Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Cellular Exploitation on a Global Scale - The Rise and Fall of the Control Protocol

Black Hat via YouTube

Overview

Explore the hidden world of cellular device control and exploitation in this eye-opening Black Hat conference talk. Delve into the reverse engineering of embedded baseband and application space code, uncovering the pervasive level of control service providers have over billions of devices worldwide. Learn about the potential for cellular exploitation on a global scale, including Over-the-Air code execution on major cellular platforms and networks. Gain detailed insights into hidden control mechanisms, their implementation flaws, and proof-of-concept exploits demonstrating the risks to end users. Discover tools for assessing and protecting against threats posed by this hidden attack surface, including methods for testing proprietary system applications and simulating cellular environments. From the history of cellular standards to the intricacies of OMA-DM protocols, carrier customizations, and vulnerability examples, this comprehensive presentation equips you with knowledge to understand and address the security implications of these widespread control systems.

Syllabus

Intro
Researcher Backgrounds
History and Prior Standards
The Current Standard
OMA-DM: Managed Objects
Devices with OMA-DM
Embedded Client Locations
The Reference Toolkit
RedBend Software
Network Architecture Diagram
OMA-DM "Standard" Security
Initial OTA Payload Types
DM Bootstrap Payload Example • Used for initial Device Provisioning
OMA-DM Tree Serialization
Client Side Parsing
Cellular Testing Hardware
Identifying Control Clients - Phones
Identifying Control Clients - Embedded Devices
Simulating Cellular Environments
Over Global Carrier Networks
Rogue Base Station Attacks
Vulnerabilities in Authentication
Transport Security and Encryption Flaws
MInside Out BaseBand Attacks
Carrier Customizations
Code Execution Without Memory Corruption
Vulnerability Example: Reading Memory
Notable Weaknesses in Exploit Mitigations
OTA Exploit Delivery
Bypassing ASLR with OTA Feng Shui
Killing the Canary
Dynamically Building ROP Chains
OTA Code Execution Status

Taught by

Black Hat

Reviews

Start your review of Cellular Exploitation on a Global Scale - The Rise and Fall of the Control Protocol

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.