SBA Research is a research center for Information Security funded by the national initiative for COMET Competence Centers for Excellent Technologies. We bring together 25 companies, 4 Austrian universities, one university of applied sciences, a non-university research institute, and many international research partners to jointly work on challenges ranging from organizational to technical security.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


SSNOOB v0.5 – Social Snapshots for Facebook

Today, SBA Research releases SSNOOB, a simple Java tool to create Social Snapshots of Facebook accounts, into the public domain.

SNOOB serves three main purposes:

  • Digital Forensics (Extract Facebook account data from forensic images via valid Facebook session cookies)
  • Research (Extract Facebook account data for scientific studies ranging from information security/privacy to web science)
  • Backup (Backup your personal Facebook account data including images)

A precompiled version as well as the source code is available on github:
SSNOOB Version 0.5

Keynote at SECRYPT 2014

Edgar Weippl gives a keynote on Advanced Persistent Threats & Social Engineering at the 11th International Conference on Security and Cryptography (SECRYPT 2014), wich takes place from 28 – 30 August 2014 in Vienna.

Keynote at CRISIS 2014

Edgar Weippl gives a keynote on Empirical and Applied Research in Information Security at the CRISIS 2014 conference in Trento.

“Sicherheitsforscher beginnen Gegen-Überwachung” – media coverage IMSI-Catcher-Catcher

Der IMSI-Catcher-Catcher in den Medien:,

IMSI Catcher HEISE   standard IMSI

short version / paper as preprint IMSI-Catcher-Catcher

IMSI-Catch Me If You Can: IMSI-Catcher-Catchers - paper accepted at ACSAC 2014

We are proud to announce, that our paper “IMSI-Catch Me If You Can: IMSI-Catcher-Catchers” has been accepted to the 2014 Annual Computer Security Applications Conference (ACSAC).

In this paper, we identify and describe multiple methods for detecting artifacts in the mobile network produced by IMSI Catchers. IMSI Catchers are used in mobile networks to identify, track, attack, spam, reconfigure, and eavesdrop on phones. The first IMSI Catchers date back as early as 1993 and were big, heavy, and expensive. Only a few manufacturers existed and the economic barrier limited the device’s use mostly to governmental agencies.

In the recent years prices for these devices dropped and the number of vendors increased. Even self-made devices have been demonstrated for about US$ 1,500. However, today, it is not ensured, that these devices are solely in the hand of authorized domestic authorities.

Read the short version / paper as preprint

Future plans

The Android app is planed to go into public beta sometime in fall to allow us to fine tune the rule set. It will eventually be open sourced. We aim to make this application to be usable for average smart-phone users. If you are an experienced user and like to help, please contact us at

For the stationary IMSI Catcher Catcher we like to find enough places to build a gapless aera for another field test. Ideally we like to cover the inner districts of Vienna – which demands for about 20-30 stations. If you can offer a rooftop place or penthouse veranda with a free field of view, please contact us at

Guest talk: “Security challenges in industrial systems”

Dr. Artemios G. Voyiatzis, Associate Researcher, Industrial Systems Institute, “Athena” Research and Innovation Center in ICT, Greece gives a talk about “Security challenges in industrial systems”. Abstract
Tuesday, June 26, 2014, 10.00 – 11.30
This event is hosted by the Vienna ACM SIGSAC Chapter.

Visit at SBA Research

A delegation of professors and researchers from the Changwon National University in South Korea visited SBA Research to learn about the successful COMET model where industry and researchers collaborate tightly in long-term research projects.

TechCamp Summer School

Edgar Weippl gave the opening lecture of the TechCamp Summer School that is organized in cooperation with the Vienna University of Technology and our partner company LBS, funded by the European Union. The TechCamp takes place from 19 – 28 August, 2014 at the Vienna University of Technology. 30 students are participating.

Der Standard berichtet über Forschungsprojekte Diana und Diango berichtet “Dafür soll ein Nachfolgeprojekt namens “Diango” sogar in der Lage sein, Bilder auszuwerten. Genau wie “Diana” wird es von Verteidigungs- und Innenministerium gefördert und unter Leitung der SBA-Research GmbH entwickelt.

"Make sure you have all the updates; make sure you use a browser that is not standard; and pursue more training—talk about the threat."

Engin Kirda et al. analyzed nearly 1,500 suspicious e-mail messages targeting a human-rights NGO. “The team found that, while the malware managed to reliably evade detection by many antivirus programs, the attacks were relatively unsophisticated, using known vulnerabilities that had already been patched.” Read the whole article here.

The paper will be presented the USENIX Security Symposium, taking place from 20 – 22 August, 2014 in San Diego, CA. Read the abstract here.

"Passwörter wiederzuverwenden ist sehr gefährlich"

Andreas Tomek im Gespräch mit Futurezone über den kürzlich bekannt gewordenen Diebstahl von 1,2 Millionen Zugangsdatensätzen: “Die Wiederverwendung von Passwörtern ist sehr gefährlich”, meint Andreas Tomek. “Wenn das bei Bezahlwebseiten oder Online-Geldbörsen passiert, hat man ein Problem.” Lesen Sie den ganzen Artikel hier.

“Malware in Silicon II” Abschluss-Event

Malware in Silizium wird ein zunehmend wichtigeres Thema. Da die Aufrechterhaltung eines Fabs sehr teuer ist, verlagern immer mehr Unternehmen Ihre Chip Produktion zu Auftragsfertigern ins Ausland. Doch wer garantiert, dass nicht absichtliche Backdoors oder Datenlecks in die Chips eingeschleust werden? Das Projekt “Malware in Silicon II”* präsentiert seine Ergebnisse und lädt aus diesem Anlass zum Abschluss-Event.

25. Juli 2014; 12.00 – 13.30 Uhr
Weiter Infos finden Sie hier.

Abschlussevent   Abschlussevent







SBA Research at the EU Korea Conference on Science and Technology (EKC 2014)

Aljosha Judmayer and Martin Mulazzani will present recent research results of SBA Research at the EU Korea Conference on Science and Technology, including methods to detect and prevent HTTP session hijacking, as well as large-scale exploitation of online services and social engineering. The EKC 2014 will be held from 23rd to 25th of July 2014 at the Vienna University of Economics and Business.
You can find the program here:

SACMAT 2015 in Vienna

SACMAT 2015 will be held in Vienna from June 1-3; SBA Research is the local organizer.








Dimitris Simos at JAMAICA 2014

Dimitris Simos gives a talk on July, 21st in the second Workshop on Joining AcadeMiA and Industry Contributions  (JAMAICA 2014) about Test Automation and Model-based Testing. The workshop is co-located with the International Symposium on Software Testing and Analysis (ISSTA 2014) taking place at Hilton San Jose, Bay Area, California, USA during July 21-July 25.


FFG Bridge Projekt “Transport Layer Security in Practice” genehmigt

Das Projekt „Transport Layer Security in Practice (TLSiP)“ beschäftigt sich mit Methoden zur Erkennung von unsicheren kryptografische Verfahren bei Internetservices und soll Internetbenutzern eine transparente Lösung für sichere Internetkommunikation ermöglichen. Das Internet hat sich in unserer Gesellschaft als ein wichtigstes Kommunikationswerkzeug etabliert und für viele Bereiche wie der täglichen Kommunikation, Online-Handel oder Online-Banking ist eine gesicherte Datenübertragung unabdingbar geworden. Transport Layer Security (TLS) hat sich hierbei als Standardprotokoll durchgesetzt. Die Verfügbarkeit von Werkzeugen und Studien zur Verbesserung der Verwendung von TLS ist daher wichtig und von steigender Bedeutung für Gesellschaft und Wirtschaft.

Partner: Cyan Networks Software

FFG Bridge Project “Speed Forensics” granted

This project aims to fundamentally increase the performance of current state of-the-art forensic methods and decrease the manual work necessary for a forensic analyst by 1) developing new methods to increase the use of parallelized data processing within the specific environment of digital forensics, 2) identifying the best method(s) on how to exclude a possibly vast number of files and file system artefacts that are not specific to a case, and 3) streamlining and improve methods proposed in the literature that have not been included into existing processing steps for additional insights for various reasons. The overall degree of automation in the forensic process will be increased and as such will allow the analyst to focus on case-specifics in the near future instead of being overwhelmed with unrelated data. Furthermore, due to the much finer granularity of data analysis, we believe that this will allow the creation of new tools and analysis methods based on our findings.

Partner: Bravestone Information-Technology

Kick Off Meeting K-Projekt DEXHELPP auf Stift Vorau