Samsung baseband modems provide mobile network functionality to a variety of devices. Project Zero reviewed the Samsung 'Shannon' Exynos 5300 modem used by the Google Pixel 7, discovering and reporting several vulnerabilities. While many of these could only be exploited using a local base-station or compromised mobile network, some could be accessed remotely cross-carrier, requiring only a rooted mobile phone to perform the attack. This presentation will explore fully-remote baseband vulnerabilities.
It will start with an overview of the attack surface of the Exynos 5300 modem, and describe the bugs we found, then explain how to test such vulnerabilities on a remote target using a rooted Samsung phone. This talk will then discuss how to exploit such bugs, as well as ways an attacker could make use of a modem compromise
Natalie Silvanovich leads Google Project Zero's North American team. Her current research focus is messaging applications and video conferencing. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.