YoVDO

Cellular Exploitation on a Global Scale - The Rise and Fall of the Control Protocol

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Ethical Hacking Courses Reverse Engineering Courses

Course Description

Overview

Explore the hidden world of cellular device control and exploitation in this eye-opening Black Hat conference talk. Delve into the reverse engineering of embedded baseband and application space code, uncovering the pervasive level of control service providers have over billions of devices worldwide. Learn about the potential for cellular exploitation on a global scale, including Over-the-Air code execution on major cellular platforms and networks. Gain detailed insights into hidden control mechanisms, their implementation flaws, and proof-of-concept exploits demonstrating the risks to end users. Discover tools for assessing and protecting against threats posed by this hidden attack surface, including methods for testing proprietary system applications and simulating cellular environments. From the history of cellular standards to the intricacies of OMA-DM protocols, carrier customizations, and vulnerability examples, this comprehensive presentation equips you with knowledge to understand and address the security implications of these widespread control systems.

Syllabus

Intro
Researcher Backgrounds
History and Prior Standards
The Current Standard
OMA-DM: Managed Objects
Devices with OMA-DM
Embedded Client Locations
The Reference Toolkit
RedBend Software
Network Architecture Diagram
OMA-DM "Standard" Security
Initial OTA Payload Types
DM Bootstrap Payload Example • Used for initial Device Provisioning
OMA-DM Tree Serialization
Client Side Parsing
Cellular Testing Hardware
Identifying Control Clients - Phones
Identifying Control Clients - Embedded Devices
Simulating Cellular Environments
Over Global Carrier Networks
Rogue Base Station Attacks
Vulnerabilities in Authentication
Transport Security and Encryption Flaws
MInside Out BaseBand Attacks
Carrier Customizations
Code Execution Without Memory Corruption
Vulnerability Example: Reading Memory
Notable Weaknesses in Exploit Mitigations
OTA Exploit Delivery
Bypassing ASLR with OTA Feng Shui
Killing the Canary
Dynamically Building ROP Chains
OTA Code Execution Status


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube