Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks
نویسنده
چکیده
Published attacks against smartphones have concentrated on software running on the application processor. With numerous countermeasures like ASLR, DEP and code signing being deployed by operating system vendors, practical exploitation of memory corruptions on this processor has become a time-consuming endeavor. At the same time, the cellular baseband stack of most smartphones runs on a separate processor and is significantly less hardened, if at all. In this paper we demonstrate the risk of remotely exploitable memory corruptions in cellular baseband stacks. We analyze two widely deployed baseband stacks and give exemplary cases of memory corruptions that can be leveraged to inject and execute arbitrary code on the baseband processor. The vulnerabilities can be triggered over the air interface using a rogue GSM base station, for instance using OpenBTS together with a USRP software defined radio.
منابع مشابه
The Effect of Acute Corticosterone Administration on Retrieval of Remote and Recent Memory in the Rat
Background and Objective: It is well known that stress and glucocorticoid, modulate memory processing, though the result is completely dependent on the time of stress induction. This study investigated the effect of acute corticosterone administration on memory retrieval of recent and remote memory in a 4 trials/day (low- intensity learning) or 8 trials/ day (high- intensity learning) Morris wa...
متن کاملDwarf Frankenstein is still in your memory: tiny code reuse attacks
Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...
متن کاملSecuring group key exchange against strong corruptions and key registration attacks
In group key exchange (GKE) protocols users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate secur...
متن کاملGroup Key Exchange Secure against Strong Corruptions
When a set of users run a group key exchange (GKE) protocol, they usually extract the key from some auxiliary (ephemeral) secret information generated during the execution itself. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets. Undoubtedly, their security impact is serious, and thus specifying appropriate security requirements and designing secure GKE pr...
متن کاملDirect Data Placement Protocol (DDP) / Remote Direct Memory Access Protocol (RDMAP) Security
This document analyzes security issues around implementation and use of the Direct Data Placement Protocol (DDP) and Remote Direct Memory Access Protocol (RDMAP). It first defines an architectural model for an RDMA Network Interface Card (RNIC), which can implement DDP or RDMAP and DDP. The document reviews various attacks against the resources defined in the architectural model and the counter...
متن کامل