Security probe of Qualcomm MSM data services

[Aleksander Morgado]

> > But anyway, I don't think our case is as critical as the one you point
> > out in that article; in our case libqmi (and libmbim) will parse
> > exclusively messages sent by the WWAN module, and the worst case that
> > could happen is that the program using the library (e.g. ModemManager)
> > crashes. If anyone thinks of a more severe scenario please let me
> > know.
>
> I don't think it's worth caring about, but there is this misconception
> in parts of the security community where they pretend a host can be
> protected against evil hotplugged hardware.  This has resulted in a
> gazillion pointless USB descriptor parsing patches for example.
>
> If you take those people seriously, then you have to expect an evil
> modem.
>

If I had infinite worktime available, I would consider that usecase.
But I don't, so I won't.

-- 
Aleksander
https://aleksander.es