Burned in Ashes: Baseband Fairy Tale Stories.

Presented at REcon 2019, June 30, 2019, 3:30 p.m. (30 minutes)

What will happen if you'd find a remotely exploitable vulnerability in one of your peripherals? What would happen if it would be in one of your most crucial communication processors your device has? Baseband research merely has a high entry barrier that keeps out all but the most well funded organizations. While baseband analysis remains one of the least well-explored in the public domain, many researchers don’t know that it is not rocket science. Even though the baseband is not well explored, some vulns, exploitable by the air were found and patched, these will be examined and explained. In this talk I will show my methods and experience with reverse engineering and root causing several vulnerabilities which were reported by various researchers and patched in the past year. This is a continuation talk from my last year's talk, "From 0 to Infinity", that I presented in SyScan360 et al, I'll be talking about the remote protocols the Baseband has, my personal experience with reverse engineering, tinkering and finding bugs. Finally, I'll show one bug that was burned in last year. This is mostly a methodolodgy rather than "Open IDA, *Browse 5 minutes*, Dang - here is the bug"

Presenters:

• Guy
  Guy,(@shiftreduce), is a Freelance Security Researcher mostly interested in Low Level Research. While he's not reversing embedded stuff, he usually plays Zelda BOTW, Super Smash Bros Ultimate.

Links:

• https://cfp.recon.cx/reconmtl2019/talk/7A7TBA/
• https://infocon.org/cons/REcon/REcon 2019 Montreal/REcon 2019 Montreal videos/Guy.Burned in AshesBaseband Fairy Tale Stories-WXoRdFBuXytGB.mp4

Similar Presentations:

• CanSecWest 2022 / FirmWire: Taking Baseband Security Analysis to the Next Level
• Black Hat USA 2021 / How To Tame Your Unicorn - Exploring and Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
• Black Hat USA 2012 / Scaling Up Baseband Attacks: More (Unexpected) Attack Surface