Posts By Author: Lorenz Cuno Klopfenstein

Scaling a Bot for the Europe Code Week

Posted by Lorenz Cuno Klopfenstein
Tag: /

A couple of days have passed since the closing of the Europe Code Week 2016, topping the numbers of past editions with a record-breaking total of 20.000 events organized in more than 50 countries.

In the context of CodeMOOC, a massive open online course offered by the University of Urbino about computational thinking and coding, a large-scale coding quiz was planned for 20 October. Using only a Telegram client and a QR Code scanner, the participants were able to take part in the game and compete with over 900 groups in Italy.

Read more…

Implementing a bot-based treasure hunt game

Posted by Lorenz Cuno Klopfenstein
Tag: / /

On August 26th, during the course of the “Coding in your Classroom, Now!” summer school, a large treasure hunt game took place in the historical center of Urbino: 26 groups, composed of 139 participants overall, challenged each other by chasing clues through the narrow and steep streets of the city, following the orders of a… bot.

The game had been developed during the week just before the event and the whole team behind the treasure hunt spent the last minutes before the start feverishly fixing the last bugs. (Well, most of them.)

The summer school, aimed at school teachers of all grades, had the main focus of bringing coding to the classroom, in a way that could be engaging for both teachers and young students. Thus, it made more than sense that the treasure hunt itself, “Urbino Code Hunting” as it was called, would be based on coding puzzles as well.

Read more…

Two days at DroidCon Turin 2015

Posted by Lorenz Cuno Klopfenstein
Tag: / /

New year, new DroidCon: like last time, two heros from our lab (Lorenz e Saverio namely) traveled to Torino in order to attend the yearly italian Android conference. The 2015 edition reached new heights of attendance: last year we had great fun attending the conference, but this time the event had grown even more.

The conference was held in the imposing conference center Lingotto in Turin, nicely bathed in sun and nice weather, with more than 700 participants from over 21 different countries.

Saverio and Lorenz after getting their badges. As you can see, badges = bliss.

Last year’s event was marked by an unmanageable epidemy of Google Glass-wearing speakers. The 2015 edition fortunately marked a switch from Google’s glasses to more discreet Android Wear based watches. A nice advantage, from a stylistic perspective at the least.

Because of that, many sessions were actually focused on Android Wear and Android Auto, the brand new platforms where our favorite green droid is expanding into. Many other talks during the two intense days of DroidCon where instead focused on the intersection between Android and the Internet of Things: for instance interesting stuff about iBeacons and (a bit discouraging) experiments on proximity monitoring by Matteo Gazzurelli.

Apart from software development, one of the most discussed topics was actually user experience (or “UX”): Lydia Selimalhigazi and Roberto Orgiu gave a nice overview on why developers and designers need to stick together and help each other in order to obtain results without (too much) conflict. The same topic was taken on, from a branding perspective, during the stimulating talk by Marie Schweiz on how the specific features of a brand influence the user experience (not only the logo, that is).

Another totally different point of view on “user experience”: Kentaro Takiguchi gave a very nice talk “Improving UX through Performance” with an in-depth overview of those little optimizations that can be applied, both on the app and on the server side, in order to improve an app’s fluidity, reliability and responsiveness. An interesting bag of tricks for scenarios where even shaving off 4 KBs from a remote request can have a great impact.


Benjamin Augustin made clear that in fact software development can, at times, be a hellish affair. However, in order to free developers from pain, a growing number of libraries and tools are being worked on. One of those libraries is in fact RxJava, the Java port of the Reactive extensions originally created for .NET: those extensions offer a nice way to “invert” how your code work, by adopting a “reactive” coding paradigm which is very well suited to manage the interactions between user interface and an unreliable backend (like network access, for instance).

Likewise, Maciej Górski presented several ways, especially using Gradle plug-ins, to reduce the amount of “boilerplate” code developers need to write (for instance getter and setter methods for Java classes). Also very interesting: the “Holy Sync!” session by Eugenio Marletti, about cross-platform synchronization methods, using CouchBase.

“Test, test and test!” was the mantra of several other talks, in particular the one given by the always funny Ali Derbane e Wiebe Elsinga (don’t even try pronouncing his name, you’ll fail) who during their talk “The hitchhiker’s guide to functional testing” gave an overview of most functional testing suites available for Android. Stephan Linzner instead showed the glorious new tools developed at the Google mothership for its mobile developers.

Finally, at 12 o’clock of the first day, pushed by hunger more than anything else, our Lorenz gave his talk “The love child of Android and .NET: using Xamarin for app development” about all our recent experiences using the Xamarin platform for Android development during the last year. Slides can be downloaded as PPTX as well.

Gave us the necessary energy between sessions: the Cola from Turin!

After two very intense days we left Turin exhausted, but encouraged and inspired by many new things to check out, technologies to use in our projects and details to keep in mind while developing on Android (and not only)! Looking forward for next year!

UWiCLab vs. Lego Droid

Posted by Lorenz Cuno Klopfenstein

As everybody should know, tech conferences and events like hackatons (as seen in this nice recap) are particularly useful because of the huge amounts of gadgets that participants get to bring home. A great chance to renew the collection of nerdy T-shirts and to get useful (?) USB toys.

And that’s why this morning the very tempting box of the Android mascot, entire made of Lego blocks, showed up at our laboratory’s door! A great opportunity to show off the manual skills of the lab members.

Thank you Catia!

SMDSP Last day

Posted by Lorenz Cuno Klopfenstein
Tag: / / / / /

Torre Archimede sign, University of Padua

Like all beautiful things, the International Summer School on Smart & Mobile Device Security and Privacy is also approaching to its end.

For the last two days of lectures, the floor was given directly to the attending students. During this Ph.D. Forum, promisingly nicknamed “The Grill”, everybody was given the chance of presenting their own research work by giving a ten minutes presentation and exposing themselves to the comments and (thorough and well-meant) critique. Most of the students have been talking about issues related with mobile security, addressed at different levels: starting from hardware, malicious software detection (through static or dynamic means), using machine learning techniques to detect malicious activity, to the analysis of permissions in order to detect possible attacks.

To conclude with the lecturers, prof. Prakash from University of Michigan gave us a general overview of the Android security model, showing us the most known attacking strategies, such as exploiting communication channels established by applications, or using side channels. He concluded by depicting some of the most used defence strategies.

On Friday, prof. Poovendran from University of Washington moved to a slightly different topic, talking about control-theoretic modelling and mitigation of cyberattacks. He showed us some techniques to detect compromised nodes in networks, meaning some nodes are physically captured by an adversary that wants to inject false messages in the network, thus compromising the good behaviour of the system.  In order to defend the network from such attacks, different possibilities exist, based on so called “witnesses”: periodically all nodes of a network send broadcast messages containing their ID and location and their neighbours act as witnesses, understanding if the sender is a cloned node or a safe one.

Finally, the works have been concluded by prof. Prakash, giving us a very interesting talk about a new solution to avoid app phishing attacks on smartphones, called TIVO “Trusted Visual I7O Paths for Android”. When enabled, TIVO allows users to associate a secret image to each installed application. Then, each time the application is running and displays a keyboard (possibly to input sensitive data, like username and password), TIVO displays the application’s icon, the application’s name and, if set, the secret image picked by the user itself. This should make it much harder for malicious apps to intercept login screens and do phishing attacks.

Group picture of participants of SMDSP

The participant of the summer school at Palazzo Bo, in Padua.

And that’s all from Padua and from SMDSP, folks! A special thank goes out to the University of Padua, to the organizers and lecturers of this very interesting Summer School and of course to all the participating students for making this a really nice week.
See you next year in Padua!

Silvia Malatini & Lorenz Cuno Klopfenstein

SMDSP Day two

Posted by Lorenz Cuno Klopfenstein
Tag: / / / / /



As reported before, we are now at day three of the International Summer School on Smart & Mobile Device Security and Privacy, after lots of lectures, a tiny bit of sightseeing, not much sleep and — unfortunately — some bad weather.

Dr. Ivan Martinovic from the University of Oxford gave us an overview about his research about secure key exchange on wireless networks, avoiding the widely used Diffie-Hellman method and exploiting inherent characteristics of the wireless channel between the two parties trying to exchange key (specifically: how the signal between the parties is influenced by the physical room between them as a unique signature). Moreover, he gave us an outline of his work on face and daze detection.

Getting back to the Android platform, prof. Sadeghi continued his outline of the large attack surface that a mobile device (and its OS) represent. Attacks to Android can be performed at various levels, starting from the applications installed, the Android middleware and getting as low as the underlying Linux kernel. Applications can perform many malicious actions even without particular effort, by exploiting the access permissions that users often unknowingly grant during installation. Otherwise, they can try to “collude” with other malicious or unsafe applications in order to perform actions without the user’s consent. Some apps can exploit bugs in system apps or in the middleware to get  higher privileges (or even gain root access to the phone). It was interesting to see many of such attacks live during a short lab session.

Lucas Davi, from University Darmstadt, gave a basic overview of how return-oriented attacks are performed and how ASLR, DEP and similar techniques help preventing such attacks (and how they can be circumvented).



Matthias Schunter, from the Intel Collaborative Research Institute for Secure Computing (ICRI-SC), talked about the evolution of pervasive computing and the so-called Internet of Things, which presents a scenario with a huge number of devices performing privacy-sensitive operations and thus requiring a well thought approach to security. Intel cooperates closely with academic researchers in order to ensure that even smallest devices (as Intel Galileo, for instance) get sufficient security features and can be trusted. Long running devices also face the issue of staying secure through an operating period measured in decades.

Having reached the half of the summer school, we’re now signing off for a (rainy) visit of Padua, including the world-famous Cappella degli Scrovegni painted by Giotto himself and Palazzo Bo, the original seat of the university at the time of its founding in the XIII century, when security could still be ensured by a mechanical lock…

Silvia Malatini & Lorenz Cuno Klopfenstein

SMDSP Day one!

Posted by Lorenz Cuno Klopfenstein
Tag: / / / / /


Summer is running out, but to keep our feelings high we could not miss this great summer school about Security and Privacy on Smart and Mobile devices. The SMDSP summer school just started on Monday, September 1st, in the beautiful city of Padua. It is organized by some of actual main experts in the field, like professor Mauro Conti, from the University of Padua, the director of the school, professor Asokan from Aalto University and professor Ahmad-Reza Sadeghi from TU Darmstadt.

In fact, the school is co-orgnaized by the University of Padua, particularly the Department of Mathematics, the Aalto University, the Center for Advanced Security Research Darmstadt, and the Intel Collaborative Research Institute for Secure Computing.

The University of Padua is a long tradition University (among the earliest Universities of the world, founded in 1222 as the second one in Italy, just after Bologna; it also hosted people like Galileo Galilei and Nicolaus Copernicus).

The main focus of this summer school is to bring together members from the international security research community to debate contemporary issues in the area of smartphone security and privacy, which is becoming more and more important in the era of Internet of Things.

25 students and 15 organizers, between scientific and operational committees are going to work together for one week, to discuss their works and ideas about this interesting fields.

On Monday works have been opened by the Chancellor’s delegate, Ms. Lucia Regolin and by the Director of the Department of Mathematics, Mr. Bruno Viscolani, explaining us how this school reflects the motto of Padua University “Universa Universis Patavina Libertas“, which aims to give always more freedom of thoughts to teachers and students, along all its long history.

Later, prof. Asokan has introduced us in the world of Trusted Execution Environments (TEE), where Trusted means that the environment is isolated from the “normal” execution environment (where OS and “normal” applications run), so that integrity is protected. He showed us what constitutes a TEE environment and some used architectures, and which are the state of the art being developed nowadays. He showed us the ongoing work on TPM (Trusted Platform Module) 2.0 and its differences with the past one, 1.2.


Professor Ahmad-Reza Sadeghi gave us a very interesting lecture about the security of mobile platforms in general, going deeper on Android security framework and showing us which are the most problematic attacks one has generally to fight and how doing security is hard work and very difficult to do thoroughly even it things appear to be correct.
As prof. Sadeghi put it: “never trust a working thing“.

To conclude the day, professor Mauro Conti showed us their ongoing works in this matter and the latest issues they are concerned about. And then he also promised to show us why exactly his department’s acronym is SPRITZ

Silvia Malatini & Lorenz Cuno Klopfenstein

3 nerds at DroidCon Turin 2014

Posted by Lorenz Cuno Klopfenstein

From thursday 6th to sunday 9th february the DroidCon Italy event was held in Turin. It’s the italian version of the important Android conference dedicated both to developers and the B2B market. (And people like us, it appears.)

Our three LaBlog writers (Gioele, Saverio e Lorenz) jumped on the opportunity of enjoying two days of vacation the conference in order to improve their Android skills. As soon as they arrived at the conference building, Gioele was exposed to a very severe and unfair badge discrimination, as shown in picture. (He also didn’t get the glass cleaning cloth shaped as a droid, a precious object giving +10 nerdiness to the user.)


As we noticed during the opening keynote, one of the themes of the conference would indeed be Google Glass: several people around the hall did indeed wear a pair of Glasses, and were usually inclined to talk about them and to show off their capabilities. During the BarCamp at the end of the first day there was an improvised talk about Google Glass, also showing one of the most interesting applications: providing hands-free information to fire-fighters doing their dangerous job.


Among the topics, several sessions were focused on mobile app security: Luca Baggio from did talk about the security issues that impacted Linux and Android devices at large so far, while Marco Grassi from viaForensics gave an interesting overview of the (many) attacks to mobile apps and data stored in them. He also presented some useful hints for developers in order to avoid most common problems, which usually are disregarded by larger developers as well. We doubt anyone cares about our shopping lists, but just in case you intend to store more important data…

There were several talks about testing setup and testing environments, while GenyMotion presented their new x86 Android emulator based on VirtualBox. We were very interested and their solution was also mentioned by some of the speakers, meaning that perhaps this could be a solution to the usually quite sluggish default Android emulator. We’ll need to check it out!

The spanish developer Victor Díaz then entertained us by showing some very interesting ideas of “atypical” smartphone usage: starting with a coordinated ballet, speed challenges (meaning the speed with which a phone on vibrate can cross a table) and his City Fireflies project where groups of people can use their smartphone to defeat evil space invaders attacking a public square of a city. He then also presented Protocoder, an interesting platform that can be used to rapidly develop application prototypes in Javascript. Very useful for quick testing or for teaching programming to kids, without having to use professional tools (which are quite hard usually) like Eclipse (also known as “big IDE of doom”). He wrapped up his talk encouraging other developers to develop interesting, modern and innovative applications — not the usual ListView + ActionBar.

Maco Picone held his talk about “The Android Platform in the era of Internet of Things” by presenting a system developed by a research group of the University of Parma that makes the discovery of Machine2Machine protocols very easy. Very interesting, we say!

Finally, there were several UI/UX (User Interface/User Experience) talks as well, especially targeted for Android developers. From the promising “One code to play ’em all” (about Fragments and responsive app development) which was little more than the official Android documentation unfortunately, to the intriguing “From Android App to Killer App: How to Reach the Million-Downloads Milestone”, to the talk by the author of, who unfortunately confirmed how verbose and difficult it can be to present graphics and layouts which could, in theory at least, be optimized by the Android UI runtime.


On friday we left Turin with a load of stimulating ideas, unfathomable fears about the security of our mobile apps, the certainty that ordering too much nachos for dinner is bad for you™ and, most importantly, a renewed craving for code!

LabLog: tales from the lab

Posted by Lorenz Cuno Klopfenstein
Tag: /

The more adventurous students of the degree program in Applied Information Technology must have noticed, during their daily journeys to their lessons, that the Collegio Raffaello holds a variety of mysterious crevices: the first floor — contended between the forces of order and those of chaos of the cabinet of physics, the arcane bathroom of the cellar, the “-1” button of the elevator disabled by some obscure will…

Amongst the other esoteric locations we can also count the impenetrable door that leads to the UWiCLab. A place described, by ex-students and veterans of the degree course, as a site of perdition (perdition of time, principally). The legends included in the sacred texts (see “C language” by R&K) tell stories of lament and sorrow of the lost souls that come from the lab. Sometimes, the grieving sounds seem suspiciously similar to a savage game of table tennis!

To finally reveal that which happens in the UWiCLab, the collaborators, from today on, will have a new section of the portal where they can discuss their projects and the infernal machinations that are in act only a few feet away from the classes…