Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Privacy Security

Vulnerabilities Discovered In Mobile Bootloaders of Major Vendors (bleepingcomputer.com) 76

An anonymous reader writes: Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the Android OS boot-up sequence, opening devices to attacks. The vulnerabilities were discovered with a new tool called BootStomp, developed by nine computer scientists from the University of California, Santa Barbara. Researchers analyzed five bootloaders from four vendors (NVIDIA, Qualcomm, MediaTek, and Huawei/HiSilicon). Using BootStomp, researchers identified seven security flaws, six new and one previously known (CVE-2014-9798). Of the six new flaws, bootloader vendors already acknowledged five and are working on a fix. "Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said (PDF). "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."
This discussion has been archived. No new comments can be posted.

Vulnerabilities Discovered In Mobile Bootloaders of Major Vendors

Comments Filter:
  • by ShakaUVM ( 157947 ) on Tuesday September 05, 2017 @01:25AM (#55139661) Homepage Journal

    Am I the only one that thinks that this information should have been released to the people making rootkits, and not the vendors?

    Time has shown that the vendors cannot be trusted and are far more evil than the people allowing people root access on their own machines. Bloatware, regressions through updates (often forced or nagged into acceptance), pushing their own branded crapware, removing options from the user, *preventing* the user from making the machine work the way they want it to, and so forth. You want to *not* have the screen turn on automatically when it starts charging? Sorry, you don't have permissions to do that on your own machine. They're evil. They should get the second look at these vulnerabilities after everyone who wants to root their devices has done so.

    • by Anonymous Coward

      I have a lot of older devices that I want this for.

      Furthermore it just proves the NSA/FBI/your local spooks and kooks, probably have had this shit for years, or had agents ensure the same field of exploits were inserted into each company's bootloaders.

      This is why they want keys THEY control in place, and why they don't want end users able to program the devices in a way that makes it difficult or impossible for them to compromise.

      captcha was 'travesty'. Indeed, indeed it is.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      > Time has shown that the vendors cannot be trusted and are far more evil than the people allowing people root access on their own machines.

      Yah, but people will stop buying the bad ones, thus bankrupting those evil vendors. The Invisible Hand and Ponies will surely fix that!

      Oh, wait...

      Yes, all a bit tongue-in-cheek, but I think we're seeing a failure of the maxim "market forces for the benefit of all" dogma here.

      • I think we're seeing a failure of the maxim "market forces for the benefit of all" dogma here.

        Maybe, but it's difficult to say for sure when the whole thing is wrapped under State-sanctioned anti-free-market monopoly-inducing violence-enforced system of intellectual "property" laws: copyrights, patents and trademarks. Plus the selling of monopolies over radio-frequency bands, tons of incumbent-protecting regulatory laws in all markets, Customs-protection of systemic internal inefficiencies, legal impediments for individuals to use for their own benefit the same tactics corporations use etc. etc. etc

    • by Unknown User ( 4795349 ) on Tuesday September 05, 2017 @04:12AM (#55139913)
      No, you're not the only one. This so-called "chain of trust" is ridiculous. People are forced to trust binary blobs of various nebulous business entities with a long history of nefarious business practices, bad security, and unnecessary collusion with sometimes shady government entities. That's pretty much the opposite of trustworthiness.
    • by GuB-42 ( 2483988 )

      Hacking bootloaders is not the solution.
      While it does help taking control of devices it also makes you vulnerable from hackers, police, etc...

      What you want is user override. It means the ability to create your own root of trust so that you can decide what to allow. The next best thing is allow you to enable or disable security at will. The procedure should not be too easy and most importantly, require physical access. For example : connect the phone via USB to a computer, run a command or special software o

  • We get to root our phones.
    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday September 05, 2017 @05:44AM (#55140051) Homepage Journal

      Most devices won't receive any updates even if they are totally compromised, because that's how much of a shit the vendors give about their customers. Only devices getting updates anyway will get locked back down.

      • Most devices won't receive any updates even if they are totally compromised, because that's how much of a shit the vendors give about their customers. Only devices getting updates anyway will get locked back down.

        Ordinarily, yes. But these vulnerabilities have the potential of removing the vendor's ability to retain control over the devices and allowing users to obtain root access on phones that previously did not have that capability..so I have a gut feeling the vendors will be coming out of the woodwork on this.

        • Ordinarily, yes. But these vulnerabilities have the potential of removing the vendor's ability to retain control over the devices and allowing users to obtain root access on phones that previously did not have that capability..so I have a gut feeling the vendors will be coming out of the woodwork on this.

          Once those phones have dropped out of support they are no longer on the manufacturers' radar. Most people won't mess around with a phone with a weird OS on it, they just buy the new shiny shiny. This is unsustainable and I think we can all agree that it is at least stupid but it's the economic reality of phones today.

  • by aglider ( 2435074 ) on Tuesday September 05, 2017 @02:49AM (#55139793) Homepage

    Once you break into the boot process you can launch any type of attack and perform any type of action.
    From replacing firmware and recovery code to whatever else you can imagine.
    Even install a better custom ROM.

  • by lwmv ( 2712755 ) on Tuesday September 05, 2017 @02:52AM (#55139795)
    you can see the future of IoT. Tons of phones will never get any security updates. I don't think IoT manufacturers will do better than that. Internet of Things = Internet of Vulnerabilities.
  • by Anonymous Coward

    More like Chain of No Trust! Am I right, guys?!

  • by Opportunist ( 166417 ) on Tuesday September 05, 2017 @04:03AM (#55139901)

    I have this mental image of a noose around my neck and someone yanking the attached chain. I think they mean that chain of trust? Trusting the chain to keep the user in reign?

    It's a chain of treachery. If anything, this is GOOD news. It may allow people to actually own their devices, at least for a while.

    • It may allow people to actually own their devices

      The problem is it also allows people to own *other's* devices.

      The fundamental problem with this is by owning your device you are leaving a security vulnerability exposed. In many cases a cure worse than the disease.

  • More links (Score:5, Informative)

    by eulernet ( 1132389 ) on Tuesday September 05, 2017 @04:25AM (#55139937)

    BootStomp's code:
    https://github.com/ucsb-seclab... [github.com]

    UCSB's team site:
    https://seclab.cs.ucsb.edu/aca... [ucsb.edu]

  • by Anonymous Coward

    Don't ever reboot your phone?

  • "Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said (PDF)"

    I think they actually mean:
    Some of these vulnerabilities would allow a user to execute arbitrary code as part of the bootloader (thus allowing users to have some control over their devices), or to perform installations of custom Android versions with better security than the

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...