通过依赖感知模糊测试揭示 5G 基带的“棘手”漏洞.pdf

《通过依赖感知模糊测试揭示 5G 基带的“棘手”漏洞.pdf》由会员分享，可在线阅读，更多相关《通过依赖感知模糊测试揭示 5G 基带的“棘手”漏洞.pdf（101页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsUncovering NASty 5G Baseband Vulnerabilities through Dependency-Aware FuzzingAli Ranjbar&Tianchang YangKai Tu,Saaman Khalilollahi,Kanika Gupta,Syed Rafiul Hussain#BHUSA BlackHatEventsIntroductionAli Ranjbar Research Assistant,The Pennsylvania State University Embedded systems,ce

2、llular security,reverse engineering,and fuzzing.aranjbar.me#BHUSA BlackHatEventsIntroductionTianchang Yang Research Assistant,The Pennsylvania State University Mobile network security,resiliency,and robustness:5G,Open RAN,baseband(fuzzing,program analysis,ML)tianchang-yang.github.io#BHUSA BlackHatEv

3、ents#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)#BHUSA BlackHatEventsSmartphone(UE)Cellular Network 101Cell tower(Base station)#BHUSA BlackHatEventsSmartphone(UE)Cell tower(Base station)Core networkCellular Network 101#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)Cell tower(Base

4、station)Core network#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)Cell tower(Base station)Core networkData networkRRCNASSMS/Voice/IP#BHUSA BlackHatEventsNon-Access Spectrum(NAS)Smartphone(UE)Core networkNAS is mostly post-authenticationNAS messages are encrypted and integrity protected unde

5、rtestedStill results in issues not requiring operator keys to exploitNAS#BHUSA BlackHatEventsBaseband OverviewAAAAAAAAAABuffer overflowhttps:/ Memory unsafe language Lack exploit protection#BHUSA BlackHatEventsBaseband Overviewhttps:/ overflow Memory unsafe language Lack exploit protectionBasebandBa

6、seband#BHUSA BlackHatEventsBaseband Overviewhttps:/ overflow Memory unsafe language Lack exploit protection#BHUSA BlackHatEventsBasebandhttps:/ overflow Memory unsafe language Lack exploit protectionBaseband Overview#BHUSA BlackHatEventsBaseband exploits in-the-wild#BHUSA BlackHatEvents2020:BaseSAFE