Thanks for joining my talk Trace the Base: Unraveling the iPhone’s Baseband Architecture to Defend Against Cellular Attacks at the 7th Objective by the Sea conference on December 5th and 6th. A big thanks to the selection committee and the Objective-See Foundation.

Summary

Somehow, your iPhone downgraded its cellular connection from 5G to 2G for a split second, even though you weren’t moving … Wired, was this some kind of bug? … Or did something else happen? We had the same question but found that iOS does not include system-wide protections against cellular attacks, so we developed our own: CellGuard works on all iPhones and analyzes baseband data to detect possible attacks on your phone and privacy.

The iPhone’s baseband is a crucial but little-researched component that enables the phone to communicate with the cellular network. We’ve worked on reverse-engineering the iOS baseband architecture, including its proprietary protocols and hidden interfaces, to gain access to otherwise obfuscated information. Our BaseTrace tooling enables us to decode the communication between iOS and Qualcomm basebands, extract over-the-air DIAG data, and hook into Apple’s Wireless Diagnostics interface.

CellGuard attempts to detect possible threats based on cell parameters and Apple Location Service, a database enabling the fast and battery-preserving positioning of Apple devices. Users can report anomalous activity by opting into a large-scale study and thus, help to further enhance our detection algorithms. We present the preliminary results of this study.

Read more on objectivebythesea.org

Download Slides

I’ll publish a link to talk’s recording once its up.