Security flaw! ROG II patched???

MelquiMelqui Level 3
edited June 10 in ROG Phone 2

Please tell us some basic information before asking for help:

  1. Model Name:
  2. Firmware Version:
  3. Rooted or not:
  4. Frequency of Occurrence:
  5. APP Name & APP Version (If your issue relates to the app):

In addition to information above, please also provide as much details as you can, e.g., using scenario, what troubleshooting you've already done, screenshot, etc.

========================================

Qualcomm modem flaw affects 30% of all phones; lets attackers record phone calls.

https://www.xda-developers.com/qualcomm-modem-flaw-record-phone-calls/

Comments

  • VolodesiVolodesi Level 3

    The answer is literally in the article...


    " If you’re using a Qualcomm Snapdragon-powered device that has not received a security update since November 2020, your device is likely still vulnerable"

  • ronald1985ronald1985 127.0.0.1 Level 5

    Unfortunately I kind of disagree, but I am happy to be challenged/corrected.

    When an OEM updates firmwares, it does not automatically mean the drivers will be updated to the latest and in this case, Qualcomm modem.

    Now, I cannot find proof whether it is up to date, but the nearest I can get to is the OpenGL ES version (don't know if it uses the same drivers as the modem) and this was updated on 04/07/2020.

    On contrast of that, it's only 30% of the phones, which does make you wonder the drivers were already up to date.

  • Now you're making things up. The driver is not vulnerable at all. What happens here is that the hacker can inject through the Android OS malicious code into the modem hence exploiting this vulnerability.

    The 30% means ALL quallcomm devices. Remember, most budget phones use mediatek or other chipsets, only the high end / middle end segment uses qualcomm, which makes about 30% of all android smartphones.

    The real problem however is that security patches don't mean the same for all devices, for instance a device with a security patch from may 2021 might not even contain the fix. Lets take samsung as a prime example here:

    https://security.samsungmobile.com/securityPost.smsb


    As you can see some samsung smartphones already had the fix since january, some only got the fix in the first may patch, while other models have not recived the fix yet despite being on latest may patch which can be read on their statement:

    While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

    I bolded the most important word, Samsung as usual very careful with their wording ;)

  • ronald1985ronald1985 127.0.0.1 Level 5

    Hmmmm - every post is waiting for approval 😵

    @Danishblunt as soon as you see my posts (only 2 of them), feel free to look at the 2nd one and ignore the first one. Basically, I have pretty much repeated myself.

  • ronald1985ronald1985 127.0.0.1 Level 5

    I did reply back but approval is taking a while as I posted earlier this morning, but you can ignore that as soon as it appears. Probably something that needs attention.

    After posting before and re-read what you've put down, I realised you've said driver is not vulnerable, but the OS, which makes sense considering they are as one. Fair enough, I can live with making that error 🤣.

    I do agree not all firmwares are updated the same, thus me saying:

    Unfortunately I kind of disagree, but I am happy to be challenged/corrected.

    When an OEM updates firmwares, it does not automatically mean the drivers will be updated to the latest and in this case, Qualcomm modem.

    But with you showing that some Samsung devices are updated, but not all - it does beg the question. So I think that's a good find considering Samsung devices are quite regular with their monthly patches.

  • MelquiMelqui Level 3

    Samsung phones with May 2021 security update are protected from Qualcomm’s modem vulnerability.

    https://www.xda-developers.com/samsung-may-2021-security-update-protected-qualcomm-vulnerability/

This discussion has been closed.