Threat Category: Baseband Subsystem
Threat Description: A vulnerable baseband subsystem on a device can leave the device exposed to remote code execution attacks, allowing the adversary to execute code with the same level of permissions as the baseband software.
Not Applicable, See Exploit or CVE Examples
Samsung S6 calls open to man-in-the-middle base station snooping 1
Software flaw puts mobile phones and networks at risk of complete takeover 2
Implementation of a baseband firewall.
D. Pauli, “Samsung S6 calls open to man-in-the-middle base station snooping,” The Register, 12 Nov. 2015; www.theregister.co.uk/2015/11/12/mobile_pwn2own1/ ↩
D. Goodin, “Software flaw puts mobile phones and networks at risk of complete takeover,” Ars Technica, 19 July 2016; http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ ↩