09-21-2021, 05:18 AM
It looks to me like an attacker would need to have compromised your pinephone already in order to exploit this issue, so to that extent it's already game over. It might be a route to installing something persistent on the modem though.
There are firmware updates from Quectel available, but I don't know if they've addressed this. There's also biktogj's firmware implementation which I think uses a different AT command handler. If that one has a similar mistake it can at least be fixed openly.
https://github.com/Biktorgj/pinephone_modem_sdk
https://github.com/Biktorgj/meta-qcom/tr...em/openqti
There are firmware updates from Quectel available, but I don't know if they've addressed this. There's also biktogj's firmware implementation which I think uses a different AT command handler. If that one has a similar mistake it can at least be fixed openly.
https://github.com/Biktorgj/pinephone_modem_sdk
https://github.com/Biktorgj/meta-qcom/tr...em/openqti