Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com)

Posted by BeauHD on from the secret-backdoor dept.

An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

4 of 95 comments (clear)

  1. So how about... by cheesybagel · · Score: 4, Interesting

    Foxconn's other devices? The ones with the fruity logo?

  2. Jailbreak by brunes69 · · Score: 4, Interesting

    Can I use this to jailbreak my own phone? Please share if so.

  3. Re:I warned about this for years, no one listened. by AHuxley · · Score: 4, Interesting

    Its the US bands that trusted, supported, helped, upgraded and bought into low pay nations over decades.
    Its the US products brand on the device with US testing, spec and support.
    Designed to US brands spec, per production run and contract.
    The only easy way to secure a product is to make it in house. Have your own fab running in the USA or trusted 5 eye like nation.
    US production runs in global factories are just puzzles to the smart international staff.
    How many humans are needed, humans and robots or robots per part.
    Also the same products have to sell globally. A lot of police forces/mil/govs just do not allow any device they cant totally access to be part of their national telco networks.
    No need to run per nation production lines. Just have a police backdoor compliance per device, not need for extra production teams. The security services are happy, no per nation bans or competing products be granted access to lucrative markets.

    --
    Domestic spying is now "Benign Information Gathering"
  4. Android - Secure By Design by mveloso · · Score: 3, Interesting

    Secure by design - and insecure by design as well.