In the ~15 years since the launch of the Osmocom and OpenBTS projects (2008), "Fuzzing the Phone in your Phone" (2009), and "All Your Basebands Are Belong To Us" (2010), baseband hacking has gone from a research novelty to an IRL threat. But also during this time, the gap between the challenges addressed by public research demonstrations and operational use has started growing.
In this course, students will learn through hands-on exercises how to setup and operate multiple generations of cellular networks using open source components and software-defined radios, how to modify their code for generating customized traffic via programming interfaces and use them for mobile attacks, and how to approach the static and dynamic baseband firmware analysis and reverse engineering of the target devices.
The training will cover the basics of cellular networks and baseband operating systems from a security standpoint and then focus on approaches, techniques, and tools for finding and exploiting baseband vulnerabilities. We will place an emphasis on real-life usage scenarios and the challenges associated with developing, maintaining, and executing full baseband exploit chains.
Daniel Komaromy (@kutyacica) has worked in the mobile security field his entire career, going on 15+ years of vulnerability research experience playing both defense and offense. He has won Pwn2Own, presented his research at industry leading conferences (like Black Hat, REcon, and Ekoparty), and disclosed scores of critical vulnerabilities in leading mobile vendors’ products. Daniel is the founder of TASZK Security Labs, a vulnerability research oriented security consultancy outfit, and he still follows the motto: there's no crying in baseband!
Laszlo Szapula (LaTsa) interned at TASZK Security Labs and is the newest full time member of the research team, fresh off graduating from BME. His interests include reverse engineering and exploitation of kernels, chipsets, and cellular networks.