Security probe of Qualcomm MSM data services
Bjørn Mork
bjorn at mork.no
Mon May 10 08:05:53 UTC 2021
Aleksander Morgado <aleksander at aleksander.es> writes:
> But anyway, I don't think our case is as critical as the one you point
> out in that article; in our case libqmi (and libmbim) will parse
> exclusively messages sent by the WWAN module, and the worst case that
> could happen is that the program using the library (e.g. ModemManager)
> crashes. If anyone thinks of a more severe scenario please let me
> know.
I don't think it's worth caring about, but there is this misconception
in parts of the security community where they pretend a host can be
protected against evil hotplugged hardware. This has resulted in a
gazillion pointless USB descriptor parsing patches for example.
If you take those people seriously, then you have to expect an evil
modem.
Good luck with that :-)
Bjørn
More information about the libqmi-devel
mailing list