If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
This talk will discuss cellular basebands and FirmWire, our open-source platform for baseband firmware. The platform allows researchers to emulate, dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time.
FirmWire’s integrated ModKit creates and injects custom tasks into the emulated baseband.
We leverage the ModKit for full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls.
With this setup, we uncovered several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsung’s Shannon and MediaTek’s MTK baseband implementations, affecting billions of devices.
FirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum.