Talks about baseband vulnerabilities are certainly in fashion these days, mostly inspired by the trailblazing work of the likes of RPW, Nico Golde, Amat Cama, Marco Grassi, and Xingyu ‘Kira’ Chen (not to mention yours truly - a little self promotion never killed nobody).
With the novelty of baseband-only vulns wearing off, is it time to take it up a notch? This talk will go after the goal of full chain exploitation and show baseband rce and baseband-to-android pivot vulnerabilities that could have been exploited by malicious actors to go from "zero click" to "zero barriers against stealing user data".
I will talk about our custom-built static and dynamic analysis tools written for the newest iterations of Samsung and Mediatek chipsets, such as the nanoMIPS-based Dimensity, about remotely exploitable vulnerabilities in baseband attack surfaces that were passed over previously and finally about the vulnerabilities we found in Android, the Linux Kernel, and beyond to chain with baseband rce.
Daniel Komaromy has worked in the mobile security field his entire career, going on 15+ years of vulnerability research experience playing both defense and offense. At Qualcomm, he hunted baseband 0-days, authored exploit mitigations, trained developers, and fought the SDLC machine. Later, he worked as a security consultant in the automotive security industry, followed by years of playing offense at Pwn2Own, CTFs around the world, and also for real. He has disclosed scores of critical vulnerabilities in leading mobile vendors’ products and presented his research at industry leading conferences (like Black Hat, REcon, and Ekoparty). Today he is the founder and director of security research at TASZK Security Labs, a vulnerability research oriented security consultancy outfit, and he still follows the motto: there's no crying in baseband!