Description: Slides : - https://deepsec.net/docs/Slides/DeepSec_2010_All_Your_Baseband_Are_Belong_To_Us.pdf Ralf Philipp Weinmann, University of LuxembourgAttack scenarios against mobile phones have thus far concentrated on the application processor. While code running on these processors are getting hardened by vendors as can be seen in the case of Apple's iPhoneOS -- the current release uses data execution prevention and code signing, the GSM stack running on the baseband processor is neglected. The advent of several open-source solutions for running GSM base stations is a game-changer: Malicious base stations are not within the attack model that was assumed assumed by the GSM MoU and baseband vendors. This paper explores the viability of attacks against the baseband processor of GSM cellular phones and shows first practical results that enable code exeuction on them. It will include a demo of a practical exploitation of a remote memory corruption on the iPhone4.Ralf-Philipp Weinmann is a cryptologist at day, and a reverse-engineer at night. He has studied and obtained his Ph.D. at the Technical University of Darmstadt and currently is a postdoctoral researcher in the LACS laboratory of the University of Luxembourg.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.