Mastodawn

"WhatsApp gilt als sicherer Messenger – doch Sicherheit endet nicht bei der Verschlüsselung. Neue Forschung zeigt, wie viel sich allein aus der technischen Nutzung und den Profileinstellungen ableiten lässt. " (https://www.futurezone.de/digital-life/apps/article695464/whatsapp-schwachstelle-betrifft-alle-nutzer-diese-einstellung-solltest-du-dringend-pruefen.html und das Paper https://arxiv.org/pdf/2411.11194v4

Edgar Weippl Nov 29, 2025

Obfuscation detection using matrix complexity features of binary grayscale images

Sebastian Raubitzek, Sebastian Schrittwieser, Caroline König, Patrick Felbauer, Kevin Mallinger, Andreas Ekelhart, Edgar Weippl, Computers & Security, https://lnkd.in/gaYgBDWW.
Download at https://lnkd.in/dcfxBSa8

Edgar Weippl Nov 28, 2025

Nice interview with Aljosha on our current WhatsApp paper (University of Vienna and SBA Research): https://netzpolitik.org/2025/interview-zu-whatsapp-von-emojis-zum-mega-datenleck/

The full paper as preprint: https://arxiv.org/abs/2511.20252

Gabriel K. Gegenhuber, Philipp É. Frenzel, Maximilian Günther, Johanna Ullrich und Aljosha Judmayer: Hey there! You are using WhatsApp: Enumerating Three Billion Accounts for Security and Privacy. In Network and Distributed System Security Symposium (NDSS), 2026.

Edgar Weippl Nov 20, 2025

Cispa European Cybersecurity & AI Hackathon Championship an der Universität Wien
https://cispa.de/en/cispa-hackathon-championship

Edgar Weippl Nov 19, 2025

"Informatiker*innen der Universität Wien und von SBA Research haben eine große Datenschutzlücke im Contact Discovery Mechanismus von WhatsApp aufgedeckt." https://www.univie.ac.at/aktuelles/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp

Edgar Weippl Nov 19, 2025

"“Well, scientists now know a lot of phone numbers,” the responsible parties might have thought, “So what?” Repeated warnings submitted ... filed away. Only when the researchers submitted a draft of their paper twice and its uncoordinated publication was imminent did Meta wake up: a surprising amount can be read from the data, and for some users, it can be life-threatening."

Heise: https://www.heise.de/en/news/3-5-Billion-Accounts-Complete-WhatsApp-Directory-Retrieved-and-Evaluated-11083244.html
FutureZone: https://futurezone.at/apps/whatsapp-sicherheitsluecke-alle-nutzer-betroffen-contact-discovery-anfragen/403104148

Edgar Weippl Nov 13, 2025

"Malware that conceals its behaviour through code obfuscation remains a central challenge for automated detection. This work introduced a novel approach for detecting the presence of obfuscation and identifying specific techniques. We transform binary code into grayscale images by mapping its bytes to a pixel intensity and apply singular value decomposition (SVD) to extract 18 matrix-complexity metrics that reflect structural changes introduced by an obfuscation. " (https://doi.org/10.1016/j.cose.2025.104746)

Edgar Weippl Nov 5, 2025

CISPA European AI and Cybersecurity Hackathon Championship. Dec 13+14 @Univie University of Vienna

Edgar Weippl Oct 31, 2025

Critical XSS vuln (CVE-2025-39663, CVSS 9.1) in Checkmk fixed.
Discovered by SBA Research — allowed JS injection & potential RCE in distributed setups.
Admins: update to 2.4.0p14 / 2.3.0p39, disable “Trust this site completely”.
🔗 heise.de/-10964747

Edgar Weippl Oct 16, 2025

David Schmidt, Sebastian Schrittwieser, and Edgar Weippl received the Distinguished Paper Award at ACM CCS 2025 (A*-rated) for their work “Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps.” (https://cdl-astra.at/2025_09_ccs_distinguished_paper_award)