Matheus-Garbelini
commented
6 months ago Hi @qiqingh
Although Qualcomm has confirmed Snapdragon 8 Gen 1 Mobile Platform in their December/2023 security bulletin (employed by Samsung S22 US model), the exploits that we have in 5Ghoul might not work exactly the same way in Samsung S22 or newer models. This is because we inject fixed 5G payload (i.e., static byte values at specific offsets) into the phone, which might not trigger the vulnerability for newer modems which might expect a slightly different incorrect message structure to fail.
However you can certainly test 5Ghoul connectivity in this phone and launch some attacks for your experiments. With newer models of Qualcomm's modems (Like Samsung S22), we were able to only reproduce the downgrade attacks described in Section 4.3 of 5Ghoul disclosure. This also seems to affect phones of other vendors such as MediaTek.
Regards.
qiqingh
Hello, Thank you for your exceptional work! I was reviewing the information on your website at https://asset-group.github.io/disclosures/5ghoul/, and I noticed something that I'd like to clarify.
In Table 1, titled "Devices and Monitoring Used for Evaluation of 5Ghoul Vulnerabilities," the UE S22 is listed. However, I observed that the S22 is not included in Table 2, which provides a "Summary of 5G Implementation Vulnerabilities and Affected Software or Products."
Could you please confirm whether the UE S22 is impacted by the V7 vulnerability? I am particularly interested in understanding the scope of this vulnerability and its effects on the S22 device. Your clarification on this matter would be greatly appreciated.