SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
Mathias Tausig is information security consultant at SBA Research and gave an interesting talk on The monster in your basement: Security risks of CI/CD systems. Read More
The 19th International Conference on Availability, Reliability, and Security (ARES 2024) took center stage in Vienna from July 30 to August 2, 2024, offering a platform for experts and enthusiasts to explore the latest developments in the field. Co-located with ARES 2024 was the International Workshop on Dynamics of Disasters:… Read More
The International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) took place from July 30 to August 1, 2024, in Vienna, Austria, alongside the 19th International Conference on Availability, Reliability, and Security (ARES 2024). Hosted by the University of Vienna’s Faculty of Computer Science, this event brought together leading… Read More
The annual international IT security event, Troopers 2024, recently marked its 15th anniversary in the historic city of Heidelberg. This milestone event took place from the 24th until the 28th of June, bringing together security experts, researchers, and enthusiasts from around the globe to share cutting-edge developments in the field… Read More
Significant global security vulnerabilities and the possibility of eavesdropping in Voice over WiFi (VoWiFi) – one of the prevailing communication protocols in the mobile sector – have been exposed by security researchers from SBA Research, the University of Vienna, and the CISPA Helmholtz Center for Information Security in Saarbrücken. VoWiFi… Read More
Vulnerability Overview In the modem, the client can be forced into accepting a less secure key exchange algorithm during the VoWiFi IKE handshake due to a missing downgrade check on the proposed Diffie-Hellman (DH) group. This could lead to remote information disclosure with no additional execution privileges needed. User interaction… Read More
Vulnerability Overview ZTE ZXUN-ePDG product, which serves as the network node of the VoWiFi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection (IKE) with the mobile devices connecting over the internet. If the set of keys are leaked or cracked, the… Read More
We are thrilled to announce the successful conclusion of IEEE Euro S&P 2024, held in the city of Vienna! This year’s conference brought together more than 300 leading experts, researchers, and practitioners from 32 countries in the field of cybersecurity, offering an unparalleled platform for knowledge exchange and collaboration. Read More
We would like to thank all participants, sponsors, and speakers for their active participation and exchange at this year's sec4dev Dialogues! Under the motto "Security for Software Developers" there were six exciting talks on: Read More