The deadline for the FutureG'26 workshop, co-located with NDSS'26, is January 6. We look forward to your excellent work on wireless networks at FutureG.
ndss-symposium.org/ndss2026/submi…
futureg26.hotcrp.com
English
Syed Rafiul Hussain
764 posts
Syed Rafiul Hussain
@SyedRafiul
Assistant Professor of Computer Science and Engineering (@PennStateEECS, @PSUEngineering), Pennsylvania State University (@penn_state)
State College, PA Katılım Mayıs 2011
1.2K Takip Edilen1K Takipçiler
Baseband reverse engineering, emulation, and fuzzing! To learn more about our work, don't forget to attend the talk by Ali and Tianchang at @BlackHatEvents on Thursday at 11:20 am.
Ali@mustbastani
Tianchang and I are talking 5G baseband vulnerabilities on Thursday at 11:20am. We’ll share how we emulated Galaxy & Pixel Exynos modems for fuzzing and reverse engineered the binaries to find OTA-triggered memory corruption & RCE paths. Come by if you're around for #BHUSA 2025.
English
If you are working on 5G/6G/FutureG, consider submitting your work to the workshop on 6G and Spectrum Security for Critical Communication (6GSECC), co-located with IEEE MILCOM 2025 and co-chaired by Dr. Arup Bhuyan and me. CFP: milcom2025.ieee-milcom.org/workshop/ws04-…. Deadline is August 12, 2025
English
Syed Rafiul Hussain retweetledi
Think your mobile digital wallet is safe? Think again. This article dives into why that's not enough and how thieves can use your card even after you cancel it.
investopedia.com/cybersecurity-…
@SyedRafiul
#Cybersecurity #DigitalWallet #FinanceSecurity
English
Open RAN, Open Risks! Super excited to have our second talk accepted at BlackHat USA'25:
#open-ran-open-risk-uncovering-threats-and-exposing-vulnerabilities-in-next-gen-cellular-ran-46100" target="_blank" rel="nofollow noopener">blackhat.com/us-25/briefing….
Proud of my students Tianchang Yang, Yilu Dong, Syed Md Mukit Rashid, and Ali Ranjbar! Joint work with Gang (Gary) Tan!
English
Check out our recent paper presented by Yilu Dong at WiSec’25 where we demonstrated such solutions can be integrated with PKI based schemes. Joint work with Tao Wan. Great job, Yilu. dl.acm.org/doi/10.1145/37…
English
Even if you sign the broadcast messages to prevent your phone from connecting to fake base stations, relay attackers can still launch attacks unless additional measures, e.g., distance/time bounded solutions are correctly enforced.
English
Learn about how you may bypass paywalls of inflight Wi-Fi systems! Great job by @AAIshtiaq1 and the folks from UMass!
Abdullah Al Ishtiaq@AAIshtiaq1
Presenting our paper “Cloud Nine Connectivity: Security Analysis of In-Flight Wi-Fi Paywall Systems” today at #WiSec2025! Huge thanks to my coauthors, esp. @RHasnainAnwar. doi.org/10.1145/373447…
English
Congratulations, Ishtiaq! Way to go!
Abdullah Al Ishtiaq@AAIshtiaq1
I’m grateful to have been selected for the 2024–25 Vice Provost and Dean of the Graduate School Student Persistence Scholarship at Penn State. This recognition is a meaningful encouragement as I continue my Ph.D. journey. Congratulations to all fellow recipients!
English
Syed Rafiul Hussain retweetledi
Cybersecurity is not about maintaining status quo, cost centers, and accepting risk. It is about creating safe code faster, cheaper, and changing it safely as fast as needed for the mission. Formal methods is the only path to winning in the cyber domain: darpa.mil/formal-methods
English
Syed Rafiul Hussain retweetledi
Papers and slides from the 11th LangSec IEEE Security & Privacy workshop are now posted on the LangSec website: langsec.org/spw25/abstract…
English
Syed Rafiul Hussain retweetledi
I am looking forward to sharing my thoughts and learnings from DARPA programs on the new kinds of tools we need for maintaining and sustaining software and firmware at @hardwear_io , hardwear.io/usa-2025/speak…
English
Super excited to have LORIS, a stateful analysis and fuzzing framework for commercial baseband firmware, accepted at @blackhatevent this year. See you all in Las Vegas! #BHUSA
#uncovering-nasty-5g-baseband-vulnerabilities-through-dependency-aware-fuzzing-46485" target="_blank" rel="nofollow noopener">blackhat.com/us-25/briefing…
Syed Rafiul Hussain@SyedRafiul
Stateful fuzzing on emulated basebands is extremely challenging as it requires complex manual harnessing to identify state variables and to resolve task dependencies in the RTOS baseband. Also, identifying states and corresponding path constraints runs into state explosion issues
English
Great teamwork by Ali (@mustbastani), Tianchang, Kai (@HelloTKk), and Saaman! Let us know your feedback to improve it further. Paper: syed-rafiul-hussain.github.io/wp-content/upl…
Code: github.com/SyNSec-den/Lor…
English
Today at @IEEESSP, Ali Ranjbar will present how we have addressed these challenges with a new technique called iterative symbolic execution to enable stateful and grammar-aware fuzzing of commercial basebands. Loris uncovered seven zero-days in 5 commercial basebands.
English
Stateful fuzzing on emulated basebands is extremely challenging as it requires complex manual harnessing to identify state variables and to resolve task dependencies in the RTOS baseband. Also, identifying states and corresponding path constraints runs into state explosion issues
English
Syed Rafiul Hussain retweetledi
Embarking on a new project that needs physical access to an H100 GPU. Any chance anyone is willing to let us borrow one (we promise to return it), in exchange for a security exploration into the land of confidential computing? If so, DM me for further details. Thanks :)
English
We tested 61 access control properties with CoreScan and uncovered five new exploitable privilege escalation vulnerabilities in the 5G standards.
Paper: syed-rafiul-hussain.github.io/wp-content/upl…
source code: github.com/SyNSec-den/Cor…
English
For this, we (Mujtahid, Toufik, and yours truly) developed CoreScan, an assume-guarantee style compositional verification technique that decomposes system model into multiple disjoint components and applies split assertion principle to identify local assumptions and guarantees.
English
With the rollout of microservice-based 5G core networks and the provision of third-party tenants (e.g., MVNOs), the 3GPP's current access control design is not secure. Mujtahid Akon will highlight these design flaws and explain how we found them today at @IEEESSP.
English