back to article Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping

A heap overflow vulnerability in Qualcomm's Snapdragon 855 system-on-chip modem firmware, used in Android devices, could be exploited by baddies to run arbitrary code on unsuspecting users' devices, according to Check Point. The software bug, tracked as CVE-2020-11292, can be abused to trigger a heap overflow in devices that …

  1. redpawn Silver badge

    Babies

    I read it as "allow babies to snoop on conversations". Should have my tea before reading The Reg.

    1. Juanguanomo
      Gimp

      Re: Babies

      How on earth did people cope before there was tea?

  2. Claptrap314 Silver badge
    Pint

    Just in time

    for another round of hardware upgrades with their *ALL* *NEW* vulnerabilities.

    For crying ------->

    1. big_D Silver badge

      Re: Just in time

      I've been lucky, my last 4 handsets haven't used Snapdragons...

      Currently an Samsung S20+ with Exynos and an iPhone with an A12 chip.

      Previously, a brace of Huaweis, with their own Kirin chips.

      (I have to have separate phones for home and work)

  3. Juanguanomo
    Mushroom

    Bloody good job

    I don't own anything newfangled enough to have an eight-fifty-five snap dragon in it then. Do flap dragons count?

  4. elbisivni

    ''Exposed Android smartphones to snooping''.

    So the devices were performing as designed, then.

    Seriously - I do wish there was a viable alternative to Qualcomm in the Android market, or at least that Samsung would pull its finger out and make Exynos even slightly competitive. Qualcomm's heavy hand even stifles entire nascent markets, such as its miserable efforts at making up-to-date SOCs for smart watches

  5. Anonymous Coward
    Anonymous Coward

    Remote code execution on Android modem?

    Where have I heard that before?

    Oh yes...

    https://www.zdnet.com/article/backdoor-in-samsung-galaxy-devices-allows-remote-access-to-data/

  6. ThatOne Silver badge
    Thumb Down

    Mockery

    > we encourage end users to update their devices as patches become available

    I really hate the irony of that spokesperson...

  7. Cuddles Silver badge

    Yet...

    "Good thing researchers spotted it, no evidence of exploit in the wild"

    The Snapdragon 855 was first released at the start of 2019. That puts it firmly outside support for most Android devices. There may be no evidence of it being exploited in the wild yet, but how much would you like to bet that state of affairs continues now it's been published for the world to see?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021