Author Topic: Major security vulnerability with Google Pixels  (Read 2605 times)

Zarhan

  • Sr. Member
  • ****
  • Posts: 371
    • View Profile
Major security vulnerability with Google Pixels
« on: March 17, 2023, 06:32:24 am »
https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/

Good news for Planet phones (that don't get security updates in any meaningful sense) is that Mediatek SoC probably does not have this vulnerability. Could anyone confirm this?

Bad news is that you can compromise a phone just by dialing to it via VoLTE call. And Google removed the capability to disable VoLTE on their phones..

Daniel W

  • Sr. Member
  • ****
  • Posts: 372
    • View Profile
Re: Major security vulnerability with Google Pixels
« Reply #1 on: April 08, 2023, 06:11:23 pm »
Well, the 9to5Google article links to a Samsung security statement that lists six particular Samsung chips, perhaps including variants, and decribes the problem as an issue within their embedded software.

Since no other chip brand is mentioned, we can conclude that Samsung didn't license the affected technology to anyone else. Thus, this issue can reasonably only affect devices built around these specific Samsung chips, which also must run a vulnerable version of the embedded software.

While any phone may contain off-the-shelf Samsung parts, such as RAM, flash, sensors, amplifiers, power management stuff etc, the SoC and the modem contains intellectual property, which the phone manufacturer must license, before they are even allowed to buy the chips.

The factory Planet Computers employs, are (only) licensed to use MediaTek, so a Planet phone cannot legally contain a non MediaTek modem. Even if it could, it would probably neither be technologically feasible nor financially viable to combine a MediaTek SoC with a Samsung modem.

As far as I know, the SoC models Planet has used so far, all has their modems integrated into the SoC itself (which, reasonably is the cheapest option).