* SVE-2021-23582 (CVE-2022-23425): LTE NAS Authentication Bypass Eunsoo Kim, CheolJun Park of KAIST Severity: Critical Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.

The first #srsRAN release of 2022 is coming next week! 22.04 will bring 5G SA support to srsENB and srsUE. Keep an eye on our social media and mailing list for further updates!

Starting a discord server for Wireless Security (cellular, wifi, bluetooth, SDRs, ...) discord.gg/sjps6W6gGa

* LTESniffer: An Open-source LTE Downlink/Uplink Eavesdropper * We open-source LTESniffer, accepted at ACM WiSec '23. LTESniffer supports: Real-time decoding of + Downlink traffic from the base station. + Uplink traffic from nearby users. github.com/SysSec-KAIST/L…

5G user-side security testing framework explained by Evangelos Bitsikas

4 baseband CVEs @ KAIST SysSec Jan24 '24: CVE-2023-32890 MediaTek CheolJun Park Marc Dec23 '23: CVE-2023-37366 Samsung Exynos CheolJun Park Marc Jun23 '22: CVE-2022-40521 Qualcomm Snapdragon CheolJun Park Jun23 '22: CVE-2022-40536 Qualcomm Snapdragon CheolJun Park 🧵

CVE-2023-32890 Modem crash due to incorrect handling of malformed RRC message Security Rating: Medium Affected chipsets: Mediatek CheolJun Park of KAIST SysSec Lab, Marc Egli (Marc) of EPFL & KAIST SysSec Lab corp.mediatek.com/product-securi… nvd.nist.gov/vuln/detail/CV…

CVE-2023-37366 Modem crash due to incorrect handling of malformed NAS message Security Rating: High Affected chipsets: Tensor (Pixel), Exynos basebands CheolJun Park of KAIST SysSec Lab, Marc Egli (Marc) of EPFL & KAIST SysSec Lab source.android.com/docs/security/…

CVE-2022-40521 Transient DOS due to improper authorization in Modem Security Rating: High Affected chipsets: Qualcomm basebands CheolJun Park @ KAIST SysSec Lab docs.qualcomm.com/product/public… nvd.nist.gov/vuln/detail/CV…

CVE-2022-40536 Transient DOS due to improper authentication in modem Security Rating: High Affected chipsets: Qualcomm basebands CheolJun Park @ KAIST SysSec Lab docs.qualcomm.com/product/public… nvd.nist.gov/vuln/detail/CV…

CheolJun Park (CheolJun Park) and Hoang Dinh Tuan (Tuan Hoang Dinh) at KAIST SysSec lab will give the following presentation at Qualcomm Product Security Summit 2024. "Finding memory bugs in the cellular baseband via over-the-air interface" qcbizdev.my.salesforce-sites.com/QCTConference/…

CellGuard goes public! 📶 Check if your iPhone was close to potentially malicious cellular base stations, even on non-jailbroken devices.