Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com)

Posted by BeauHD on from the secret-backdoor dept.

An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

20 of 95 comments (clear)

  1. hah! "may" ... yea right. by Narcocide · · Score: 3, Insightful

    I'd be shocked if they only had one.

  2. So how about... by cheesybagel · · Score: 4, Interesting

    Foxconn's other devices? The ones with the fruity logo?

    1. Re:So how about... by retchdog · · Score: 2

      i'd be really surprised if Apple outsourced their firmware development to Foxconn without auditing the shit out of it. they're pretty obsessive about that.

      --
      "They were pure niggers." – Noam Chomsky
    2. Re:So how about... by Anonymous Coward · · Score: 4, Informative

      i'd be really surprised if Apple outsourced their firmware development to Foxconn without auditing the shit out of it. they're pretty obsessive about that.

      Foxconn are the ones that build the hardware and install the software, they wanted to slip in a backdoor to idevices they are in the prime position to do it. But of course no Chinese company would ever do that to an American company.

    3. Re:So how about... by macs4all · · Score: 2

      Foxconn's other devices? The ones with the fruity logo?

      Nope. Apple does their own Firmware for every single thing they design.

  3. Unaware - or by WillAffleckUW · · Score: 2

    "Unaware" - more likely they are aware but are not permitted to talk to anyone about it.

    --
    -- Tigger warning: This post may contain tiggers! --
  4. Jailbreak by brunes69 · · Score: 4, Interesting

    Can I use this to jailbreak my own phone? Please share if so.

  5. We need a *COMPLETE set of SOURCE CODE* by Anonymous Coward · · Score: 3, Insightful

    Anybody who thinks they have any security or privacy what-so-ever on there phone is kidding themselves. Cellular phones are designed in such a way to enable tracking for the purpose of providing service. You can't avoid it, and at best we might be able to design a communication device (which has never been done) that reduces the resolution at which tracking can or need occur. The solution to the security (as opposed to tracking) problems is to release the complete set of source code. That won't make devices secure in and of itself, but it is an essential first step. The next would be reducing the code base such that the code could be properly cleaned up, audited and analysed for vulnerabilities, and hopefully fixed. These phones are also designed such that the modems have complete control over the entirety of the device or near-so. Once that is true (which it is for all or near all phones) you can't secure it. It's just not possible. The modem most be separate and not have access to memory/mic/etc or at least without the core OS giving it permission. The modem firmwares can and are remotely updated and have been used to remotely record and bug users. Cell phones are extremely dangerous devices.

  6. OK, So ... The pay is not so good ... by BoRegardless · · Score: 3, Insightful

    So how many programmers have put in ostensible 'back doors' or let us say 'faults' so they can sell those "mistakes" to hackers for big $s.

    Come on now, don't tell me the programmers in China and Taiwan are STUPID.

  7. "reboot-ftm"... that's it? by flopsquad · · Score: 4, Insightful

    Oblig xkcd.

    Also, it turns out "Randall Munroe" is just the name the Matrix gave to its future-predicting algorithm.

    --
    Nothing posted to /. has ever been legal advice, including this.
  8. I warned about this for years, no one listened. by jerryjnormandin · · Score: 2

    There are plenty of Chinese manufactured connected devices with back doors. I don't trust Foxconn. I wouldn't be suprised if iPhones have back doors as well. As a precaution I NEVER do any financial transactions on my phone. Don't use your social security number and birthday on your phone or unsecured PC or you will face Identity Theft for certian.

    1. Re:I warned about this for years, no one listened. by AHuxley · · Score: 4, Interesting

      Its the US bands that trusted, supported, helped, upgraded and bought into low pay nations over decades.
      Its the US products brand on the device with US testing, spec and support.
      Designed to US brands spec, per production run and contract.
      The only easy way to secure a product is to make it in house. Have your own fab running in the USA or trusted 5 eye like nation.
      US production runs in global factories are just puzzles to the smart international staff.
      How many humans are needed, humans and robots or robots per part.
      Also the same products have to sell globally. A lot of police forces/mil/govs just do not allow any device they cant totally access to be part of their national telco networks.
      No need to run per nation production lines. Just have a police backdoor compliance per device, not need for extra production teams. The security services are happy, no per nation bans or competing products be granted access to lucrative markets.

      --
      Domestic spying is now "Benign Information Gathering"
  9. I'm sure... by dohzer · · Score: 2

    I'm sure Apple has no back-doors, Foxconn or not.

  10. Firmware must be signed by Apple by perpenso · · Score: 2

    Foxconn are the ones that build the hardware and install the software, they wanted to slip in a backdoor to idevices they are in the prime position to do it.

    No. Firmware must be signed by Apple. Any substitution or modification (or a bit hit by an alpha particle) won't have a valid signature and the hardware will refuse to run it.

    1. Re:Firmware must be signed by Apple by BronsCon · · Score: 2

      Right, and Foxconn can't add their own signing keys to the devices when they're the ones burning the ROMs that hold them.

      Oh...

      Wait...

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    2. Re:Firmware must be signed by Apple by tlhIngan · · Score: 4, Insightful

      Right, and Foxconn can't add their own signing keys to the devices when they're the ones burning the ROMs that hold them.

      Oh...

      Wait...

      Considering the ROM in question is fixed in the fabs at TSMC or Samsung, it would be really hard to add another key. In addition, that would require the hardware have support for multiple signing keys.

      Even if the keys were programmed after the fact, the ROM code would generally just assume the next stage loader code must be signed with a key in a specific location in OTP. And in general, only one key is valid - the boot ROM has only so much space and having to check additional keys takes up additional logic that may or may not be available.

      So Foxconn would need to compromise two facilities, one in Texas (Samsung), one in Taiwan, change the masks ($100K each) that contain the boot ROM code and keys, then load on their compromised firmware.

      Oh yeah, and they need to hack Apple so Apple's firmware distributes the modified binaries as well. Apple's ROM code is so sophisticated it can reload the firmware from scratch which would wipe out any of the Foxconn changes. (DFU recovery mode reloads the entire OS).

  11. Android - Secure By Design by mveloso · · Score: 3, Interesting

    Secure by design - and insecure by design as well.

  12. Pork explosion... really? by GrumpySteen · · Score: 2

    Security defects have to be explained to managers in order to justify spending time and money on fixes. Going to a manager and saying "we have a problem with pork explosion" is a good way to ensure that you'll be dismissed out of hand.

    I don't know what peculiar mental abnormality is causing security researchers to keep trying to top each other in coming up with the stupidest name possible for exploits, but they really need to re-think what they're doing and how it makes them look to the rest of the world.

  13. Now you see... by Shoten · · Score: 2

    This is why I carry an iPhone. That way, I don't have to worry about a backdoor pork explosion in my pants. It's the little things, you know...

    --

    For your security, this post has been encrypted with ROT-13, twice.
    1. Re:Now you see... by Shoten · · Score: 2

      Foxconn make iphones too fruit fag lover.

      So...humor? Ever heard of it? :)

      --

      For your security, this post has been encrypted with ROT-13, twice.