This widget could not be displayed.
This widget could not be displayed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Security flaw! ROG II patched???

Melqui
Zen Master I
Please tell us some basic information before asking for help:
Model Name:
Firmware Version:
Rooted or not:
Frequency of Occurrence:
APP Name & APP Version (If your issue relates to the app):
In addition to information above, please also provide as much details as you can, e.g., using scenario, what troubleshooting you've already done, screenshot, etc.
========================================
Qualcomm modem flaw affects 30% of all phones; lets attackers record phone calls.
https://www.xda-developers.com/qualcomm-modem-flaw-record-phone-calls/
6 REPLIES 6

Volodesi
Rising Star II
The answer is literally in the article...

" If you’re using a Qualcomm Snapdragon-powered device that has not received a security update since November 2020, your device is likely still vulnerable"

ronald1985
Community Legend I
Volodesi

The answer is literally in the article...

" If you’re using a Qualcomm Snapdragon-powered device that has not received a security update since November 2020, your device is likely still vulnerable"


View post
Unfortunately I kind of disagree, but I am happy to be challenged/corrected.
When an OEM updates firmwares, it does not automatically mean the drivers will be updated to the latest and in this case, Qualcomm modem.
Now, I cannot find proof whether it is up to date, but the nearest I can get to is the OpenGL ES version (don't know if it uses the same drivers as the modem) and this was updated on 04/07/2020.
On contrast of that, it's only 30% of the phones, which does make you wonder the drivers were already up to date.

Danishblunt
Hall of Fame I
ronald1985

https://zentalk.asus.com/en/discussion/comment/166087#Comment_166087

Unfortunately I kind of disagree, but I am happy to be challenged/corrected.

When an OEM updates firmwares, it does not automatically mean the drivers will be updated to the latest and in this case, Qualcomm modem.

Now, I cannot find proof whether it is up to date, but the nearest I can get to is the OpenGL ES version (don't know if it uses the same drivers as the modem) and this was updated on 04/07/2020.

On contrast of that, it's only 30% of the phones, which does make you wonder the drivers were already up to date.


View post
Now you're making things up. The driver is not vulnerable at all. What happens here is that the hacker can inject through the Android OS malicious code into the modem hence exploiting this vulnerability.
The 30% means ALL quallcomm devices. Remember, most budget phones use mediatek or other chipsets, only the high end / middle end segment uses qualcomm, which makes about 30% of all android smartphones.
The real problem however is that security patches don't mean the same for all devices, for instance a device with a security patch from may 2021 might not even contain the fix. Lets take samsung as a prime example here:
https://security.samsungmobile.com/securityPost.smsb

As you can see some samsung smartphones already had the fix since january, some only got the fix in the first may patch, while other models have not recived the fix yet despite being on latest may patch which can be read on their statement:
While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.
I bolded the most important word, Samsung as usual very careful with their wording 😉

ronald1985
Community Legend I
Hmmmm - every post is waiting for approval 😵
@Danishblunt as soon as you see my posts (only 2 of them), feel free to look at the 2nd one and ignore the first one. Basically, I have pretty much repeated myself.