Over the Air Baseband Exploit - Gaining Remote Code Execution on 5G Smartphones

Explore the security landscape of 5G networks in this 40-minute Black Hat conference talk. Delve into the evolution of cellular network security, focusing on the vulnerabilities and improvements in 5G technology. Learn about baseband modems, their role in 5G devices, and potential attack vectors. Discover the methodology for identifying targets, analyzing firmware, and conducting vulnerability assessments in 5G environments. Gain insights into the IMS (IP Multimedia Subsystem) as a potential attack vector and understand the process of verifying bugs in emulated environments. Follow along with debugging tips, exploitation challenges, and a visual demonstration of the discussed concepts. Acquire knowledge on setting up a testing environment for hands-on exploration of 5G security issues.

Intro
Talk Agenda
Introduction
Research Preparation and Methodology
Target identification
5G devices operating mode
Firmware
Audit Scope and Vulnerability Hunting
IMS: Attack Vector Background
Verifying the bug in an emulated environment
Debugging Tips
Exploitation Challenge #O
Visual Demonstration
Environment Setup