Overview
Explore the intricacies of wireless spectrum sharing and coexistence in this 40-minute Black Hat conference talk. Delve into the challenges faced by Wi-Fi, Bluetooth, and LTE technologies operating on shared frequencies, with a focus on coordinating spectrum access to avoid collisions. Examine the critical role of coexistence in ensuring high-performance spectrum sharing, particularly for nearby sources like multiple chips within a smartphone. Learn about speculative transmission, enhanced coexistence interfaces, and potential vulnerabilities in wireless chips. Discover various attack vectors, including the Grand Reject Scheme and Denial of Service attacks, as well as the implications of WLAN RAM sharing. Gain insights into coexistence features, PCI Express vulnerabilities, and kernel panics in devices like the iPhone 6. Conclude with a summary and Q&A session to deepen your understanding of the complex world of wireless chip separation and security.
Syllabus
Intro
Motivation
Speculative Transmission
Coexistence
Enhanced coexistence interface
First attack
Broadcom
Ucode
D11 CPU
Bluetooth Coexistence
Grand Reject Scheme
Denial of Service Attack
Psychic Time Diagrams
WLAN Ram Sharing
Where is it
Results
Demo
Devices
PCI Express
Kernel Panics
iPhone 6 Kernel Panic
coexistence interfaces
coexistence features
summary
QA
Taught by
Black Hat