Autobahn Blog

We are security experts and strive to be at the cutting edge of cybersecurity issues, to make a positive impact on the world.

Achieving Telerik Remote Code Execution 100 Times Faster

Achieving Telerik Remote Code Execution 100 Times Faster

A cryptographic vulnerability in the development software Telerik UI from 2017 turned out to be impractical to exploit until now. This blogpost details the optimization techniques deployed, which can be applied to similar issues in other (...)

Incorrectly patched ZyXEL vulnerability becomes zero-day again

Incorrectly patched ZyXEL vulnerability becomes zero-day again

We dug deeper into the vulnerability and patch for CVE-2020-9054, a pre-auth command injection in ZyXEL NAS devices. We found that the patched vulnerability was still exploit-able due to incomplete patching.

Fingerprints are not fit for secure devicea unlocking

Fingerprints are not fit for secure devicea unlocking

Fingerprint sensors have sought to replace password- and PIN-based authentication for years. The sensors are widely found in laptops, sometimes in payment terminals, and recently in several smartphones. The latest entrance to the field is Apple’s ...

Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping

Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping

UPDATE December 17, 2019: Attacks still possible Six weeks after first publicly discussing the Smart Spies attacks, we performed some retests to see whether Google and Amazon implemented sufficient checks to mitigate the attacks.