Thomas Roth

I'm a security researcher and consultant from Germany, focused on embedded systems, secure communication and mobile security.


Twitter: @stacksmashing

Recent publications

Named as one of the 30 under 30 in Technology 2018 by Forbes

Vulnerabilities in the Vobot Alexa smart clock. CVE-2018-6825 CVE-2018-6826 CVE-2018-6827

Forbes: Analysis of slowdown by the Spectre and Meltdown fixes

34C3 Video: SCADA - Gateway to (s)hell · (German translation)
Security research uncovering critical vulnerabilities in wide-spread industrial control devices from vendors like Moxa & Advantech

Winner of the OWASP AppSec Europe 2017 Capture-the-flag Hacking Contest

Vulnerabilities in a Common Criteria EAL4+ validated certificate authority. (Vendor release in progress)

Vulnerabilities in AVM Fritz!Box routers

Vulnerabilities in a security-focused MDM.

Vulnerabilities in the Capricode SyncShield mobile-device-management system.

Vulnerabilities in secure communication providers: Protonmail, Tutanota,, SpiderOak


Thomas Roth · Hafenmarkt 12 · 73728 Esslingen · Germany