RT @pr0me: new baseband rehosting research just dropped!. BaseBridge dynamically identifies relevant regions from a memory dump which are t….

RT @danielklischies: 📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going….

RT @sureworkshop: We are excited to announce that the 1st Workshop on Software Understanding and Reverse Engineering (SURE) will be co-loca….

RT @REverseConf: No joke, another video! @nsinusr and Tomasz share the ins and outs of modern SIM hacking!

Really enjoyed speaking at the inaugural edition of.@REverseConf!. You can find our slides on tricks with SIMs and interposers here:

RT @REverseConf: SIM cards: more than just storage. Join Marius Muench (@nsinusr) & Tomasz Lisowski as they reveal SIM vulnerabilities, bas….

Results of the RP2350 Hacking Challenge are now public - I'm happy that my entry qualified as one of the winning breaks!. Also huge shout out to the other winners: @aedancullen, Kévin Courdesses, @IOActive & @hextreeio - awesome work!. Thanks for the challenge @Raspberry_Pi!.

🚨Upcoming Training with @_ringzer0: Join @ScepticCtf and me to learn about reversing, fuzzing, and attacking low-level firmware. Austin, March 18th-21st. More information:

RT @REverseConf: Our 2025 RE//verse talk schedule is now live! Talks start Friday, but don't forget to check the Thursday schedule and arri….

RT @gynvael: Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bo….

RT @AntiCheatPD: 🧵 New Anti-Cheat Study Highlights 👇. 1/ reveals the hidden economics of game cheats, with annual revenues estimated betwee….

We have a PhD position opening over at the University of Birmingham! If you are interested in embedded systems, low-level hacking, telco security or trusted execution environments, feel free to reach out. Happy to discuss. Current Application deadline: Dec 5th.

Heya! Our new research on client-side game cheating & anti-cheat systems is out: Joint work with Sam Collins, Alex Poulopoulos, and @TomChothia. Full paper:

RT @hardwear_io: 📱 Even with newer cellular technologies available, GPRS stacks are still found in many phones, making them a bullseye for….

RT @thorstenholz: Congratulations Dr. Chlosta! 🎉

And now, to the links:.- Paper: - Code: - Artifact:

Curious to learn more? Come visit our USENIX talk on Thursday afternoon (Session: Wireless Security I: Cellular and Bluetooth). Great work together with Tomasz Piotr Lisowski, Merlin Chlosta, and Jinjin Wang.

But are hostile SIM cards a realistic threat model? To answer this, we provide two case studies: (a) a SIM spyware remotely provisioned by a rogue operator, and (b) triggering the found vulnerabilities via a modified SIM interposer, inserted by an attacker with physical access.

Using SIMurai, we found high-severity vulnerabilities in widely-deployed cellular baseband firmware, allowing attackers to get code execution. We also verified operationality of SIMurai by connecting it to 18(!) different phones and attaching to cellular networks (2G/4G/5G).

SIM cards can, for instance, ask your phone to open TCP channels, send SMS, or retrieve location information without user interaction. To explore the attack surface we developed SIMurai, a research-focused SIM emulator, which can be plugged to physical and emulated phones alike.