was offered on the fake BFM website. On the one hand, personal data is requested (very clear Phishing), on the other hand you can download stuff (maybe malware like Trojans). In any case, you should NOT click on the link and do not interact with the website! Even if your URL looks almost serious and the presentation is strongly reminiscent of the official website of the Federal Ministry of Finance.
Report the "Digital Euro Pilot Program" e-mail: Here's how!
I already told you in April how and where to report spam, scam and phishing at this point explained in detail. So here is just a brief summary:
- BSI form for vulnerabilities and security gaps: Fill in here
- Report spam to the Internet Complaints Office: Get addresses here
What should I do with the fake email?
After you have reported / forwarded it to the appropriate places, you can simply delete the mail. Of course, this also applies in the event that you have nothing further to do with it, do not take any steps and simply want to be left alone. Just delete and ignore. Then nothing can happen to you.
Look at the fake BFM page
As has now been shown several times, you should not click on the link in the mail and certainly not interact with the website behind it (specify data, download content, etc.). So that you don't click on it out of curiosity, I did it for you (in a safe setup). The first image is a comparison of the original Federal Ministry website and the fake website. I'm not an expert in website code, but I took a look at some of the elements' code anyway. And it seems like just copy and paste here. There is a lot of hard work involved in this scam. I hope it was free.
Original on the left, fake on the right. The largely copied BFM website is intended to give a serious impression. Only small things, which one hardly pays attention to in a hurry, let the scam fly.
A lot of information is offered, especially on the funding project for the digital euro advertised in the e-mail and on the alleged pilot project "03E - DE". It all looks very official. Unless you read across to the action with a little basic understanding. After all, why should the minimum age be 17? As far as I understand, the BGB has age limits such as 7, 15 and 18 years to restrict legal capacity. The limit of 17 years makes no sense.
The "Digital Euro" pilot project is to be presented as serious with numerous information, lists and documents. However, this is all a scam and you are on a fake website. However, the form for entering personal data works. Anyone who sends data here is likely to be constantly terrorized with emails and calls.
Finally, another insight into the fake website "bundesfinanzministerium-reg.com", which shows alleged PDF downloads and links at the end of the page that look like the original. I didn't investigate the download links further because I didn't want to download anything for security reasons. The links, on the other hand, all lead back to the registration page, where you have to enter the character string from the e-mail. The only thing that really works are links like "To participate" and the input fields for personal data (see above). So clearly a scam.
I don't know if you can really only download PDF files or if you're not also getting malware onto your computer. At least the links only lead back to the beginning.

Summary
Don't fall for this nonsense, even if it looks professional. You don't get anything from the BFM for free.
Another anniversary: 5 years Sir Apfelot App!
Last year we celebrated both 10 years Sir Apfelot and 5 years newsreel celebrated. And this year the next anniversary follows: 5 years Sir Apfelot App! Am 1. Juni 2018 we have pointed this out to youthat you can now download the app from the iOS App Store. The post also provided some background information on the development of the program. Among other things, Jens showed how many sizes the logo was needed in order to be able to display it correctly in different places. After more than a year, namely in October 2019, the next piece of good news came: the Sir Apfelot app has since also been available for the iPad.
Five years ago today we informed you that you can download the Sir Apfelot iOS app onto your iPhone. Although there have been a few updates in the meantime, compatibility has remained the same.

Sir Apfelot App for old and new devices
Like her on the app page can see in the official App Store for iOS and iPadOS, the Sir Apfelot app can be used on iPhones from iOS 12.0. The iOS 12 operating system was released in 2018 and can also be installed on the iPhone 5s, the first iPhone SE, the iPod touch from the 6th generation and on numerous iPad models. Of course, it is recommended to always install updates and thus keep the device with (currently) iOS 12.5.7 secure. I personally use the Sir Apfelot app on the iPhone 12 Pro and below iOS 16 – currently in version 16.5. As you can see, you can save this blog's article library on various Apple mobile devices.
Dark Mode has been available since 2019
I'm a big fan of dark mode, on all kinds of devices and in pretty much all programs. With the introduction of iOS 13 in 2019, a system-wide dark mode became possible on the iPhone and iPad. That's why it has been in the Sir Apfelot app for a few years now, more precisely since version 1.0.10 of October 10, 2019. In the following years there were repeated adjustments to the new operating systems. Ever since the Sir Apfelot app was released five years ago, everything has always worked out well for me. What about with you? Do you use them? App and their ways to search and view blog content? Please leave a comment! :)

What do the suction force values Pa, kPa or AW mean for ... I often write test reports on vacuum robots, cordless vacuum cleaners or normal mains-operated cylinder vacuum cleaners. In this context, I usually also study the technical data ...
11 examples of nice responses to positive… I look after and optimize the Google business profiles (formerly Google My Business) for some customers and in this context I also answer the reviews that customers…
iPhone photos – store location as recording location… For photos and videos, the Apple iPhone's camera app can save the current location as the recording location in the file. But what does this information bring and…
"You've reached your storage limit" - iCloud Mail... I received an email over the weekend claiming that I had reached my iCloud storage limit. Since I don't have anything automatically transferred and also...
[Update] Overview: Battery capacity (mAh & Wh)… How many mAh battery capacity does my iPad have? – You may have asked yourself this question when you were looking for a power bank, a charger or…

KRACK: Vulnerability in WPA2 protocol (WLAN security hole)

All routers affected by the KRACK vulnerability

What can happen to me as a user in the event of an attack?

What's the solution to the problem?

What should I do, how do I stay safe?

Is KRACK dangerous for macOS, iOS, watchOS, and tvOS?

Spatial proximity: the most important requirement

Related Articles

Post a comment Cancel comment

sir appleot

Specials

Shopping