Fuzzing the Phone in the iPhone
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the security vulnerabilities of the interface between baseband chips and iOS in this 55-minute conference talk. Dive into the challenges of fuzzing this critical interface, which should protect against escalations from the baseband into operating system components. Discover how the implementation is riddled with bugs, leading to various unexpected effects on iPhones, including loss of identity and location information, and accumulation of thousands of undeletable SMS messages. Learn about baseband chip vulnerabilities, Remote Code Execution (RCE) attacks, and the complexities of escalating from baseband to operating system. Gain insights into fuzzing techniques, challenges, and solutions, as well as the broader implications for iOS security and wireless research opportunities on both jailbroken and non-jailbroken devices.
Syllabus
Intro
Baseband Security Assumptions
SS7 Attacks
Baseband RCE+LPE Strategies?
Generation-based Fuzzing + Crash Feedback
Modifying vs. Injecting Packets
Injection Example: Trace Replay
Frankenstein
DTrace & AFL
Bluetooth Inplace Modification
Apple Remote Invocation Format
F1: Calling for help...
Modifying Existing Packets
ICEPicker X): Local AFL++
External Blind Corpus-based Injection
External radarsa
Memory Sanitization
Identifying Bottlenecks
Statistics
Taught by
media.ccc.de
Related Courses
Stealthily Access Your Android Phones - Bypass the Bluetooth AuthenticationBlack Hat via YouTube For the Love of Money - Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
44CON Information Security Conference via YouTube IoT and the Security of That Mobile App - Mark Loveless
LASCON via YouTube BrokenMesh - New Attack Surfaces of Bluetooth Mesh
Black Hat via YouTube BlueMaster - Bypassing and Fixing Bluetooth-Based Proximity Authentication
Black Hat via YouTube