Qualcomm Baseband Chip

Reverse Engineering the iPhone Baseband

November, 2018

Introduction

I recently started a research project for examining and documenting, possibly exploiting the baseband used in older iOS devices.
I believe the baseband is poorly documented as of current and because of that it is an interesting subject.
My goal is to give a good insight in the operation and features of the baseband to guide security analysis.
The baseband runs in it's own restricted and seperated environment but does have some breadcrumbs back to iOS as I call them, references and communication that makes iOS able to communicate with the baseband and the baseband able to communicate back.
The documentation will be available on TheiPhoneWiki, a place where information about all things related to Apple's iOS devices is documented.

Hypothese

I think that the baseband has many vulnerabilities as it is proprietary and closed source.
This means that only a select group of people review its logic and security and therefore chances are that security issues exist
The baseband used in older iOS devices seems to be very outdated but still much liked and used in devices and therefore I am curious to see if it has modern mitigations against for example Spectre.
I assume that the baseband has address space layout randomization but research still has to point that out.

Results

The results of this research are available and actively updated in the project page available on this site Here
Once the project has been finished it will be announced here.

Conclusion

...


< back to posts