While the majority of baseband vendors use lightweight real-time operating systems there's a chipset vendor with substantial market share in China that uses a POSIX compliant operating system. In recent years, Android smartphones using this chipset have also seen increased adotion outside of China; moreover, a German premium car manufacturer allegedly inked a deal to exclusively use chips from this chipset vendor for cellular connectivity. In this talk I will show how to: * find your own over-the-air exploitable bugs in this cellular stack (not just limited to GSM) * gain local access to a shell interface on the baseband chip * use the built-in debugging facilities to help writing exploits * inject a LUA interpreter to get use the compromised baseband as a pivot, either towards the network or towards the application processor. Moreover, I will explain why this platform is ideal for further offensive research on the cellular air interface.Back to Open CFP
this is a cool talk...and the demonstration will be very interesting
Previous talks on the same subject (by various aiuthors) was very light on the details.
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to email@example.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: