CanSecWest 2024

Presentations

From March 20 to 22

Daniel Komaromy Robert Yuen Daniel Komaromy Robert Yuen

There will be Bugs: Exploiting Basebands in Radio Layer Two

Baseband exploitation in public originally focused on message decoding bugs in layer 3 (NAS and RRC) and more recently in layer 4 (traffic over IP). In this presentation we uncover a new area of exploration for remote baseband exploitation in layer 2. In the past, this part of cellular specifications has been overlooked due to its function and packet size limitations. However, a deeper dive uncovers possibilities that show up in both old and new standards. Importantly, this is a layer that is below the ciphering applied to cellular communications, providing an attack surface reachable not only with fake base stations but with direct MITM-ing of legitimate cell tower communications too. The presentation will describe the chain of vulnerabilities we have found and explain how to exploit them for remote code execution in the baseband of flagship Samsung smartphones.

Read More