University of Luton
Published attacks against Smartphones have concentrated on software running on the application processor. With numerous countermeasures like ASLR, DEP and code signing being deployed by operating system vendors, practical exploitation of memory corruptions on this processor has become a time-consuming endeavor. At the same time, the cellular baseband stack of most Smartphones runs on a separate processor and is significantly less hardened, if at all. In this paper, the authors demonstrate the risk of remotely exploitable memory corruptions in cellular baseband stacks. They analyze two widely deployed baseband stacks and give exemplary cases of memory corruptions that can be leveraged to inject and execute arbitrary code on the baseband processor.