SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

News

Security Advisories: Teltonika RUT9XX OS Command Injection, XSS, Missing Access Control (CVE-2018-17532, CVE-2018-17533, CVE-2018-17534)

CVE -2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection

Teltonika TUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

Full Security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection

CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)

Teltonika Rut9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting

CVE-2018-17534: Teltonika RUT9XX Missing Acces Control to UART Root Terminal

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control

(ISC)2 / ISACA Conference 2018 at TU Wien

Security & Safety: 2 schools of thought – 1 goal?

The (ISC)2 / ISACA Conference hosted in TU Wien´s dome hall on October 11, 2018 counted a total of 170 participants and 9 talks contributing experience and knowledge from different fields.

The agenda addressed the independent yet inseparable function of security and safety aiming to prevent still stand, blackouts and manipulation.  The thematic focus was put on potential future problems as well as their possible solution.

Edgar Weippl holds Keynote at SST

Edgar Weippl gave a keynote on Research Methods and Examples of Research in Distributed Systems Security at the SST 2018 in Osijek, Croatia.

Abstract: Over the past few years an increasing number of descriptive works have helped explain complex phenomena in the area of distributed systems security. These include the efficiency of spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. Studies in this field are characterized by the necessity of empirical research based on observing, describing and inferring the behaviour of complex systems.

 

Aljosha Judmayer gives talk on “No IT-Security -> no Blockchain”

Aljosha Judmayer talked about the latest Security fails and the role of IT-Security in Blockchain at the Blockchain in corporate practice event hosted by the Austrian Innovation Forum.

Martina Lindorfer is awarded the 2018 Cor Baayen Award.

Martina Lindorfer was selected as the winner of the 2018 Cor Baayen Young Researcher Award. The award committee recognises Martina’s impressive achievements and outstanding quality of her research in the field of systems security, especially the analysis of malicious software and mobile operating system vulnerabilities.

The ceremony takes place on Oct 10 in Goteburg. Edgar Weippl was her supervisor and we are happy that after some time as a PostDoc at UC Santa Barbara she returns to Vienna on a tenure track position.

» Continue reading “Martina Lindorfer is awarded the 2018 Cor Baayen Award.”

Alexei Zamyatin at Scaling Bitcoins 2018

Alexei Zamyatin and Dominik Harz (Imperail College London) gave an invited talk entitled „Interoperability with Cryptocurrency-backed Tokens“ at Scaling Bitcoins 2018 in Tokyo.
Slides
Paper

There is no such thing as 100% security

Markus Klemen participated in the third round table (hosted by Brutkasten and A1) discussing the role of cyber security within startups.

Details

NIST Grant awarded to MaTRIS research group

Computer data breaches cost companies millions of dollars each year. When combined with the damage leaks of private information do to consumers, the total cost of security issues is even greater. Many systems, including blockchains and Internet of Things systems, are created secure at the design level. However, mistakes in their implementation of those systems often make them vulnerable. Dimitris Simos, SBA Research’s MaTRIS group leader and his partner Jeff Lei of University of Texas at Arlington (UTA), are the two PIs in a recently awarded three-year $585,000 grant from the National Institute of Standards and Technology, USA to develop a new approach to security testing of blockchains and Internet of Things systems aiming to avoid these vulnerabilities. The funded project, called SENTINEL, will use combinatorial interaction testing technologies to perform general testing, and also to expands the horizons of the combinatorial security testing research program put forth from SBA Research (Dimitris Simos), NIST (Raghu Kacker, Rick Kuhn) and UTA (Jeff Lei).

SBA goes Strategy Meeting @ Europahaus Wien

In the course of a 2-day strategy meeting at the Europahaus Wien we intensively worked out new strategies and set future goals. In a great atmosphere we brainstormed in small groups and were provided with outlooks for anticipated development and projects. The stimulating yet relaxed off site setting enabled a detailed reflection on our working process as well as the crucial exchange between all teams involved. We have been able to take away a lot of positive ideas and are full of thirst for action.

 

Outreach Activities – Volkshochschule

At the VHS Mariahilf Edgar Weippl gave a presentation ‘Vom Morris-Wurm bis WannaCry’ to offer the interested general public an insight into how information security evolved in the past decades.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close