Overview
Syllabus
Intro
How this Research Began
The Current Standard
OMA-DM: Managed Objects
Devices with OMA-DM
Embedded Client Locations
The Reference Toolkit
RedBend Software
"RedBend Enabled" Devices
Network Architecture Diagram
OMA-DM "Standard" Security
Initial OTA Payload Types
NIA Payload Example
DM Bootstrap Payload Example • Used for initial Device Provisioning
OMA-DM Tree Serialization
Client Side Parsing
Cellular Testing Hardware
Identifying Control Clients - Phones
Identifying Control Clients - Embedded Devices
Simulating Cellular Environments
Android Tracer
Cellular Network Attacks
Rogue Base Station Attacks
Vulnerabilities in Authentication
Transport Security and Encryption Flaws
Code Execution Without Memory Corruption
Types of Vulnerabilities found
Vulnerability Example: Reading Memory
Bypassing ASLR with OTA Feng Shui
Taught by
Black Hat