Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its current state. We will discuss the custom, in-house DSP architecture they now run on, and the proprietary RTOS running on it. We will also cover the architecture of the cellular stack, likely places vulnerabilities lie, and exploit mitigations in place. Finally we will cover debugging possibilities, and how to get started analyzing the baseband firmware—how to differentiate between RTOS and cellular functions, how to find C std library functions, and more.
Seamus Burke, Hacker
Seamus Burke is an undergraduate student at UMBC pursing a degree in CS, he has been working in the security field field since he was 16 and has held a variety of positions from SOC analyst to malware analyst, to vulnerability researcher. Currently his research focus is on cellular baseband and kernel rootkits. When he's not staring at IDA, he likes to spend his time wrenching on cars and racing.