back to article Android, Qualcomm move on insecure GPS almanac downloads

Nearly a decade after it introduced assisted-GPS in its mobile chipsets, Qualcomm has squished a bug that allowed miscreants to mess around with people's location services, or crash their phones. In 2007, Qualcomm made GPS signal acquisition faster by using an almanac of satellites. Instead of having to acquire signals blindly …

  1. DougS Silver badge

    This will be fertile ground for attackers to check

    Given the ease of subverting DNS, and the lack of Android updates to enforce SSL on the majority of the extent Android devices, finding a way to use this to hijack a device would be worth a lot of money.

    This will be one case where you hope the worst they can do is hang the phone...

    1. Adam 1

      Re: This will be fertile ground for attackers to check

      Not sure how that would work. Definitely worth a look, but as I understand it this is just a "try these areas first" collection of data points. That is to say, it can't interfere with the positioning values themselves (via http MitM).

      My old tom tom would take several minutes to find itself; you basically have to drop to that sort of brute force scan.

      It is possible to believe that a malformed file could be misprocessed causing a buffer overflow or equivalent. Seriously though, if you want an easy way to pwn most android handsets, write a simple app with two threads, activate copy on write, load an executable owned by root and .... you know what, I'm not doing your homework, this isn't stack overflow here...

  2. Hans Neeson-Bumpsadese Silver badge

    Just phones?

    I wonder if the described vulnerability could be applied to other devices which use the same chipset....thinking about tracking devices like employers use to monitor the location of their vehicle fleet, car insurance 'black box' devices, etc

  3. Gene Cash Silver badge

    This is bogus

    Google says it "could hang devices" HOW? That's bullshit. I could understand how it could hang a really shite app (are there any others?) but not the device.

    As the article says, all it can do is screw the GPS init. Plus after a while, it gets ignored as the GPS goes into "cold start" where it goes "OK I really don't know where I am" and starts from scratch acquiring the satellites (which can take 3 or 4 minutes)

    Plus the GPS assistance almanac only covers the US GPS satellites. Modern GPS chipsets also use the Russian GLONASS & Chinese BEIDOU systems, so they can acquire those.

    If you use this app: https://play.google.com/store/apps/details?id=com.eclipsim.gpsstatus2 the GPS sats are circles, GLONASS are squares, and BEIDOU are triangles. My Nexus 6P and old Moto G (3G) can use GLONASS.

    1. DougS Silver badge

      Re: This is bogus

      I think I would believe Google over you. Why would THEY claim something can hang an Android phone if it actually can't? If it was some random security researcher then maybe your skepticism would be warranted, but it is easy to imagine that if the tables are crafted correctly it could put the assisted GPS function into a loop or something that the OS doesn't recover from since it is assuming the tables are properly formatted.

      Use of other standards is nothing new, I think Apple has used Qualcomm chipsets that supported GLONASS since the 4 or 4S, and I'm sure Android from a similar time frame at least in leading edge devices using the same chipsets. That can make it a bit faster to get a proper GPS fix in a place where your view of the sky is obscured (i.e. tall buildings) but doesn't do squat for you if you don't have a view of the sky at all, like when you inside a building with too much between you and the roof. Maybe the assisted GPS needs to take alternate sources into account as well.

      There's also whatever the Euro solution will use, so someday we'll have four independent methods of determining a position fix, so the algorithms could be improved to throw out one that looks bogus (i.e. if the US blocked GPS in a certain area, the EU might join them but Russia and China are unlikely to do so as well)

  4. Anonymous Coward
    Anonymous Coward

    There's the rub

    "owners of other 'droids have to wait until their OEMs roll out updates."

    In other words; good luck, Charlie. Your Sammy is F-ed in the A.

    My Sammy does one thing now; Kodi remote. And even then I don't completely trust it, so when not doing remote duty it's off the fucking net. Period. The segmentation of the Android market is a joke. You have but one alternative, unless you are a crying, whiny little Windows-only admin from the 80s. Then you're F-ed in so many other ways. :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020