YoVDO

Fuzzing the Phone in the iPhone

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Mobile Security Courses Security Vulnerabilities Courses Remote Code Execution Courses Bluetooth Security Courses

Course Description

Overview

Explore the security vulnerabilities of the interface between baseband chips and iOS in this 55-minute conference talk. Dive into the challenges of fuzzing this critical interface, which should protect against escalations from the baseband into operating system components. Discover how the implementation is riddled with bugs, leading to various unexpected effects on iPhones, including loss of identity and location information, and accumulation of thousands of undeletable SMS messages. Learn about baseband chip vulnerabilities, Remote Code Execution (RCE) attacks, and the complexities of escalating from baseband to operating system. Gain insights into fuzzing techniques, challenges, and solutions, as well as the broader implications for iOS security and wireless research opportunities on both jailbroken and non-jailbroken devices.

Syllabus

Intro
Baseband Security Assumptions
SS7 Attacks
Baseband RCE+LPE Strategies?
Generation-based Fuzzing + Crash Feedback
Modifying vs. Injecting Packets
Injection Example: Trace Replay
Frankenstein
DTrace & AFL
Bluetooth Inplace Modification
Apple Remote Invocation Format
F1: Calling for help...
Modifying Existing Packets
ICEPicker X): Local AFL++
External Blind Corpus-based Injection
External radarsa
Memory Sanitization
Identifying Bottlenecks
Statistics


Taught by

media.ccc.de

Related Courses

Stealthily Access Your Android Phones - Bypass the Bluetooth Authentication
Black Hat via YouTube
For the Love of Money - Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
44CON Information Security Conference via YouTube
IoT and the Security of That Mobile App - Mark Loveless
LASCON via YouTube
BrokenMesh - New Attack Surfaces of Bluetooth Mesh
Black Hat via YouTube
BlueMaster - Bypassing and Fixing Bluetooth-Based Proximity Authentication
Black Hat via YouTube