This widget could not be displayed.
This widget could not be displayed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Security flaw! ROG II patched???

Melqui
Zen Master I
Please tell us some basic information before asking for help:
Model Name:
Firmware Version:
Rooted or not:
Frequency of Occurrence:
APP Name & APP Version (If your issue relates to the app):
In addition to information above, please also provide as much details as you can, e.g., using scenario, what troubleshooting you've already done, screenshot, etc.
========================================
Qualcomm modem flaw affects 30% of all phones; lets attackers record phone calls.
https://www.xda-developers.com/qualcomm-modem-flaw-record-phone-calls/
6 REPLIES 6

ronald1985
Community Legend I
Danishblunt

https://zentalk.asus.com/en/discussion/comment/166131#Comment_166131

Now you're making things up. The driver is not vulnerable at all. What happens here is that the hacker can inject through the Android OS malicious code into the modem hence exploiting this vulnerability.

The 30% means ALL quallcomm devices. Remember, most budget phones use mediatek or other chipsets, only the high end / middle end segment uses qualcomm, which makes about 30% of all android smartphones.

The real problem however is that security patches don't mean the same for all devices, for instance a device with a security patch from may 2021 might not even contain the fix. Lets take samsung as a prime example here:

https://security.samsungmobile.com/securityPost.smsb

As you can see some samsung smartphones already had the fix since january, some only got the fix in the first may patch, while other models have not recived the fix yet despite being on latest may patch which can be read on their statement:

While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

I bolded the most important word, Samsung as usual very careful with their wording 😉


View post
I did reply back but approval is taking a while as I posted earlier this morning, but you can ignore that as soon as it appears. Probably something that needs attention.
After posting before and re-read what you've put down, I realised you've said driver is not vulnerable, but the OS, which makes sense considering they are as one. Fair enough, I can live with making that error 🤣.
I do agree not all firmwares are updated the same, thus me saying:
Unfortunately I kind of disagree, but I am happy to be challenged/corrected.
When an OEM updates firmwares, it does not automatically mean the drivers will be updated to the latest and in this case, Qualcomm modem.
But with you showing that some Samsung devices are updated, but not all - it does beg the question. So I think that's a good find considering Samsung devices are quite regular with their monthly patches.

Melqui
Zen Master I
Samsung phones with May 2021 security update are protected from Qualcomm’s modem vulnerability.
https://www.xda-developers.com/samsung-may-2021-security-update-protected-qualcomm-vulnerability/