Happy to see these things getting more attention, they are a critical part of the modern mobile devices.

Seems bad enough, although most seem plain DoS. Even with that, the fun may start soon and continue for a long time because most of these are never patched. (That said, I didn't read close enough to deduce how realistic exploitation is.)

They are all denial of service bugs. I.e. crashes/hangs. No remote code execution or disclosure of sensitive data.

Glad they were able to figure out the branding though.

> Glad they were able to figure out the branding though.

That's pretty obviously something someone threw together in a few minutes after grabbing a few [0] random images from the internet. This isn't one of those exploit sites with more effort poured into marketing than the exploits themselves.

[0] https://www.flaticon.com/free-icon/ghost_1227567

The vulnerability branding trend is stupid, but I'm not sure it's worse for communicating what you're talking about than "CVE-2023-129038, 109239, and 120993" or "Those 5G vulnerabilities from uh I think 2022 or 2023? No not those, the other ones." Is there a better method?

I don't think it's stupid because I can't, off the top of my head, tell you the CVE number for Heartbleed, despite being very involved with it for a couple of weeks.

Heartbleed I remember, along with Spectre/Meltdown, but I couldn't name the weak exploits that turn out to be nothing burgers. Log4j could have used a brand though, imo.

How often do you need CVE numbers while simultaneously being unable to google for the CVE number?

Because everyone called it heartbleed.

I still remember some of the big ones like MS03-026/031, MS08-067, CVE-2005-1042.

> No [...] disclosure of sensitive data.

Not directly, but downgrading to LTE would almost certainly force a UE to expose its IMSI at least.

You don't need a baseband exploit for that, just a jammer.

> At least two other vulnerabilities are not disclosed yet due to confidentiality.

They observed just crashes and they didn't try to research exploitability. Absent more details, and knowing the usual exploitability distribution of C crash bugs, this would seem in doubt still.

Proprietary, audit-unfriendly blobs.

It should be no surprise the code is crap quality, like the fw in those Polish trains, although those had malware to boot.

And then, the protocols themselves are encumbered. GSM is a disaster in general.

I hate that this is status quo for mobile hardware. And almost certainly just to enforce artificial support boundaries to sell more hardware.

It also enables a lot of surveillance and prevents innovation in cell phone business models. Imagine what things would be like if you could connect any compatible device to the phone network for the same price.

The land line network used to work like the cell network does today. Early home computer networks, and then later, home internet were enabled by the court ruling that said the phone company couldn't block you from plugging modems in (or charge more for the same copper wire if you did plug a modem in).

California network neutrality laws supposedly ban discrimination against devices as well as against web sites, but it's either unenforced, or there is a loophole.

> Imagine what things would be like if you could connect any compatible device to the phone network for the same price.

Can't you already do that today? Just swap your sim card.

you are way out of date on how bad things are.

just moving sim card to another phone will completely block you any access until you "reactivate" in the majority of telcos around the world.

>just moving sim card to another phone will completely block you any access until you "reactivate" in the majority of telcos around the world.

Mind listing those countries? One source[1] for the US says that statement is only true for 1 of the 3 major telecoms. One of the other two requires an approved device to activate the sim, but otherwise doesn't care, and the other doesn't care as long as the device supports VoLTE.

[1] https://prepaid-data-sim-card.fandom.com/wiki/United_States#...

So -- to a large degree you're right.

But also, with the history of actually open protocols such as SMTP, the opportunity for abuse is enormous. The mobile phone system is abused right now by manufacturers, vendors, and "the surveillance state", but being open may just end up with us in a state where all that is true and there's a limitless slurry of effluent from semi-anonymous bad faith actors.

I think Signaling System 7 (what the phone networks use) might be the only widely-used communication protocol that's more open to abuse than SMTP.

With SS7, not only can you spoof any phone number, but you can cause the other end of the network connection to wire money without getting their prior authorization!

This is improved somewhat by STIR/SHAKEN, but, even with that, the state of the art is worse than SMTP.

In a prior life, I did a lot of work with SS7. I was dumbfounded by how insecure it is.

Like SMTP, BGP or most "ancient" network protocols, it was built on completely different assumptions about who was actually allowed to connect to the network, and therefore trustability.

Unfortunately, there is way too much old gear around, probably hundreds of billions of dollars worth, so instead of actually rebuilding communications systems we're forced to bolt on security (and features, like with IPv6) onto an extremely large pile of ossified bull dung.

SMTP has no authentication, authorization, or encryption built in. GSM and the verizon standard do. SMTP abuse is entirely down to you being able to fire and forget a message without any sort of acceptance criteria for downstream systems.

Anyone abusing the mobile network runs the risk of their provider pulling the plug and disabling their access.

Its status quo for almost all hardware. Your computers firmware/boot stack has probably some of the buggiest and error prone software you have running near you, unless you happen to be sitting in your car.

It feels like a damn miracle anything actually works.