Uncovering NASty 5G Baseband Vulnerabilities through Dependency-Aware Fuzzing
Black Hat USA 2025 · Day 1 · Briefings
Researchers from Penn State built LOTUS, a dependency-aware fuzzing framework for 5G baseband processors, and used it to discover seven unique exploitable vulnerabilities — including one critical and two high-severity — in Samsung's Exynos baseband as deployed in Galaxy S21 and Google Pixel 6 devices. All bugs were triggered over-the-air using a software-defined radio testbed, and five received CVEs. The core innovation is iterative symbolic analysis, which automatically identifies and initializes the state variables that 5G NAS protocol handlers require before they will process any input, a problem that stymied prior fuzzing approaches. ---
AI review
Legitimate baseband vuln research with a live OTA demo, seven exploitable crashes on Samsung Exynos, and a technically novel solution to the state-initialization problem that has stymied every prior 5G fuzzer. LOTUS is the real contribution here — iterative symbolic analysis is a clean idea that the field will copy. Drop everything.