SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
has been extended to March 29, 2016! Find the Call for Papers here. The ARES Conference will be held in Salzburg, Austria from August 31 – September 2, 2016.
Yesterday, a delegation of SBA Research visited the CSIRT team at Masaryk University and discussed project ideas and possibilities for collaboration. Their impressive cyberranch shown below is part of the KYPO project, and used for teaching and CTFs. Read More
Our paper Pin It! Improving Android Network Security At Runtime (by Damjan Buhov, Markus Huber, Georg Merzdovnik and Edgar Weippl) has been accepted at the A-rated conference IFIP Networking 2016. Read More
We had a great time at Financial Crypto and Ross Anderson’s group maintains a nice blog that also covered the conference. Read the comments to our paper.
Today a new attack against TLS was published, DROWN. In essence, it allows attackers to decrypt strong TLS connections using TLS 1.2 and other versions, if the deprecated protocol SSLv2 is supported by the server. Previous work by SBA Research has shown that this is… Read More
The kick-off meeting of the Management Committee (MC) for the new COST Action CA15217 “Resilient communication services protecting end-user applications from disaster-based failures (RECODIS)” is taking place on March 1, 2016 in the COST Association premises in Brussels, Belgium. Austria is among the 22 European countries that have already signed… Read More
SBA Research will be present at the Software Engineering (SE) conference this week in Vienna. Martin Schmiedecker will talk today about SBA Research and on the panel on technology transfer, hosted at SE FIT. You can find the detailed program of SE’2016 here. Read More
Artemios G. Voyiatzis gave an invited talk on “Security Challenges in Disruption- and Delay-Tolerant Networks (DTN)” at the University of Passau, Germany on Thursday, 18.02.2016, 14:00-15:00. Abstract: Delay-Tolerant Networks were originally proposed to cope with the enormous delays involved in deep-space communications. The architecture proved to fit many Internet of Things (IoT)… Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞