Cyber pasties: Learning lessons from smart phone developers for cyber physical systems (Conference Presentation)

During the past decade, smartphone developers have been improving security mechanisms in smartphone runtimes out of necessity. Unfortunately, these security improvements have frequently been left unimplemented in the smartphone’s corresponding baseband controller, and notable exploitations have occurred as a result. Developers of all cyber physical systems should take note: any processor running software could be the target of an attack; especially if that software processes raw inputs from sensors. In this paper we investigate specific exploitations that have been proven effective against baseband controllers, and examine the methodologies recommended by the exploit authors to protect against them. We conclude by presenting some design and implementation techniques that can be used to enhance the security posture of mindful developers of cyber physical systems.