Slashdot Mirror
Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com)
An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.
Foxconn's other devices? The ones with the fruity logo?
Can I use this to jailbreak my own phone? Please share if so.
Oblig xkcd.
Also, it turns out "Randall Munroe" is just the name the Matrix gave to its future-predicting algorithm.
Nothing posted to
Its the US bands that trusted, supported, helped, upgraded and bought into low pay nations over decades.
Its the US products brand on the device with US testing, spec and support.
Designed to US brands spec, per production run and contract.
The only easy way to secure a product is to make it in house. Have your own fab running in the USA or trusted 5 eye like nation.
US production runs in global factories are just puzzles to the smart international staff.
How many humans are needed, humans and robots or robots per part.
Also the same products have to sell globally. A lot of police forces/mil/govs just do not allow any device they cant totally access to be part of their national telco networks.
No need to run per nation production lines. Just have a police backdoor compliance per device, not need for extra production teams. The security services are happy, no per nation bans or competing products be granted access to lucrative markets.
Domestic spying is now "Benign Information Gathering"
Considering the ROM in question is fixed in the fabs at TSMC or Samsung, it would be really hard to add another key. In addition, that would require the hardware have support for multiple signing keys.
Even if the keys were programmed after the fact, the ROM code would generally just assume the next stage loader code must be signed with a key in a specific location in OTP. And in general, only one key is valid - the boot ROM has only so much space and having to check additional keys takes up additional logic that may or may not be available.
So Foxconn would need to compromise two facilities, one in Texas (Samsung), one in Taiwan, change the masks ($100K each) that contain the boot ROM code and keys, then load on their compromised firmware.
Oh yeah, and they need to hack Apple so Apple's firmware distributes the modified binaries as well. Apple's ROM code is so sophisticated it can reload the firmware from scratch which would wipe out any of the Foxconn changes. (DFU recovery mode reloads the entire OS).