当前位置:首页 > 报告详情

通过依赖感知模糊测试揭示 5G 基带的“棘手”漏洞.pdf

上传人: 竿*** 编号:981948 2025-11-29 101页 16.83MB

1、#BHUSA BlackHatEventsUncovering NASty 5G Baseband Vulnerabilities through Dependency-Aware FuzzingAli Ranjbar&Tianchang YangKai Tu,Saaman Khalilollahi,Kanika Gupta,Syed Rafiul Hussain#BHUSA BlackHatEventsIntroductionAli Ranjbar Research Assistant,The Pennsylvania State University Embedded systems,ce

2、llular security,reverse engineering,and fuzzing.aranjbar.me#BHUSA BlackHatEventsIntroductionTianchang Yang Research Assistant,The Pennsylvania State University Mobile network security,resiliency,and robustness:5G,Open RAN,baseband(fuzzing,program analysis,ML)tianchang-yang.github.io#BHUSA BlackHatEv

3、ents#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)#BHUSA BlackHatEventsSmartphone(UE)Cellular Network 101Cell tower(Base station)#BHUSA BlackHatEventsSmartphone(UE)Cell tower(Base station)Core networkCellular Network 101#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)Cell tower(Base

4、station)Core network#BHUSA BlackHatEventsCellular Network 101Smartphone(UE)Cell tower(Base station)Core networkData networkRRCNASSMS/Voice/IP#BHUSA BlackHatEventsNon-Access Spectrum(NAS)Smartphone(UE)Core networkNAS is mostly post-authenticationNAS messages are encrypted and integrity protected unde

5、rtestedStill results in issues not requiring operator keys to exploitNAS#BHUSA BlackHatEventsBaseband OverviewAAAAAAAAAABuffer overflowhttps:/ Memory unsafe language Lack exploit protection#BHUSA BlackHatEventsBaseband Overviewhttps:/ overflow Memory unsafe language Lack exploit protectionBasebandBa

6、seband#BHUSA BlackHatEventsBaseband Overviewhttps:/ overflow Memory unsafe language Lack exploit protection#BHUSA BlackHatEventsBasebandhttps:/ overflow Memory unsafe language Lack exploit protectionBaseband Overview#BHUSA BlackHatEventsBaseband exploits in-the-wild#BHUSA BlackHatEvents2020:BaseSAFE

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据文章内容,以下是全文关键点的概括: 1. **研究背景**:5G基带固件存在安全漏洞,特别是非接入层(NAS)任务。 2. **研究方法**:使用Loris框架进行依赖感知模糊测试,发现7个0日漏洞。 3. **核心发现**: - 发现7个崩溃,包括1个关键、2个高、3个中、1个低风险漏洞。 - 发现5个CVE编号:CVE-2024-52923, CVE-2024-52924, CVE-2025-26784, CVE-2025-26785, CVE-2025-27891。 4. **技术细节**: - 使用迭代符号分析和基于检查点的路径剪枝技术。 - 支持Samsung Galaxy S21、S20、S10、A41和Google Pixel 6。 5. **影响**:包括栈溢出、堆溢出,可能转化为远程代码执行(RCE)。
"5G基带漏洞如何被发现?" "Loris如何自动化分析基带?" "基带安全研究的新进展?"
客服
商务合作
小程序
服务号
折叠