It almost seems like eons ago when we were just some geeks having fun solving tech puzzles. We were discovering flaws in systems that we used every day. From this research, we soon realized it would be a bigger benefit for everybody if we started actually sharing our knowledge and help get rid of these technology flaws. We launched Security Research Labs as a hacking think tank to explore and consult about security in critical utilities and communications infrastructure.
Ten years on, we have grown into a global network of over fifty experts across offices in Berlin, Hong Kong, and Jakarta. Let’s look back — and ahead — with some of our team!
Vincent is one of our youngest. He joined as an intern and stayed as a student worker while finishing his master’s degree in computer science. “I was referred to SRLabs by one of my university lecturers Dominik Maier, who had joined SRLabs for a one-month hacking camp. Working on client and research projects, I immediately experienced what aspects of technology are important for real world security and how to make them comprehensible for people. Given this insight, I can now assess the actual social and political impact of new technologies much better,” he says.
Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.” Luca is leading one of the SRLabs teams in Berlin. He’s been with SRLabs since the beginning and has seen most of the lab’s activities and evolution throughout its ten years with all the challenges and opportunities of a perpetually growing team. “Obviously, every time new people come in, we have to adjust the responsibilities and priorities. At the same time, we’re always engaged in challenging projects. One of the most interesting ones was testing the home services of a major telecommunications provider throughout different countries in Europe. For a scientist, it was really a unique opportunity to access real world devices and networks and to touch, analyze, and break them legally,” he recounts. This interaction between research and applied technologies is what makes SRLabs different. “Research cannot be the only thing, but research is vital to the SRLabs identity. On the other hand, we need corporate insights to contribute to the research,” he adds, “I want SRLabs to become the go-to experts for even more critical infrastructures in communications, transportation, energy, medical systems and all fields that touch upon everyday life.”
“This is the uniqueness of SRLabs. There’s no company that connects the work on systems, platforms and research this way, especially when it comes to the telecommunications and hacking projects. We’ve been growing fast and had a lot of requests from the corporate side recently, so it’s an ongoing process to implement clear structures and make time for more research. But there’s a spirit of liberty and community in our team that I value very much,” says Sina, who joined SRLabs as a researcher three years ago.
“It’s not just that I get to work with many of my closest friends every day. It’s also the way people think. At SRLabs, you never get to be the smartest person in the room, and there’s always someone who sees things from an unexpected angle. It’s easy to take that privilege of learning from each other for granted, but that’s what I like most about our team,” says Ben, who has been at SRLabs since 2012 and now oversees the lab as chief operating officer. When he started, projects were shorter and more focused. As the company grew, team competencies and the scope and impact that could be achieved through client projects soared.
“Over the years, we gained insights and realized how security fits in all parts of enterprises, how we can help on all strategy levels, and how our work with clients can inform our research, and vice versa. At Jio in India, we were involved in building security into a giant technology company that brings mobile internet to nearly half a billion people from scratch. We helped build their security team and shape the culture and awareness around security at all levels,” says Ben. Part of that project, as he recounts, was assuring the security of tons of consumer devices, including Android phones. Jakob, senior hacking expert, – who had been looking at Android devices for a while already by then – kept seeing the same type of issues: Devices were often missing some required security patches. “Android is pretty unique, as it’s both open source and the most popular mobile platform in the world. Since there are hundreds of vendors, and thousands of different phones of different ages, the ecosystem is highly fragmented. Jakob’s tool became a research project at the lab and then got built into our Android app, SnoopSnitch, which was used by hundreds of thousands to check their Android security.” Ben explains.
“Sometimes it’s this kind of individual perspective that leads to some of the most interesting projects, so it’s vital to get the right people on board,” says Kim, the lab’s human resources manager, who joined two years ago and witnessed the birth of the Jakarta office. “SRLabs has always been a more free-spirited hacking space. Now, we are reaching a size where we are adding more clearly defined responsibilities and career paths. The client and research projects are growing organically as our team learns, but the human touch is something we need to continuously work on to balance our growth with keeping our friendly and liberal atmosphere,” she adds.
“It’s the sense of belonging, mission and companion-ship with the people that I value very much,” says Dimas, Head of Software Development for Autobahn in SRLabs’ Jakarta office since it launched two years ago. “I joined because I was thrilled by the opportunity to grow something new within the cyber security industry. We work on client projects, but on top of that, the company’s research is well published in mass media. That’s important because cyber security experts should also have a duty to educate the society at large to help make the world safer,” he notes. “At SRLabs, we are all highly driven, curious, but also rebellious in our own unique ways. It’s this balance between the commitment to technical excellence in research and the fun with the team that makes my work exciting.”
“The human side is one of the focal points of our development. We’re now building teams and awareness among other things for a client in Japan who launched in April in the middle of the Corona crisis,” says Andrea, who is the executive manager of SRLabs Hong Kong. “Our projects constantly require new ways of thinking. One of my first tasks was getting test equipment to countries like Bangladesh and Cambodia, which proved to be quite difficult given the patchy postal services in those countries. And now, working remotely to serve clients in the midst of a pandemic is a whole different challenge. But the culturally and intellectually diverse mix of people in our team makes it easier. Working with teammates who are kind and at the top of their field makes a huge difference. We share and grow knowledge together, but also love to have a good party at the beach!”
“In fact, one of our most peculiar revelations was how to stock our fridge for a hotel party in Abu Dhabi during our annual hacking holidays. And over the ten years, there hasn’t been a hotel WiFi that wasn’t hacked,” says Karsten, founder and chief scientist at SRLabs. When the lab first launched, thinking of hacking as a way to improve critical infrastructure was still off-mainstream. Today, it has become the norm. Looking back at a decade of research and consulting, he has learned how to make infrastructure secure, but also how to ask the right questions – including to oneself.
“The biggest challenge was to understand how much technology has to do with human emotions. Human psychology has an immediate and direct influence on technology security. We often thought we’d fail at this challenge, but we finally found effective ways to make security fun and thereby effective. Making systems safer requires the interaction of research, consulting and the best technologies, but also the behavior of the people who handle it. The fun factor is equally important to us as a growing team,” he recounts.
SRLabs keeps discovering new technology challenges: At the moment, risks are becoming more pronounced as technology is increasingly connected to the physical world. “Hacking is no longer just about stealing information. Hackers can now interfere with real world physical infrastructure from cars to power plants. In order to properly address the risks, being hacked on the periphery needs to be accepted as part of the technical existence. It’s like getting sick. We can’t avoid it, but we can boost our immunity and minimize the consequences for our most critical systems,” he says.
As initiator of SRLabs, Karsten wants kick off the next decade with a stronger focus on the human side: “As a research team, we are shaping technology by creating and spreading knowledge. We are constantly learning, not only from a tech point of view, but especially about human interaction, cultural differences, and our own boundaries. There are so many aspects of modern life that can hugely benefit from good hackers. We want to welcome these good hackers who are curious, who have a passion for tech and want to make the world a safer place.”
“One of the big challenges in this is the pull between consulting projects, product development, and research. In consulting, the complexity of the client projects and the structure and politics behind them are often very demanding. Our great team and a cooperative company culture make working on them exciting for me.,” says Balthasar, who joined as a student worker two years ago and rose to security consultant upon graduation.
“Directly working with security in critical infrastructure is invaluable. But above all, I like my teammates at SRLabs. I have one more year to go in university and would like to stay on board after my graduation, do more research and get to know the next generation of technical talent,” adds Vincent.
After ten years, SRLabs is still growing. We’d love you the join the team for its second decade of research and consulting excellence. We are looking for talented hackers, consultants, and programmers in Berlin, Jakarta, and Hong Kong.