MobiDeke Fuzzing the GSM Protocol Stack

More documents

Recommendations

Info

$\H1B%-12345X@PJL JOB “HackingPrinters”$

IntroductionFuzzing over-the-airThe MobiDeke FrameworkConclusionTo reach our goal• Baseband code is proprietaryHow to find bugs?• Reverse-engineering: Hard because the code is very complex• Fuzzing: The easier way, but need some knowledge and a radio device likethe USRP (we’ve won one at hack.lu;) or a nanoBTS, UmTRX, Phi card...For more information: Harald Welte’s presentation at SSTIC 2010 gives also agood overview of the GSM industry and securityMobiDeke: Fuzzing the GSM Protocol Stack 8/38
IntroductionFuzzing over-the-airThe MobiDeke FrameworkConclusionFuzzing4 very important points• Choose your target• Targeting the baseband GSM stack (2G), not 3G, HSDPA, LTE...• SMS are usually not parsed by the baseband (passed as raw PDUs to the APP)• Smartphones: HTC Desire S, Desire Z, iPhone 4S...• Inject malformed data• Monitor target activity• Classify bugs, behavioursMobiDeke: Fuzzing the GSM Protocol Stack 9/38
Page 1: MobiDeke: Fuzzing the GSM Protocol
Page 10 and 11: IntroductionFuzzing over-the-airThe
Page 18 and 19: Let’s fuzz it!IntroductionFuzzing
Page 37 and 38: SummaryIntroductionFuzzing over-the
Page 41: IntroductionFuzzing over-the-airThe

MobiDeke Fuzzing the GSM Protocol Stack

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?