Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor

An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

Re:So how about...

i'd be really surprised if Apple outsourced their firmware development to Foxconn without auditing the shit out of it. they're pretty obsessive about that.

Foxconn are the ones that build the hardware and install the software, they wanted to slip in a backdoor to idevices they are in the prime position to do it. But of course no Chinese company would ever do that to an American company.