have shown that hackers can use rogue base stations (like OpenBTS) to send malicious packets that trigger memory corruption in this firmware. This can allow an attacker to execute arbitrary code on the baseband without any user interaction. Security "Time Capsule":
For years, security researchers viewed the baseband as a "Black Box." They could send inputs (radio signals) and observe outputs, but they couldn't see the logic inside. gsm secret firmware
of the GSM baseband software, allowing researchers to replace the "secret" proprietary firmware on certain older phones (like the Motorola C115) to inspect and interact with the mobile network directly. The Miserable State of Modems : A high-level discussion and critique have shown that hackers can use rogue base