Not all custom ROMs qualify as ROM4GSM. A genuine build usually includes the following technical characteristics:
In 2012–2014, researchers exploited baseband vulnerabilities (e.g., RCE via malformed SMS) by reverse-engineering ROM4GSM images. The infamous "Stagefright" bug had parallels in GSM stacks. Dumping the ROM allowed attackers to locate buffer overflows in AT command parsers. rom4gsm