About CVE-2023-31116: Design weakness of Samsung Exynos Modem 5123 and 5300 (1st Aug 2023)

Preface: RCS enables more dynamic and secure conversations than SMS and MMS. It allows users to share high-resolution photos and videos up to 100MB in size.

Background: About one year ago, Google’s next-generation flagship Pixel 7 series appears in the Android 13 developer preview, using Samsung’s baseband chip, model g5300b.

RCS is the successor to the old SMS standard, and Google has been pushing this feature hard over the past few years. Now, at Google I/O, the company confirmed that over 800 million people now have RCS on their phones.

To check if a user’s device is RCS-enabled and capable of communicating with an RBM agent, you can request the device’s capabilities. Identifying which features a device supports, if any at all, allows your agent to tailor the conversation to the device’s capabilities and avoid presenting interactions that are difficult or impossible for the user to complete.

Vulnerability details: An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-31116

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.