Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android AT&T Cellphones Operating Systems Verizon

Researcher Unlocks Galaxy S4 Bootloader For AT&T, Verizon Phones 75

Trailrunner7 writes "Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both devicemakers ship the Galaxy S4 smartphones with a locked-down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone. Azimuth Security researcher Dan Rosenberg has found a vulnerability in the manner in which the devices do cryptographic checks of boot image signatures and was able to exploit the flaw and upload his own unsigned kernel to the device."
This discussion has been archived. No new comments can be posted.

Researcher Unlocks Galaxy S4 Bootloader For AT&T, Verizon Phones

Comments Filter:
  • not a true unlock (Score:5, Informative)

    by LiENUS ( 207736 ) <{moc.eganamtev} {ta} {todhsals}> on Saturday May 25, 2013 @07:22PM (#43824597) Homepage

    Unfortunately this is not a bootloader unlock, it allows you to load unsigned kernels and recovery images but the bootloader must be exploited each time you install a new image. Further it's easily fixed and the next OTA from at&t/vzw is expected to patch it.

    • Re: (Score:3, Insightful)

      A smart person who wants to "modify" their phone, turns off OTA updates.
  • Device Maker... (Score:3, Informative)

    by shri ( 17709 ) <shriramc.gmail@com> on Saturday May 25, 2013 @07:39PM (#43824663) Homepage

    It is the same device maker.

  • by crow ( 16139 ) on Saturday May 25, 2013 @07:44PM (#43824679) Homepage Journal

    The real news to me is that the Galaxy S4 is not already easily unlocked. I would have assumed that with the S3 being easily unlocked that the S4 would be similar.

    I would think the best strategy for the phone companies and the handset makers would be to make it just difficult enough that most people wouldn't bother, but easy enough that people who really care wouldn't avoid the phones.

    • by Nerdfest ( 867930 ) on Saturday May 25, 2013 @07:56PM (#43824735)

      It should be made illegal to lock cell phones. As nice as the S4 is, pick up a Nexus 4 and have a phone you don't need to 'jailbreak'.

    • by PopeRatzo ( 965947 ) on Saturday May 25, 2013 @08:18PM (#43824805) Journal

      The real news to me is that the Galaxy S4 is not already easily unlocked. I would have assumed that with the S3 being easily unlocked that the S4 would be similar.

      It will be.

      But jailbreaking isn't the answer. The answer is breaking AT&T into little bitty pieces and making contracts like the one between AT&T and Samsung illegal.

      If the anti-trust laws were enforced, S4's would cost about $150 and there would be no such thing as 2 year contracts for service. And there definitely wouldn't be the kind of collusion between hardware manufacturers, service providers and content providers that is destroying competition and making customers miserable and overcharged.

      • by crow ( 16139 ) on Saturday May 25, 2013 @08:36PM (#43824875) Homepage Journal

        Actually, it costs $237 to make one, so the price to consumers in a competitive market would probably be about $400 now while it's the latest and greatest thing, or $300 in six to twelve months. And of course, there should be a competitive market for financing for those who want to pay for it in installments.

        • Actually, it costs $237

          Let me guess: these are Samsung's figures, yes?

          • by crow ( 16139 )

            I googled: galaxy s4 teardown
            And I found this:
            http://allthingsd.com/20130508/samsung-galaxy-s4-costs-237-to-build-teardown-analysis-shows/ [allthingsd.com]

            Another example of why you should Google things before you post.

            • I googled: galaxy s4 teardown

              Do you realize that those teardowns show the cost of the components if you were to buy them individually?

              Do you think they get a teeny discount for buying 500,000? Like maybe a 20:1 discount?

              Even without this certain discount, which would bring the cost of building the S4 closer to $100, don't you think >300% profit is a tiny bit high?

              How much profit you think there is in a $200 Nexus 7, which is similar tech? Is the cost of building the Nexus 7 really an order of magnitud

      • by Pulzar ( 81031 )

        If the anti-trust laws were enforced, S4's would cost about $150 and there would be no such thing as 2 year contracts for service.

        No way on the $150 price. Just the parts that go into an S4 are more than $150. The S4 would still cost close to what it costs to buy it outright now, but the plans would end up being much more affordable, due to the competition and the lack of phone subsidy cost.

      • by the_B0fh ( 208483 ) on Saturday May 25, 2013 @10:30PM (#43825243) Homepage

        You are shitting me right? Talk about self indulgent pricks. If you want an unlocked S4, go buy it from Google's Play Store. Only $650 or so.

        The reason cell companies have $200 S4 is because they're fronting the money for it, and they want to make it back up (plus a nice multiplier, obviously) over the next 2 years. That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.

        And in 2 years, they front another $400 for you, so that you can get the S6 for $200. And they continue to milk you.

        But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.

        • by compro01 ( 777531 ) on Sunday May 26, 2013 @12:43AM (#43825677)

          But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.

          Nope, it doesn't cost $150. It costs $244, including the manufacturing. [ihs.com]

          • by iviv66 ( 1146639 )
            So we should order all businesses to sell their products at cost? Nope, you can't make profit on that phone you're selling. Don't want to pay $650 for the unlocked phone? Don't want to sign yourself into a 2 year contract? Then wait a couple of years for the phone to fall in price and buy it then. A phone is a luxury product, like anything sold by apple. They can put whatever markup they want onto their products, and if its too high then it simply won't sell. It is the same with any game console, or pretty
          • . It costs $244, including the manufacturing.

            Notice that it's priced out as if they were making them individually, to order.

            They give you the price of the processor if you bought only one and the price of the memory if you bought one module and the price of the screen if you bought only one screen.

            I've got a feeling they get a little bit of a discount when they source the materials to make a few million of them.

            It reminds me of how they used to publish what it would cost an individual to build a Corvette f

            • You really need to learn to read and comprehend better. The break down prices are what it cost the manufacturers to buy them.

              For some manufacturers that also make their own components, like Samsung, it may be cheaper, but that just means the component division made less money.

        • That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.

          What does this have to do with locking the bootloader? The rest of the world is in the same boat except without locked bootloaders. We are in the boat because of contractual agreements. So where is the incentive now? If I unlock my bootloader and go elsewhere I'm obliged to pay out the minimum contract cost which is quite expensive. If I upgrade then I still am required to pay the same contract cost.

          I am on a contract. I pay $x per month over 2 years. I get my data allowance, sms, calls etc. My phone howeve

    • The real question is if this applies to S4s not sold by Verizon and AT&T.

  • by EmagGeek ( 574360 ) on Saturday May 25, 2013 @08:19PM (#43824807) Journal

    Samsung is the device maker.

  • How hard is it? (Score:5, Interesting)

    by Anonymous Coward on Saturday May 25, 2013 @08:34PM (#43824867)

    When the phone powers up, there is usually a watchdog circuit that holds a pin low (ground) for a short time, usually 50-100ms, then it allows the pin to rise, and that pin then allows firmware to be loaded which starts the bootloader process (or is the bootloader process). Usually you can short that pin, and after the amount of time required to load the OS, the firmware can be updated (reflash the chip with new bootloader/os). I realise finding the pin and reflashing the chip can be a bit of a job, but its not impossible (I've used techniques like this to unbrick/reflash bootloaders in routers and other devices, and likewise upload new firmware).

    • by Anonymous Coward

      Except for the fact that "pin" is usually between two circuits on the same IC die contained in the same ceramic packaging.

      Sure, you can grind off the ceramic coating, put the die under your microscope, find what trace performs the locking function, and either short it or replace the fuses that were blown to enable the lockout.

      But after spending that much time and money on modifying what is essentially a phone someone else paid for and you are borrowing from them until it is paid off two years later, you cou

  • by manu0601 ( 2221348 ) on Saturday May 25, 2013 @08:35PM (#43824873)
    The summary seems wrong, the researcher did not exploit a cryptography weakness. I understand he managed to have its custom kernel loaded at specific memory address, overwriting a bootloader function.
  • Why would I buy a brain damaged piece of crap? Also I'm not likely to buy Samsung again due to their abandoning the Galaxy S which I'm still using.

    • So just pay $600 for an unlocked one like the rest of the non AT&T / Verizon world.

  • Why do articles like this say attacker. I guess if i own a S4 i would be the "attacker". At no point in the article did I read that if I clicked on a link i would be attacked. I think people that use the word "attacker" should be beaten till there bloody. There is no "attacker" cause it would be me doing the work, yet current user agreements they have i guess i would be the "attacker"...? Last time I rooted my phone or change something I didn't 'ATTACK" my phone neither did any one else "attack" my phone. I
  • I find this sentence from the article interesting:
    "I flash this image by leveraging root access in the Android operating system to write to the boot block device"

    Isn't it usually rooting you want to achieve when you unlock the bootloader?
    Or is there already a root exploit available, and this will allow you to not only root a stock image, but instead load custom images?
    • by gl4ss ( 559668 )

      I find this sentence from the article interesting:

      "I flash this image by leveraging root access in the Android operating system to write to the boot block device"
      Isn't it usually rooting you want to achieve when you unlock the bootloader?

      Or is there already a root exploit available, and this will allow you to not only root a stock image, but instead load custom images?

      You can have root on systems without exploits.. but having root doesn't mean that you can boot your own kernel.

  • So if I buy a brand new unlocked S4 from Amazon. Can I put my verizon sim in it and will it work the same as if I bought it from verizon but still be able to use it with metro pcs or t mobile simms?

What is now proved was once only imagin'd. -- William Blake

Working...