7 Real-Life Case Study: Samsung Exynos Baseband

In this chapter, we will explore the combination of emulation, fuzzing, and vulnerability exploitation and gather the information from the previous two chapters into one concrete case study on CVE-2020-25279. In this chapter, we will look at a vulnerability that was found in modern Samsung phones such as the Galaxy S10, which could take over the phone modem with a fake GSM call. We will go through the entire process with the help of FirmWire (https://firmwire.github.io/docs/index.html). Moreover, we will explain other methodologies that could help us find the same vulnerability and compare the advantages of emulation.

The following topics will be covered in this chapter:

A crash course on mobile ...

Get Fuzzing Against the Machine now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Fuzzing Against the Machine by Antonio Nappa, Eduardo Blázquez

7

Real-Life Case Study: Samsung Exynos Baseband

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly