BROADCASTS.com

Last year, we released FirmWire to the public, an open-source baseband analysis platform.\nBut what even is a baseband and why do we want to analyze it? Hint: It\u2019s a critical part of your phone and a first point of entry for attacks.\n\nThis talk will answer your questions and provide a hands-on introduction to our framework.\n\nThis talk will discuss cellular basebands and FirmWire, our open-source platform for baseband firmware. The platform allows researchers to emulate, dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time.\n\nFirmWire\u2019s integrated ModKit creates and injects custom tasks into the emulated baseband.\nWe leverage the ModKit for full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls.\nWith this setup, we uncovered several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsung\u2019s Shannon and MediaTek\u2019s MTK baseband implementations, affecting billions of devices.\n\nFirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum.\nabout this event: https://pretalx.c3voc.de/camp2023/talk/TQXEN7/