Attack scenarios against mobile phones have thus far concentrated on the application processor. The operating systems running on these processors are getting hardened by vendors as can be seen in the case of Apple's iOS -- the current release uses data execution prevention and code signing. In contrast, the GSM stack running on the baseband processor is neglected. The advent of open-source solutions such as OpenBSC and OpenBTS for running GSM base stations is a game-changer: Malicious base stations are not within the attack model assumed by the GSMA and ETSI. This talks explores the viability of attacks against the baseband processor of GSM cellular phones. Results presented will be the first over-the-air memory corruption exploitation of bugs in a number of widespread GSM stacks that that allow for remote code execution.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.