Preface:

GNSS – This is a global term encompassing all satellite constellations that provide positioning, navigation, and timing (PNT) services. Besides GPS, other GNSS include GLONASS (Russia), Galileo (EU), and BeiDou (China).

GPS – The Global Positioning System, developed by the US Department of Defense, is the most widely recognized and used GNSS. It was the first global satellite navigation system and has become a household term.

Background: A GPS/GNSS receiver can be considered the client in a similar way to an IoT device or smartphone, particularly when used for location-based services. GPS/GNSS receivers require cryptographic downloads, specifically key material and potentially software updates, to enable authentication and anti-spoofing features. These features ensure the integrity and authenticity of the received signals, protecting against malicious attacks like spoofing where fake signals mimic legitimate satellites.

Ref: The GPS module in the Snapdragon 8 Gen 3 is integrated within the Snapdragon X75 5G Modem-RF System. The X75 is a comprehensive modem-RF solution that includes not only 5G capabilities but also other wireless technologies like Wi-Fi, Bluetooth, and location services like GPS. This integration allows for efficient and high-performance location tracking and navigation on devices powered by the Snapdragon 8 Gen 3.

Vulnerability details: Cryptographic issue occurs due to use of insecure connection method while downloading.

Vulnerability Type: CWE-287 Improper Authentication

Official announcement: Please see the link for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html