Hi,
you may have read about an issue with ASN.1 compilers:
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
I have contaced Gemalto/Cinterion and got the feedback
that Qualcom says they have the bug but it can't be used
for an exploit because they reduce some length value
before the overflow can occur:
http://www.pcworld.com/article/3099692/security/devices-with-qualcomm-modems-safe-from-critical-asn1-telecom-flaw.html
The Option GTM601 and the PHS8/PLS8 modules we
use in our projects are based on Qualcom network software
so that we are on the safe side.
As long as we believe Qualcom - but we have no choice
unless someone develops a 2/3/4G module from scratch
with open software and gets it certified for operation.
So it is up to you if you still are worried or not. I am not.
BR,
Nikolaus
_______________________________________________
Community mailing list
Community@openphoenux.org
http://lists.goldelico.com/mailman/listinfo.cgi/community
http://www.tinkerphones.org
