Fuzzing the Phone in the iPhone
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the security vulnerabilities of the interface between baseband chips and iOS in this 55-minute conference talk. Dive into the challenges of fuzzing this critical interface, which should protect against escalations from the baseband into operating system components. Discover how the implementation is riddled with bugs, leading to various unexpected effects on iPhones, including loss of identity and location information, and accumulation of thousands of undeletable SMS messages. Learn about baseband chip vulnerabilities, Remote Code Execution (RCE) attacks, and the complexities of escalating from baseband to operating system. Gain insights into fuzzing techniques, challenges, and solutions, as well as the broader implications for iOS security and wireless research opportunities on both jailbroken and non-jailbroken devices.
Syllabus
Intro
Baseband Security Assumptions
SS7 Attacks
Baseband RCE+LPE Strategies?
Generation-based Fuzzing + Crash Feedback
Modifying vs. Injecting Packets
Injection Example: Trace Replay
Frankenstein
DTrace & AFL
Bluetooth Inplace Modification
Apple Remote Invocation Format
F1: Calling for help...
Modifying Existing Packets
ICEPicker X): Local AFL++
External Blind Corpus-based Injection
External radarsa
Memory Sanitization
Identifying Bottlenecks
Statistics
Taught by
media.ccc.de
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube