Here we exhibit a heap overflow vulnerability of a Samsung Galaxy S7's Shannon baseband processor using modified call setup messages from YateBTS. You can see the S7 fail to answer a call from our other test phone, then you can see the baseband processor crash after we click on any option from the second call prompt.


This video accompanies the talk 'Emulating Samsung's Baseband for Security Testing' presented by Grant Hernandez and Marius Muench at Blackhat 2020. Slides can be found here: [ Ссылка ].


YateBTS is open source software allowing anyone with a PC and a software-defined radio (SDR) to run a personal GSM (2G) base station. We are using a bladeRF x40 and Ubuntu 18.04 LTS to run our base station, along with modified YateBTS source code to implement the attack. If you're interested in setting up your own base station, please take a look at our blog post here: [ Ссылка ]

свернуть