CanSecWest 2021 has ended
Back To Schedule
Tuesday, April 20 • 12:00pm - 1:00pm
Security probe of Qualcomm MSM data services

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G-capable SoCs designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research because hackers want to find a way to attack a mobile device remotely just by sending it a SMS or crafted radio packet. But 3GPP protocols are not the only entry point  into the modem. Android also has an ability to communicate with the modem processor through the Qualcomm MSM Interface (QMI). In our research, we looked at the QMI as a way to attack MSM data services.  
MSM is managed by Qualcomm real-time OS (QuRT) that cannot be debugged or  dumped even on rooted Android devices. We reverse-engineered QuRT and  built a feedback fuzzer for QDSP6 processor architecture to probe MSM data services for bugs.  
We are going to show real-world examples of using the QMI API to query MSM data services, our experience with unpacking and fuzzing MSM code, and a vulnerability we discovered that can be used to control the modem and dynamically patch it from the application processor.

Watch here.

Slava Makkaveev
Slava Makkaveev is a Security Researcher at Check Point. Holds a PhD in Computer Science. Slava has found himself in the security field more than ten years ago and since that gained vast experience in reverse engineering and vulnerability research. His research projects were presented at HITB, Recon, DEF CON 25/26/28.


Slava Makkaveev

Security Researcher, Check Point

Tuesday April 20, 2021 12:00pm - 1:00pm PDT
AirMeet/gather.town secwest.net