Posted by Nightwatch Cybersecurity Research on Dec 05

[Also posted online:
https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/]

Summary

Assisted GPS/GNSS data provided by Qualcomm for compatible receivers
is often being served over HTTP without SSL. Additionally many of
these files do not provide a digital signature to ensure that data was
not tampered in transit. This can allow a network-level attacker to
mount a MITM attack and modify the data while in transit. While HTTPS
and…