Mobile devices have become more complex over the past few years. They feature a number of embedded chips which are tasked with handling things such as Wifi, Bluetooth and cellular communications. These represent attractive targets for security researchers. This training will focus on the cellular chip, also known as the baseband processor. It is generally perceived that a significant amount of knowledge is required to do baseband research and this poses a barrier to entry into this field for some. In this training we will show that baseband exploitation is not particularly different from other more traditional targets. Students will learn the basics of cellular networks and how to identify, analyze and exploit baseband vulnerabilities.
The training will be divided in three parts. The first part will cover the basics of cellular networks from a security standpoint. The second part will cover setting up a cellular network for research purposes. Finally we will cover reverse engineering the targets, identifying and exploiting vulnerabilities.
Students will be required to have some familiarity with reverse engineering and exploiting memory corruption vulnerabilities.
Amat is the founder of Securin Technology, a company offering security consulting and research services, code audits and training. He has previously worked as a Penetration Tester at Virtual Security Research, a Product Security Engineer at Qualcomm and a Senior Security Researcher at Beijing Chaitin Technology Co.. He is a member of the fluoroacetate duo that won Master of Pwn at Pwn2Own Tokyo 2018 and Pwn2Own Vancouver 2019. His main interests are hypervisors, basebands and kernels.