We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Over the Air, Under the Radar: Attacking and Securing the Pixel Modem
Attackers can remotely execute code on a Pixel modem without physical access. Researchers discovered 20 critical vulnerabilities and demonstrate fuzzing techniques to find and exploit bugs, emphasizing secure coding practices and patching.
- Over-the-air remote code execution: Attackers can execute code on a victim’s modem without needing physical access.
- 2G modem vulnerabilities: Many vulnerabilities were found in the Pixel modem, including 20 critical ones.
- Fuzzing: A powerful tool for finding bugs, fuzzing involves feeding invalid or unexpected data to a program to observe its behavior.
- Host-based fuzzing: A type of fuzzing that involves running a fuzzer on a host machine, rather than on the target device.
- Emulation-based fuzzing: A type of fuzzing that involves emulating the target device’s behavior on a host machine to increase the efficiency of the fuzzing process.
- Critical vulnerabilities: The researchers found many critical vulnerabilities in the Pixel modem, including ones that could allow an attacker to execute code remotely.
- Exploiting vulnerabilities: The researchers demonstrated how to exploit some of the vulnerabilities they found to gain control of a victim’s modem.
- Disabling 2G: Disabling 2G on a device can help prevent some of these attacks, but it is not a foolproof solution.
- Fuzzing limitations: Fuzzing has its limitations, and the researchers found that it was not effective for finding some types of bugs.
- Patching vulnerabilities: The researchers were able to patch some of the vulnerabilities they found, but others required more complex fixes.
- Secure coding practices: The researchers emphasized the importance of secure coding practices, such as following secure coding guidelines and performing regular code reviews.
- Exploit development: The researchers developed exploits for some of the vulnerabilities they found, which allowed them to demonstrate the impact of the vulnerabilities.