poster

Public Access

Basebads: Automated security analysis of baseband firmware: poster

Authors:

Grant Hernandez,

Kevin R. B. ButlerAuthors Info & Claims

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

Pages 318 - 319

https://doi.org/10.1145/3317549.3326310

Published: 15 May 2019 Publication History

PDF eReader

Abstract

Mobile devices are more connected than ever before through the use of multiple wireless protocols, including the 2G, 3G, and 4G cellular standards. To manage and interact with cellular networks, phones use dedicated and highly proprietary baseband processors running custom, closed-source firmware. Despite the increasing complexity of modern cellular standards, there is no reference implementation, leading individual baseband manufacturers to create their own in-house versions. The proprietary nature of baseband firmware combined with the complexity of standards has created a barrier for researchers to comprehensively audit the security of these implementations. To address this, we present SpikerXG, an extensible, baseband testing platform that employs firmware instrumentation to intelligently target protocol messages.

References

[1]

Kaiming Fang and Guanhua Yan. 2018. Emulation-Instrumented Fuzz Testing of 4G/LTE Android Mobile Devices Guided by Reinforcement Learning. In Computer Security (European Symposium on Research in Computer Security), Javier Lopez, Jianying Zhou, and Miguel Soriano (Eds.). Springer International Publishing, 20--40.

Crossref

Google Scholar

[2]

Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. 2018. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. In Symposium on Network and Distributed Systems Security (NDSS). 18--21.

Crossref

Google Scholar

[3]

W. Johansson, M. Svensson, U. E. Larson, M. Almgren, and V. Gulisano. 2014. T-Fuzz: Model-Based Fuzzing for Robustness Testing of Telecommunication Protocols. In Verification and Validation 2014 IEEE Seventh International Conference on Software Testing. 323--332.

Digital Library

Google Scholar

[4]

Hongil Kim, Jiho Lee, Lee Eunkyu, and Yongdae Kim. 2019. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. In Proceedings of the IEEE Symposium on Security & Privacy (SP). IEEE.

Crossref

Google Scholar

[5]

Marius Muench, Jan Stijohann, Frank Kargl, Aurélien Francillon, and Davide Balzarotti. 2018. What you corrupt is not what you crash: Challenges in fuzzing embedded devices. In NDSS 2018, Network and Distributed Systems Security Symposium, 18--21 February 2018, San Diego, CA, USA. San Diego, UNITED STATES. http://www.eurecom.fr/publication/5417

Crossref

Google Scholar

[6]

Collin Mulliner, Nico Golde, and Jean-Pierre Seifert. 2011. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale. In Proceedings of the 20th USENIX Conference on Security (SEC'11). USENIX Association, Berkeley, CA, USA, 24--24. http://dl.acm.org/citation.cfm?id=2028067.2028091

Digital Library

Google Scholar

[7]

Collin Mulliner and Charlie Miller. 2009. Fuzzing the Phone in your Phone. In Black Hat USA, Vol. 25. 31.

Google Scholar

[8]

Nico Golde. 2018. There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems. (April 2018). https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/ Comsecuris Blog.

Google Scholar

[9]

David Rupprecht, Kai Jansen, and Christina Pöpper. 2016. Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness. In Proceedings of the 10th USENIX Conference on Offensive Technologies (WOOT'16). USENIX Association, Berkeley, CA, USA, 40--51. http://dl.acm.org/citation.cfm?id=3027019.3027023

Digital Library

Google Scholar

[10]

Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta. 2009. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). ACM, New York, NY, USA, 223--234.

Digital Library

Google Scholar

[11]

Fabian van den Broek, Brinio Hond, and Arturo Cedillo Torres. 2014. Security Testing of GSM Implementations. In Engineering Secure Software and Systems (Lecture Notes in Computer Science), Jan Jürjens, Frank Piessens, and Nataliia Bielova (Eds.). Springer International Publishing, 179--195.

Digital Library

Google Scholar

[12]

Ralf-Philipp Weinmann. 2012. Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. In WOOT. 12--21.

Digital Library

Google Scholar

Cited By

View all

Ilapakurthy S(2023)Bolstering the Mobile Cloud: Addressing Emerging Threats and Strengthening Multi-Layered Defenses for Robust Mobile Security2023 10th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)10.1109/IOTSMS59855.2023.10325824(1-7)Online publication date: 23-Oct-2023
https://doi.org/10.1109/IOTSMS59855.2023.10325824
Hussain SKarim IIshtiaq AChowdhury OBertino EKim YKim JVigna GShi E(2021)Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular DevicesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3485388(1082-1099)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3485388
Ruge JClassen JGringoli FHollick MCapkun SRoesner F(2020)FrankensteinProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489214(19-36)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489214
Show More Cited By

Index Terms

Basebads: Automated security analysis of baseband firmware: poster

Recommendations

Automated firmware testing using firmware-hardware interaction patterns
CODES '14: Proceedings of the 2014 International Conference on Hardware/Software Codesign and System Synthesis

Firmware is low-level software which can directly access hardware and is often shipped with the hardware platform. This component of the system is increasing in scale and importance, and thus firmware validation is a critical part of system validation. ...
UEFI firmware fuzzing with simics virtual platform
DAC '20: Proceedings of the 57th ACM/EDAC/IEEE Design Automation Conference

This paper presents a fuzzing framework for Unified Extensible Firmware Interface (UEFI) BIOS with the Simics virtual platform. Firmware has increasingly become an attack target as operating systems are getting more and more secure. Due to its special ...
Understanding the Security of Linux eBPF Subsystem
APSys '23: Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems

Linux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. ...

Comments

Information & Contributors

Information

Published In

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

May 2019

359 pages

ISBN:9781450367264

DOI:10.1145/3317549

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2019

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Conference

WiSec '19

Sponsor:

SIGSAC

WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 15 - 17, 2019

Florida, Miami

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
685
Total Downloads

Downloads (Last 12 months)118
Downloads (Last 6 weeks)11

Reflects downloads up to 14 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ilapakurthy S(2023)Bolstering the Mobile Cloud: Addressing Emerging Threats and Strengthening Multi-Layered Defenses for Robust Mobile Security2023 10th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)10.1109/IOTSMS59855.2023.10325824(1-7)Online publication date: 23-Oct-2023
https://doi.org/10.1109/IOTSMS59855.2023.10325824
Hussain SKarim IIshtiaq AChowdhury OBertino EKim YKim JVigna GShi E(2021)Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular DevicesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3485388(1082-1099)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3485388
Ruge JClassen JGringoli FHollick MCapkun SRoesner F(2020)FrankensteinProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489214(19-36)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489214
Maier DSeidel LPark SMayrhofer RRoland M(2020)BaseSAFEProceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3395351.3399360(122-132)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3395351.3399360

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Automated firmware testing using firmware-hardware interaction patterns

UEFI firmware fuzzing with simics virtual platform

Understanding the Security of Linux eBPF Subsystem

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

References

Cited By

Index Terms

Recommendations

Automated firmware testing using firmware-hardware interaction patterns

UEFI firmware fuzzing with simics virtual platform

Understanding the Security of Linux eBPF Subsystem

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations