[Gta04-owner] ASN.1 vulnerability?
tgrauss
tgrauss at f-gp.eu
Fri Jul 29 15:26:51 CEST 2016
Hi,
Well, even if it is vulnerable, it is still a lot less a problem than it
is with any other phone.
For other smartphone, an attack could be :
- Insert malicious code in the running firmware of the gsm module
- Attack the main cpu as the gsm module has main memory access
This is another reason to separate the main cpu and memory from the gsm
module.
Best regards
Thierry
On 29/07/2016 15:02, H. Nikolaus Schaller wrote:
> Hi,
> you may have read about an issue with ASN.1 compilers:
>
> https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
>
> I have contaced Gemalto/Cinterion and got the feedback
> that Qualcom says they have the bug but it can't be used
> for an exploit because they reduce some length value
> before the overflow can occur:
>
> http://www.pcworld.com/article/3099692/security/devices-with-qualcomm-modems-safe-from-critical-asn1-telecom-flaw.html
>
> The Option GTM601 and the PHS8/PLS8 modules we
> use in our projects are based on Qualcom network software
> so that we are on the safe side.
>
> As long as we believe Qualcom - but we have no choice
> unless someone develops a 2/3/4G module from scratch
> with open software and gets it certified for operation.
>
> So it is up to you if you still are worried or not. I am not.
>
> BR,
> Nikolaus
>
> _______________________________________________
> Gta04-owner mailing list
> Gta04-owner at goldelico.com
> http://lists.goldelico.com/mailman/listinfo.cgi/gta04-owner
More information about the Gta04-owner
mailing list