Скачать или смотреть LORIS: Stateful Analysis and Fuzzing of Commercial Baseband Firmware

Researchers have developed LORIS, a stateful fuzzing framework designed to identify security vulnerabilities in commercial baseband firmware for 4G and 5G networks. This proprietary software is notoriously difficult to test due to its closed-source nature and the complex interdependencies between protocol tasks. LORIS overcomes these hurdles by using iterative symbolic analysis to detect state variables and simulate various protocol states without requiring manual reverse engineering. By prioritizing specific program regions and employing grammar-aware input generation, the system efficiently explores deep execution paths while avoiding the common "state explosion" problem. Evaluation of devices from Samsung and Google revealed eight previously unknown vulnerabilities, including several that allow for remote code execution and denial-of-service attacks. Ultimately, this research provides the first successful emulation and analysis of commercial 5G basebands, significantly advancing mobile security testing.

https://syed-rafiul-hussain.github.io/wp-c...