Slashdot Mirror
Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com)
An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.
I'd be shocked if they only had one.
yea right again
"Phone vendors were unaware this backdoor has been placed into their products," Sawyer says."
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
Like the reason that most companies encrypted or "secured" their boot systems was to prevent dark hats from getting into phones... something done when nobody asked for such a feature or even cares about security in the first place.
Foxconn's other devices? The ones with the fruity logo?
Comey and Putin will both be sooo happy
Table-ized A.I.
This is good. A way to make unlocking the bootloader easier.
We should all already assume that a person with extended physical access to a phone can get control over it.
The only protection is full-device encryption with a strong password. (Or PIN with crypto chip done better than the iPhone the FBI was recently in the news over.)
We don't want to have to enter that every time we unlock the screen, so a compromise is to use the encryption password on boot-up, and a fingerprint/PIN/pattern on screen unlock.
They were aware of many other back doors, just not this specific one.
"Unaware" - more likely they are aware but are not permitted to talk to anyone about it.
-- Tigger warning: This post may contain tiggers! --
Could something like this have been used to fry those Samsung phone batteries?
ie - some malicious hacking and/or industrial sabotage and/or securities manipulation?
Not so secret, he talks from it all the time!
Can I use this to jailbreak my own phone? Please share if so.
Anybody who thinks they have any security or privacy what-so-ever on there phone is kidding themselves. Cellular phones are designed in such a way to enable tracking for the purpose of providing service. You can't avoid it, and at best we might be able to design a communication device (which has never been done) that reduces the resolution at which tracking can or need occur. The solution to the security (as opposed to tracking) problems is to release the complete set of source code. That won't make devices secure in and of itself, but it is an essential first step. The next would be reducing the code base such that the code could be properly cleaned up, audited and analysed for vulnerabilities, and hopefully fixed. These phones are also designed such that the modems have complete control over the entirety of the device or near-so. Once that is true (which it is for all or near all phones) you can't secure it. It's just not possible. The modem most be separate and not have access to memory/mic/etc or at least without the core OS giving it permission. The modem firmwares can and are remotely updated and have been used to remotely record and bug users. Cell phones are extremely dangerous devices.
So how many programmers have put in ostensible 'back doors' or let us say 'faults' so they can sell those "mistakes" to hackers for big $s.
Come on now, don't tell me the programmers in China and Taiwan are STUPID.
Couldn't be any worse than giving all your info to Google.
It'd be nice for a "backdoor" to actually be a boon to consumers for once.
You are not alone. This is not normal. None of this is normal.
Oblig xkcd.
Also, it turns out "Randall Munroe" is just the name the Matrix gave to its future-predicting algorithm.
Nothing posted to
There are plenty of Chinese manufactured connected devices with back doors. I don't trust Foxconn. I wouldn't be suprised if iPhones have back doors as well. As a precaution I NEVER do any financial transactions on my phone. Don't use your social security number and birthday on your phone or unsecured PC or you will face Identity Theft for certian.
Donald?
I'm sure Apple has no back-doors, Foxconn or not.
I see this more as corporations looking at slumping sales or sales of the devices that the consumer is still able to root and load other images onto like Cyanogen and that pisses them off.
Better scare everyone into buying new better locked down phones.
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Foxconn are the ones that build the hardware and install the software, they wanted to slip in a backdoor to idevices they are in the prime position to do it.
No. Firmware must be signed by Apple. Any substitution or modification (or a bit hit by an alpha particle) won't have a valid signature and the hardware will refuse to run it.
If there is a backdoor in iOS devices it was put there by Apple not Foxconn. Firmware must be digitally signed by Apple or the hardware refuses to run it. Foxconn has no opportunity to modify the firmware.
Samsung handsets have settled for actual explosions, instead of "Pork Explosions".
This affects the Nextbit Robin, which is already bootloader unlockable (just run "fastboot oem unlock-go" and that's it).
Infinity is a long time.
Secure by design - and insecure by design as well.
.this can be used to Jailbreak/root an otherwise unrootsable phone? (just re-rooted my Kindle Fire after Amazon kindly decided to lock it back up for me through a forced OTA update. This time, I didn't foolishly neglect to disable all auto updating. Muhahahaha....)
if you can't see the source it has a back door is not just good advice it almost certainly true
Eternity is a long time, but that is besides the point.
If you have physical access to the device you can clone the encrypted filesystem.
That means that the generic evil organization can let their server farms or botnets do the job.
This "backdoor" is good for rooting/taking control of your phone.
It's a convenience, but not a necessity for taking control of another persons phone in your possession.
It doesn't really have much impact on how secure the data on your phone really is.
Only a huge payout will make companies lose their appetite for such "accidental" and "I-didn't-know-about-it" backdoors in the future.
Because its a piece of crap that gets in the way of doing real work.
It's a truism that if someone has physical access to a device, they can compromise it. Modulo any time/money requirements such as (worst case) cloning the device to brute-force it.
Best Slashdot Co
Security defects have to be explained to managers in order to justify spending time and money on fixes. Going to a manager and saying "we have a problem with pork explosion" is a good way to ensure that you'll be dismissed out of hand.
I don't know what peculiar mental abnormality is causing security researchers to keep trying to top each other in coming up with the stupidest name possible for exploits, but they really need to re-think what they're doing and how it makes them look to the rest of the world.
we can call it URSS now? (new cold war! Kill the commies! / SARCASM)
This is why I carry an iPhone. That way, I don't have to worry about a backdoor pork explosion in my pants. It's the little things, you know...
For your security, this post has been encrypted with ROT-13, twice.
ChromeOS keeps much tighter control of this stuff. There's a diagnostic blob that the manufacturer can alter without a Google signature, but before shipment the "manufacturing fuse" must be blown to load the official Google software. All of the software running on the main CPU is provided by Google, plus all software on the "embedded controller." Everything including and after the RW firmware is signed by Google.
Obviously, you are still vulnerable to your manufacturer and supply chain, but I believe the ChromeOS relationships make it hard for a mistake like this to happen and someone to claim it was "honest", which is enough of a meaningful difference to be the non-military gold standard right now.
Once you are in the signed Google world, they use TPM to prevent rollbacks to vulnerable releases, wipe userdata when flipping the dev switch, etc.
Ironically, DRM jackasses are insisting on Android and declining the HTML5 DRM "attestation" stuff available on ChromeOS. You could probably use this foxconn backdoor to extract media keys.
I'm voting for it having been 'intentionally' left there.
There's got to be a way to stop this sort of thing from happening. Perhaps an independent, 3rd-party testing agency that can sift through a phone to ensure there are no such vulnerabilities, and a government mandate that all phones must pass muster before being allowed for sale? Similar to how the FDA requires testing of medical devices before being allowed for sale in the U.S., except not so corrupt.
There is no need to actually infiltrate the factories manufacturing the original ROM since you can just throw them away and install your counterfeit rom instead.
No, you have to replace the entire processor with a counterfeit. The first "ROM" that starts the chain of signature checks at each level of software is burned into the processor and can not be changed.
https://www.apple.com/business...
"Phone vendors were unaware this backdoor has been placed into their products," Sawyer says."
The NSA gave us a legal order from a secret court telling us the backdoor is not there.