Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Unlocks Galaxy S4 Bootloader For AT&T, Verizon Phones

Posted by Soulskill on from the achievement-unlocked dept.

Trailrunner7 writes "Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both devicemakers ship the Galaxy S4 smartphones with a locked-down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone. Azimuth Security researcher Dan Rosenberg has found a vulnerability in the manner in which the devices do cryptographic checks of boot image signatures and was able to exploit the flaw and upload his own unsigned kernel to the device."

21 of 75 comments (clear)

  1. not a true unlock by LiENUS · · Score: 5, Informative

    Unfortunately this is not a bootloader unlock, it allows you to load unsigned kernels and recovery images but the bootloader must be exploited each time you install a new image. Further it's easily fixed and the next OTA from at&t/vzw is expected to patch it.

    1. Re:not a true unlock by DemonicMember · · Score: 3, Insightful

      A smart person who wants to "modify" their phone, turns off OTA updates.

    2. Re:not a true unlock by VortexCortex · · Score: 5, Interesting

      It's morel like if you forgot to lock your back door so your neighbor slips in it once or twice, you notice lock the back door and its back to secure.

      Yeah, it's like that, but also: Then the neighbor slips in your window instead. So, you lock that. Then you notice them crawling in right through the damn wall?! Oh, that's right you live in a Swiss Cheese Shanty. Bah, but who cares, you'll be moving out soon -- You're building a whole new home, and it's going to be Sweet! Most Secure System Ever. No ones ever tried to tunnel their way into a Funnelcake Fortress before!

      Meanwhile the list of your previous homes includes Calamari Castle, Macaroni Mansion, and a Doughnut Domicile, so it doesn't seem like the future bodes well for your boot-locking strategies.... Oh! What about a Footwear Flat? I know an old lady looking to part with one on the cheap, roof's a bit 'leaky' though...

    3. Re:not a true unlock by 228e2 · · Score: 5, Funny

      Well, I followed your analogy, but now im hungry . . . .

      --
      Since when does being a Socialist mean 'someone who has a different opinion than me'?
    4. Re:not a true unlock by Solandri · · Score: 2

      You guys are missing the most important point. It's like you sell your house to your neighbor, but you only want him using the front door so you give him only the key to the front door.

      The neighbor (now owner) thinks that's pretty stupid since it's his house now, and he wants to be able to use the other doors. He manages to pick the lock on the back door to open it, and gets the lock changed so he can use the back door. Next time you drop by to visit and fix some things which were broken when you sold him the house, you notice he's managed to use the back door of his house, so you change the back door lock to a better one to stop him from using it.

      The neighbor/owner can't figure out how to pick it, so he picks the side door lock instead and replaces that so at least he can use the side door. Next time you drop by for another fixit visit, you change his side door lock so he can't use it again. And so on.

    5. Re:not a true unlock by AmiMoJo · · Score: 5, Insightful

      A smart person doesn't buy a carrier locked phone in the first place.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Device Maker... by shri · · Score: 2, Informative

    It is the same device maker.

  3. Real News: Galaxy S4 not easily unlocked yet! by crow · · Score: 5, Insightful

    The real news to me is that the Galaxy S4 is not already easily unlocked. I would have assumed that with the S3 being easily unlocked that the S4 would be similar.

    I would think the best strategy for the phone companies and the handset makers would be to make it just difficult enough that most people wouldn't bother, but easy enough that people who really care wouldn't avoid the phones.

    1. Re:Real News: Galaxy S4 not easily unlocked yet! by Nerdfest · · Score: 4, Informative

      It should be made illegal to lock cell phones. As nice as the S4 is, pick up a Nexus 4 and have a phone you don't need to 'jailbreak'.

    2. Re:Real News: Galaxy S4 not easily unlocked yet! by PopeRatzo · · Score: 4, Insightful

      The real news to me is that the Galaxy S4 is not already easily unlocked. I would have assumed that with the S3 being easily unlocked that the S4 would be similar.

      It will be.

      But jailbreaking isn't the answer. The answer is breaking AT&T into little bitty pieces and making contracts like the one between AT&T and Samsung illegal.

      If the anti-trust laws were enforced, S4's would cost about $150 and there would be no such thing as 2 year contracts for service. And there definitely wouldn't be the kind of collusion between hardware manufacturers, service providers and content providers that is destroying competition and making customers miserable and overcharged.

      --
      You are welcome on my lawn.
    3. Re:Real News: Galaxy S4 not easily unlocked yet! by Microlith · · Score: 2

      The real question is if this applies to S4s not sold by Verizon and AT&T.

    4. Re:Real News: Galaxy S4 not easily unlocked yet! by crow · · Score: 5, Insightful

      Actually, it costs $237 to make one, so the price to consumers in a competitive market would probably be about $400 now while it's the latest and greatest thing, or $300 in six to twelve months. And of course, there should be a competitive market for financing for those who want to pay for it in installments.

    5. Re:Real News: Galaxy S4 not easily unlocked yet! by the_B0fh · · Score: 5, Insightful

      You are shitting me right? Talk about self indulgent pricks. If you want an unlocked S4, go buy it from Google's Play Store. Only $650 or so.

      The reason cell companies have $200 S4 is because they're fronting the money for it, and they want to make it back up (plus a nice multiplier, obviously) over the next 2 years. That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.

      And in 2 years, they front another $400 for you, so that you can get the S6 for $200. And they continue to milk you.

      But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.

    6. Re:Real News: Galaxy S4 not easily unlocked yet! by spire3661 · · Score: 3, Informative

      You can get a stock Jelly Bean Galaxy S4 that isnt locked.

      --
      Good-bye
    7. Re:Real News: Galaxy S4 not easily unlocked yet! by compro01 · · Score: 3, Informative

      But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.

      Nope, it doesn't cost $150. It costs $244, including the manufacturing.

      --
      upon the advice of my lawyer, i have no sig at this time
    8. Re:Real News: Galaxy S4 not easily unlocked yet! by thegarbz · · Score: 2

      That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.

      What does this have to do with locking the bootloader? The rest of the world is in the same boat except without locked bootloaders. We are in the boat because of contractual agreements. So where is the incentive now? If I unlock my bootloader and go elsewhere I'm obliged to pay out the minimum contract cost which is quite expensive. If I upgrade then I still am required to pay the same contract cost.

      I am on a contract. I pay $x per month over 2 years. I get my data allowance, sms, calls etc. My phone however is completely unlocked. I can put any SIM in it and take it anywhere. I can load (and did load) custom kernels without any issue. Yet I am still forced to pay the carrier.

      How is unlocking the bootloader related to milking consumers again?

    9. Re:Real News: Galaxy S4 not easily unlocked yet! by thegarbz · · Score: 2

      No. Verizon and AT&T are the only known carriers locking the Galaxy S4 bootloader.

  4. AT&T and Verizon are not "devicemakers" by EmagGeek · · Score: 5, Informative

    Samsung is the device maker.

  5. How hard is it? by Anonymous Coward · · Score: 5, Interesting

    When the phone powers up, there is usually a watchdog circuit that holds a pin low (ground) for a short time, usually 50-100ms, then it allows the pin to rise, and that pin then allows firmware to be loaded which starts the bootloader process (or is the bootloader process). Usually you can short that pin, and after the amount of time required to load the OS, the firmware can be updated (reflash the chip with new bootloader/os). I realise finding the pin and reflashing the chip can be a bit of a job, but its not impossible (I've used techniques like this to unbrick/reflash bootloaders in routers and other devices, and likewise upload new firmware).

    1. Re:How hard is it? by Khyber · · Score: 3, Informative

      The kind that is comfortable doing live BIOS swaps. Some of us really hate having to dick around with software or drive-by solutions. Doing it 100% ourselves is the 'proper' way we do things.

      AKA any half-competent computer repair tech.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  6. Not a cryptography weakness by manu0601 · · Score: 2

    The summary seems wrong, the researcher did not exploit a cryptography weakness. I understand he managed to have its custom kernel loaded at specific memory address, overwriting a bootloader function.