CanSecWest 2022 has ended
Back To Schedule
Thursday, May 19 • 14:15 - 15:15
FirmWire: Taking Baseband Security Analysis to the Next Level

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk will provide an introduction to FirmWire, our open-source emulation platform for cellular baseband images. The platform allows researchers to dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time.

FirmWire’s integrated ModKit builds upon these powerful capabilities to create and inject custom tasks inside the emulated baseband. We leverage this ModKit to enable full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls. With this setup, we uncovered one pre-authentication vulnerability in MediaTek's MTK and several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsung’s Shannon baseband implementation, affecting millions of devices.

FirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum. We will release it to the public in 2022.

avatar for Dominik Maier

Dominik Maier

Software Engineer, Google
Dominik is part of the Open Source AFLplusplus project, which maintains the AFL++ and LibAFL fuzzing frameworks.During his PhD at TU Berlin he worked on fuzzing weird targets, including cellular basebands. He recently joined Google.In his spare-time he likes to travel.

Marius Muench

Researcher, Vrije Universiteit Amsterdam
Marius is a postdoctoral researcher at Vrije Universiteit Amsterdam. Hisresearch interests cover (in-)security of embedded systems, as well asbinary and microarchitectural exploitation. He obtained his PhD fromSorbonne University in cooperation with EURECOM. He developed andmaintains... Read More →
avatar for Grant Hernandez

Grant Hernandez

Security Researcher
Grant is a mobile vulnerability researcher. He previously worked on Qualcomm's QPSI OTA team with a modem security focus. He completed his PhD on embedded firmware analysis in 2020 from the University of Florida where he explored symbolic execution of USB firmware, exposed how AT... Read More →

Thursday May 19, 2022 14:15 - 15:15 PDT
Main CanSecWest Ballroom - Sheraton Wall Center 1000 Burrard St, Vancouver, BC V6Z 2R9