SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
Our colleague Bernhard Garn, researcher at SBA Research, gave a talk on "Improving the Security of Quantum Platforms using Combinatorial Methods" at the Workshop on Secure Protocol Implementations in the Quantum Era (SPIQE) on June 24th, in Munich, Germany. ... Read More
A group of dedicated young researchers presented their work at the 21st ICT Security Conference on 25 and 26 June 2025, which was organized by the Austrian Armed Forces. They impressed the audience with their… Read More
On June 17, SBA Research and its partner Condignum hosted the second edition of the sec4dev Dialogues event series. Security for Software Developers is essential. The current threat landscape and security incidents in recent years make it clear: the topic is more relevant than ever. This… Read More
Cyberduck and Mountain Duck improper handle TLS certificate pinning for
untrusted certificates (e.g., self-signed), since the certificate's
fingerprint is stored as SHA-1, although SHA-1 is considered weak and
should be replaced with SHA-256 or SHA-512. ... Read More
Cyberduck and Mountain Duck improper handle TLS certificate pinning for
untrusted certificates (e.g., self-signed), unnecessary installing it to the
Windows Certificate Store of the current user without any restrictions.
This potentially allows attackers to bypass certificate-based authentication
or authorization of other programs that trust this certificate store. ... Read More
On June 16th, SBA Research and the Security & Privacy group at University of Vienna hosted the Vienna Deep Learning Meetup (VDLM).
The event, attended by Deep Learning enthusiasts, comprised of a talk by Damian Stewart, who gave a Deep Dive into CLIP embeddings. CLIP embeddings are at the heart of many multimodal AI systems, as they map language to images. ... Read More
Spusu is an Austrian mobile network operator and operates as a mobile virtual network operator (MVNO) using the Drei network. Spusu offers premium-quality mobile plans at affordable prices. Since 2021, Spusu has also been fulfilling its role as a technology leader by expanding regional… Read More
In mid-May, Jeanine Lefèvre, head of Office of Equal Opportunities at SBA Research, attended the important Viennese conference on Excellent research requires the right framework which set the tone for non-discriminatory research. Around 80 experts in science, politics, and gender equality came together to discuss strategies for… Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. Read More
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞