Syed Rafiul Hussain
@SyedRafiul
Followers
1K
Following
2K
Media
24
Statuses
768
Assistant Professor of Computer Science and Engineering (@PennStateEECS, @PSUEngineering), Pennsylvania State University (@penn_state)
State College, PA
Joined May 2011
Baseband reverse engineering, emulation, and fuzzing! To learn more about our work, don't forget to attend the talk by Ali and Tianchang at @BlackHatEvents on Thursday at 11:20 am.
Tianchang and I are talking 5G baseband vulnerabilities on Thursday at 11:20am. We’ll share how we emulated Galaxy & Pixel Exynos modems for fuzzing and reverse engineered the binaries to find OTA-triggered memory corruption & RCE paths. Come by if you're around for #BHUSA 2025.
0
0
1
If you are working on 5G/6G/FutureG, consider submitting your work to the workshop on 6G and Spectrum Security for Critical Communication (6GSECC), co-located with IEEE MILCOM 2025 and co-chaired by Dr. Arup Bhuyan and me. CFP: Deadline is August 12, 2025.
milcom2025.ieee-milcom.org
Security and resiliency are mandatory for all mission-critical communications. While 6G will continue to transform cellular communications worldwide, providing ubiquitous wireless connectivity for a...
0
0
0
RT @RHasnainAnwar: Think your mobile digital wallet is safe? Think again. This article dives into why that's not enough and how thieves can….
investopedia.com
Using a VPN on your phone doesn't protect your digital wallet against phishing, malware, or theft. Learn how to keep your financial information and money secure.
0
1
0
Open RAN, Open Risks! Super excited to have our second talk accepted at BlackHat USA'25:. Proud of my students Tianchang Yang, Yilu Dong, Syed Md Mukit Rashid, and Ali Ranjbar! Joint work with Gang (Gary) Tan!.
0
0
3
Check out our recent paper presented by Yilu Dong at WiSec’25 where we demonstrated such solutions can be integrated with PKI based schemes. Joint work with Tao Wan. Great job, Yilu.
dl.acm.org
0
0
0
Even if you sign the broadcast messages to prevent your phone from connecting to fake base stations, relay attackers can still launch attacks unless additional measures, e.g., distance/time bounded solutions are correctly enforced.
1
0
1
Learn about how you may bypass paywalls of inflight Wi-Fi systems! Great job by @AAIshtiaq1 and the folks from UMass!
Presenting our paper “Cloud Nine Connectivity: Security Analysis of In-Flight Wi-Fi Paywall Systems” today at #WiSec2025! . Huge thanks to my coauthors, esp. @RHasnainAnwar.
0
0
7
Congratulations, Ishtiaq! Way to go!.
I’m grateful to have been selected for the 2024–25 Vice Provost and Dean of the Graduate School Student Persistence Scholarship at Penn State. This recognition is a meaningful encouragement as I continue my Ph.D. journey. Congratulations to all fellow recipients!.
1
0
1
RT @sergeybratus: Cybersecurity is not about maintaining status quo, cost centers, and accepting risk. It is about creating safe code faste….
0
8
0
RT @sergeybratus: Papers and slides from the 11th LangSec IEEE Security & Privacy workshop are now posted on the LangSec website: https://t….
0
7
0
RT @sergeybratus: I am looking forward to sharing my thoughts and learnings from DARPA programs on the new kinds of tools we need for maint….
0
4
0
Super excited to have LORIS, a stateful analysis and fuzzing framework for commercial baseband firmware, accepted at @blackhatevent this year. See you all in Las Vegas! #BHUSA.
Stateful fuzzing on emulated basebands is extremely challenging as it requires complex manual harnessing to identify state variables and to resolve task dependencies in the RTOS baseband. Also, identifying states and corresponding path constraints runs into state explosion issues.
0
1
8
Great teamwork by Ali (@mustbastani), Tianchang, Kai (@HelloTKk), and Saaman! Let us know your feedback to improve it further. Paper: Code:
github.com
Contribute to SyNSec-den/Loris development by creating an account on GitHub.
0
0
4
RT @CryptoGPS: Embarking on a new project that needs physical access to an H100 GPU. Any chance anyone is willing to let us borrow one (we….
0
2
0
We tested 61 access control properties with CoreScan and uncovered five new exploitable privilege escalation vulnerabilities in the 5G standards. Paper: source code:
github.com
Contribute to SyNSec-den/CoreScan development by creating an account on GitHub.
0
0
1
For this, we (Mujtahid, Toufik, and yours truly) developed CoreScan, an assume-guarantee style compositional verification technique that decomposes system model into multiple disjoint components and applies split assertion principle to identify local assumptions and guarantees.
1
0
0
With the rollout of microservice-based 5G core networks and the provision of third-party tenants (e.g., MVNOs), the 3GPP's current access control design is not secure. Mujtahid Akon will highlight these design flaws and explain how we found them today at @IEEESSP.
1
0
2
Today at @IEEESSP, Ali Ranjbar will present how we have addressed these challenges with a new technique called iterative symbolic execution to enable stateful and grammar-aware fuzzing of commercial basebands. Loris uncovered seven zero-days in 5 commercial basebands.
1
0
2
Stateful fuzzing on emulated basebands is extremely challenging as it requires complex manual harnessing to identify state variables and to resolve task dependencies in the RTOS baseband. Also, identifying states and corresponding path constraints runs into state explosion issues.
1
1
10
RT @sergeybratus: 11th LangSec IEEE Security & Privacy workshop is happy to announce its preliminary program: Abstr….
0
11
0