Scaling Up Baseband Attacks - More Unexpected Attack Surface

Explore the unexpected attack vectors in baseband processors of mobile phones in this Black Hat USA 2012 conference talk. Delve into the world of baseband attacks, moving beyond the assumption of physical proximity requirements. Discover how vulnerabilities in certain baseband stack components can be exploited remotely over IP connections, potentially affecting a large number of smartphones simultaneously. Learn about NAVSTAR GPS, GPS aiding, and SUPL (Secure User Plane Location) protocols, and their role in creating new attack surfaces. Examine the implementation of A-GPS on Android devices and the potential for abuse. Gain insights into Qualcomm's gpsOne technology and the baseband bugs found. Understand the implications of TCP/IP in the baseband and receive book recommendations for further study on this critical aspect of mobile security.

Intro
whoami
Overview
Baseband attacks
NAVSTAR GPS
More data transmitted
GPS basics
Standalone GPS
Challenges
GPS aiding
AGPS modes
Location requests
Advantages of SUPL
SUPL transports
SUPL V2
Privacy
Example SUPL flow
Implementations
SUPL servers
A-GPS on Android
Abusing SUPL
Android attack scenario
Locking it down tight
Smartphone anatomy
Qualcomm's gpsOne
Baseband bugs found
SUPL on the AP
Good news for defenders
General observations
TCP/IP in the baseband?
Book recommendations