• XSS.stack #1 – первый литературный журнал от юзеров форума

Мануал/Книга [BlackHat USA 2024] Cracking the 5G Fortress: Peering Into 5G's Vulnerability Abyss

Отслеживать
weaver

weaver

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3
Забанен
Регистрация
19.12.2018
Сообщения
3 301
Решения
11
Реакции
4 622
Депозит
0.0001
Пожалуйста, обратите внимание, что пользователь заблокирован
Description
The advent of 5G technology promises to revolutionize the mobile communication landscape, offering faster speeds and more secure connections. However, this technological leap also introduces many security challenges, particularly within the 5G baseband in mobile phones. Our research introduces 5GBaseChecker, the first ever dynamic security testing framework designed to uncover logical vulnerabilities, e.g., authentication bypass in the protocol implementations of 5G basebands. With the design of new automata learning and differential testing techniques, 5GBaseChecker not only identifies 0-day vulnerabilities but also facilitates the systematic root cause analysis of the security flaws in commercial 5G basebands. Using 5GBaseChecker, we tested 17 commercial 5G basebands and 2 open-source 5G baseband (UE) implementations, uncovering 13 unique 0-day vulnerabilities and a total of 65 vulnerability instances across all tested implementations.

Among our findings, the most critical vulnerability is the "5G AKA Bypass" discovered in one of the widely used 5G basebands. This vulnerability allows attackers to intercept and eavesdrop on victims' Internet data and inject phishing SMS messages. The implications of this attack are profound; it affects users globally who utilize 5G devices with that particular baseband. This flaw violates the underlying security guarantees of 5G technology, leaving users' security and privacy completely compromised.

In summary, in this talk we will introduce a new security analysis tool 5GBaseChecker. We will showcase the application of this framework in identifying critical security vulnerabilities, including a detailed explanation and real-world exploitation video demo of the 5G AKA Bypass flaw in the commercial basebands.
blackhat.com/us-24/briefings/schedule/index.html#cracking-the-g-fortress-peering-into-gs-vulnerability-abyss-40620

slides

5GBaseChecker- security analysis framework for the control plane protocols of 5G baseband.
https://github.com/SyNSec-den/5GBaseChecker
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх