SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
SBA Research invited Key Researchers and members of the Scientific Board to join us for the ball of the Vienna University of Technology on January 29, 2015 at Hofburg. Stefan Katzenbeisser, Volkmar Lotz, Davide Balzarotti, Engin Kirda and Christopher Kruegel spent this wonderful evening with us. Read More
We are taking part in Syssec's 10Kstudents initiative: "The goal of the 10KStudents challenge is to improve cyber security by teaching Ten Thousand University Students the basic concepts of software vulnerabilities and secure programming. " Read More
Stefan Katzenbeisser, Key Researcher bei SBA Research, spricht über die Vorratsdatenspeicherung als ungeeignetes Mittel zur Prävention von Terroranschlägen. 3SAT-TV nano-Beitrag
Die Mitarbeiter und Mitarbeiterinnen von SBA Research legten zusammen, um für unbegleitete jugendliche Flüchtlinge, die im Laura Gatner Haus der Diakonie leben, Winterjacken und Winterschuhe für die kalte Jahreszeit besorgen zu können. Im Rahmen der Weihnachtsfeier des Laura Gatner Hauses wurde der Scheck im Wert von 3710 € zusammen mit… Read More
“Weitaus ernsthafter ist ein Projekt der Wiener IT-Sicherheitsexperten Katharina Krombholz und Adrian Dabrowski. Sie wollen mit dem “P3F”-Projekt das Problem der “analogen Lücke” lösen. … Krombholz und Dabrowski haben schon Kontakte zu großen IT-Konzernen aufgenommen und ihr Projekt beispielsweise bei Facebook vorgestellt.” derStandard.at
Dimitris Simos, Bernhard Garn of the research team and Severin Winkler, Peter Aufner, Andreas Bernauer of the security testing team of SBA Research found a RXSS vulnerability in W3C online tidy services using combinatorial testing methodologies and demonstrated its applicability to web application security testing. These novel research methods have… Read More
Adrian Dabrwoski received the award for the best student paper at ACSAC 2014 for his paper. You can find a preprint here. Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. Imsi-Catch Me If You Can: Imsi-Catcher-Catchers. In Proceedings of the 30th Annual Computer Security Applications Conference… Read More
Lukasz Olejnik, INRIA Privatics, France gives a talk about “Introduction to transparency, privacy and security analyses of Real-Time Bidding”. Abstract Wednesday, December 10, 2014, 11.00 – 12.00 TU Wien, Seminarraum 2/253, Hauptgebäude (Karlsplatz 13) This event is hosted by the IEEE CS/SMCS Austria Chapter.
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞