[HGI-News-de] Vortrag: "All Your Base­band Are Be­long To Us" - Ralf-Phil­ipp Wein­mann, University of Luxembourg - Donnerstag, 9. Dezember 2010

Newsletter des Horst Görtz Instituts hgi-news-deutschland at lists.ruhr-uni-bochum.de
Di Dez 7 23:58:04 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sehr geehrte Damen und Herren,

im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Netz-
und Datensicherheit (NDS), wird Ralf-Phil­ipp Wein­mann, University of
Luxembourg, am kommenden Donnerstag den 9. Dezember 2010 über
"All Your Base­band Are Be­long To Us" referieren.

Der Vortrag beginnt um 11:15 Uhr im ID 03/445.

Abstract:
The pri­ma­ry at­tack vec­tors against smart­pho­nes have
con­cen­tra­ted on get­ting code run­ning on the ap­p­li­ca­ti­on
pro­ces­sor. The ope­ra­ting sys­tems run­ning on these pro­ces­sors are
get­ting har­de­ned; in some cases ex­ploi­ta­ti­on of mo­bi­le de­vices
can be more dif­fi­cult than of wi­des­pread de­sk­top ope­ra­ting
sys­tems. In con­trast, the se­cu­ri­ty of the GSM/3GPP stack run­ning
on the base­band pro­ces­sor has been se­ver­ely ne­glec­ted. The
ad­vent of open-sour­ce so­lu­ti­ons for run­ning GSM base sta­ti­ons
enables ano­ther, un­der­va­lu­ed at­tack vec­tor: Ma­li­cious base
sta­ti­ons are not con­s­i­de­red in the at­tack model as­su­med by the
GSMA and the ETSI; si­mi­lar­ly ven­dors of base­band stacks seem to not
have taken ma­li­cious input from the net­work side into ac­count. We
in­ves­ti­ga­te this at­tack sur­face and de­mons­tra­te the
via­bi­li­ty of me­mo­ry cor­rup­ti­ons against two wi­des­pread stacks
used by base­band pro­ces­sors of po­pu­lar smart­pho­nes sup­porting GSM.


Beste Grüße


Dominik Birk


- -- 
| Dominik Birk               Wissenschaftlicher Mitarbeiter	    |
| Ruhr-Universität Bochum    Horst Görtz Institut für IT-Sicherheit |
| Tel.: 0234-32-26740        Gebäude IC 4/052		            |
| Mail: dominik.birk at rub.de  44780 Bochum            		    |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkz+u/wACgkQSMABFNCY+g7MxgCfczJfj8toJyJx5wUUmWlvylBG
FKkAnjOTZg78vivaMiKN03hvm1RnZUEc
=/ovu
-----END PGP SIGNATURE-----

Mehr Informationen über die Mailingliste Hgi-News-Deutschland