Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has anyone ever shown a phone baseband attack..?


  • Please log in to reply
1 reply to this topic

#1 kingneil

kingneil

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 31 October 2016 - 02:43 PM

Has anyone ever shown a phone baseband attack..?
 
Using a fake cell tower, you would send data which takes over the baseband.. and then we know the baseband can control the main phone system.
 
Does anyone actually have any proof of this in the wild...?
 
Other than spies or Feds, I've never seen someone demonstrate this on the public Internet.
 
Ralf-Philipp Weinmann got Apple to patch a baseband attack and it was assigned a CVE, but this is still not shown publicly.
 
I've never seen anything like a Metasploit for baseband attacks.. where you just download the program and test it out on a phone.
 
You get loads of Metasploit web browser exploits, but I've never seen such a thing for baseband attacks.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 01 November 2016 - 03:59 AM

Ralf demoed this at the Hack.lu conference in 2010.

http://archive.hack.lu/2010/Weinmann-All-Your-Baseband-Are-Belong-To-Us-slides.pdf


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users