CanSecWest 2022

This talk will provide an introduction to FirmWire, our open-source emulation platform for cellular baseband images. The platform allows researchers to dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time.

FirmWire’s integrated ModKit builds upon these powerful capabilities to create and inject custom tasks inside the emulated baseband. We leverage this ModKit to enable full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls. With this setup, we uncovered one pre-authentication vulnerability in MediaTek's MTK and several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsung’s Shannon baseband implementation, affecting millions of devices.

FirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum. We will release it to the public in 2022.