Threat Category: Baseband Subsystem
ID: STA-18
Threat Description: A vulnerable baseband subsystem on a device can leave the device exposed to remote code execution attacks, allowing the adversary to execute code with the same level of permissions as the baseband software.
Threat Origin
Not Applicable, See Exploit or CVE Examples
Exploit Examples
Samsung S6 calls open to man-in-the-middle base station snooping 1
Software flaw puts mobile phones and networks at risk of complete takeover 2
CVE Examples
Not Applicable
Possible Countermeasures
Implementation of a baseband firewall.
References
D. Pauli, “Samsung S6 calls open to man-in-the-middle base station snooping,” The Register, 12 Nov. 2015; www.theregister.co.uk/2015/11/12/mobile_pwn2own1/ ↩
D. Goodin, “Software flaw puts mobile phones and networks at risk of complete takeover,” Ars Technica, 19 July 2016; http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ ↩