the stream

it's also the year of exploiting the software in the hardware

Alexander Bochmann Sunday 09 of April, 2017
Couple of days ago: Project Zero publishes an exploit for the embedded firmware in Broadcom Wifi chips - using WLAN packets.

Today: News of an attack on Huawei LTE baseband modems.

In his talk, Weinmann gave an overview of several baseband vulnerabilities found in the Kirin application processor, citing them as an examples of a new and vulnerable attack surface worth the security community’s attention.
“This baseband is much easier to exploit than other basebands. Why? I’m not sure if this was intentional, but the vendor actually published the source code for the baseband which is unusual,” Weinmann said. “Also, the malleability of this baseband implantation doesn’t just make it good for device experimenting, but also network testing.”

Weinmann suspects HiSilicon may have inadvertently released the Kirin firmware source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data. Further analysis allowed him to find additional vulnerabilities within the baseband’s POSIX compliant operating system.