Forwarded from Confidential and Proprietary (join from @exconfidential)
#Qualcomm MSM8953 Android 7 #Source Dump
A full sync of qcoms Android tree from a POS manufacturer. Contains #firehose sources, modem, all sectools scripts, ims, camera, literally everything.
https://gitlab.com/exconfidential/msm8953/ticai_src
gdrive mirror: https://drive.google.com/open?id=1z7LDO2wTvvYgwyV_HYLvmKdNySylEdrd
A full sync of qcoms Android tree from a POS manufacturer. Contains #firehose sources, modem, all sectools scripts, ims, camera, literally everything.
https://gitlab.com/exconfidential/msm8953/ticai_src
gdrive mirror: https://drive.google.com/open?id=1z7LDO2wTvvYgwyV_HYLvmKdNySylEdrd
Forwarded from Confidential and Proprietary (join from @exconfidential)
80_NU323_2_Multimedia_Driver_Development.pdf
1.6 MB
Fairphone suggests Qualcomm is the biggest barrier to long-term Android support
https://arstechnica.com/gadgets/2021/03/the-fairphone-2-hits-five-years-of-updates-with-some-help-from-lineageos/
#Fairphone #Qualcomm
https://arstechnica.com/gadgets/2021/03/the-fairphone-2-hits-five-years-of-updates-with-some-help-from-lineageos/
#Fairphone #Qualcomm
Ars Technica
Fairphone suggests Qualcomm is the biggest barrier to long-term Android support
Qualcomm ended support for the phone after Android 6, but Fairphone is still going.
Qualcomm Chip Flaw Could Leave 30 Percent of the World's Phones Vulnerable to Hackers
https://gizmodo.com/qualcomm-chip-flaw-could-leave-30-percent-of-the-worlds-1846837667
#qc #Qualcomm #soc #hack #vulnerability
https://gizmodo.com/qualcomm-chip-flaw-could-leave-30-percent-of-the-worlds-1846837667
#qc #Qualcomm #soc #hack #vulnerability
Gizmodo
Qualcomm Chip Flaw Could Leave 30 Percent of the World's Phones Vulnerable to Hackers
A recently discovered vulnerability inside Qualcomm-produced phone chips could be exploited to gain access to data on affected devices, allowing an intruder to snoop on phone calls and text messages.
#Qualcomm announces - iSIM tech that integrates SIM card with processor.
A new #iSIM (integrated #SIM) standard is on its way and built upon eSIM by directly integrating the SIM technology in the device’s main chipset.
https://www.qualcomm.com/news/releases/2022/01/18/vodafone-qualcomm-technologies-and-thales-deliver-world-first-smartphone
A new #iSIM (integrated #SIM) standard is on its way and built upon eSIM by directly integrating the SIM technology in the device’s main chipset.
https://www.qualcomm.com/news/releases/2022/01/18/vodafone-qualcomm-technologies-and-thales-deliver-world-first-smartphone
Qualcomm
Vodafone, Qualcomm Technologies, and Thales Deliver World-First
Leading industry innovators Vodafone, Qualcomm Technologies, Inc., and Thales have joined forces to demonstrate a working smartphone featuring iSIM (based on the ieUICC[1] GSMA specification) - a new technology enabling the functionality of a SIM
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, #Qualcomm gathers a huge amount of user data.
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
GitHub
GPS not working properly · Issue #160 · jerryn70/GoodbyeAds
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, Qualcomm gathers a huge amount of user data. Issue Requests from these domains are need...
The code that wasn't there: Reading memory on an Android device by accident | The GitHub Blog – 2023
#Android #Vulnerability #Bug #Qualcomm
The bug was a somewhat accidental find, and although it can only be used to leak information, it is nevertheless a very powerful bug that can be used to leak large amounts of information to a malicious Android app; it can be used an unlimited number of times with no adverse effects on the running state of the phone. I’ll show how it can be used to leak information at the page level in the user space and kernel space. I’ll then use the kernel space information leak to construct a KASLR bypass. From a vulnerability research point of view, it’s also a rather subtle and perhaps one the most unusual bugs that I’ve ever found
#Android #Vulnerability #Bug #Qualcomm