I heard a number of interesting mobile-related talks at the 28th Chaos Communications Congress (28c3) this week. Not every talk at the Congress was about newly discovered bugs or zero-day exploits; sometimes we got the building blocks necessary to better understand systems and increase security. I enjoyed key presentations on reverse-engineering USB 3G data sticks and the internals of 2G and 3G mobile data protocols.
Reverse-engineering a Qualcomm baseband
Guillaume Delugré acknowledged researcher Ralph Phillip Weinmann’s work from last year during Delugré’s talk on reverse-engineering a popular 3G USB data stick.
The USB stick runs a proprietary OS named REX. Delugré reverse-engineered a diagnostic mode used by Qualcomm engineers. Although some work has been done on documenting and using the diagnostics interface (the ModemManager project), he developed more detailed specifications.
Cellular protocol stacks for Internet
Harald Welte, a lead developer of the Openmoko project and a Linux kernel developer, gave a good breakdown of various mobile data protocols. Cellular voice communication on GSM has gotten a lot of coverage over the years, but outside of the mobile industry there has been little to no information on how the data protocols function.
The talk covered the layout of a number of the mobile data protocols, including the latest 3G protocols.
Perhaps in the next year we will see more development in the exploitation and security of mobile devices.