Vulnerabilities Discovered In Mobile Bootloaders of Major Vendors (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Vulnerabilities Discovered In Mobile Bootloaders of Major Vendors (bleepingcomputer.com)

Posted by msmash on Monday September 4, 2017 @06:00PM from the security-woes dept.

An anonymous reader writes: Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the Android OS boot-up sequence, opening devices to attacks. The vulnerabilities were discovered with a new tool called BootStomp, developed by nine computer scientists from the University of California, Santa Barbara. Researchers analyzed five bootloaders from four vendors (NVIDIA, Qualcomm, MediaTek, and Huawei/HiSilicon). Using BootStomp, researchers identified seven security flaws, six new and one previously known (CVE-2014-9798). Of the six new flaws, bootloader vendors already acknowledged five and are working on a fix. "Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said (PDF). "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."

76 comments

Min score:

Reason:

Sort:

Free the Bootloaders by ShakaUVM · 2017-09-04 18:25 · Score: 4, Insightful

Am I the only one that thinks that this information should have been released to the people making rootkits, and not the vendors?
Time has shown that the vendors cannot be trusted and are far more evil than the people allowing people root access on their own machines. Bloatware, regressions through updates (often forced or nagged into acceptance), pushing their own branded crapware, removing options from the user, *preventing* the user from making the machine work the way they want it to, and so forth. You want to *not* have the screen turn on automatically when it starts charging? Sorry, you don't have permissions to do that on your own machine. They're evil. They should get the second look at these vulnerabilities after everyone who wants to root their devices has done so.
1. Re:Free the Bootloaders by Anonymous Coward · 2017-09-04 19:07 · Score: 0
  
  yeah good idea, give the black market time to exploit and pollute the ecosystem even more before getting these fixed, just what the android ecosystem needs more of!
2. Re:Free the Bootloaders by Anonymous Coward · 2017-09-04 20:58 · Score: 2, Insightful
  
  > Time has shown that the vendors cannot be trusted and are far more evil than the people allowing people root access on their own machines.
  Yah, but people will stop buying the bad ones, thus bankrupting those evil vendors. The Invisible Hand and Ponies will surely fix that!
  Oh, wait...
  Yes, all a bit tongue-in-cheek, but I think we're seeing a failure of the maxim "market forces for the benefit of all" dogma here.
3. Re:Free the Bootloaders by Opportunist · 2017-09-04 20:59 · Score: 5, Interesting
  
  The sad realization is that the "black market" has in general lower and less harmful impact on your security and privacy than the device maker.
  Or, in a more direct way, the chance that a jailbreak tool gives you your privacy back is higher than a rootkit stealing even more of it. What could be stolen that has already been stolen?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:Free the Bootloaders by admin7087 · 2017-09-04 21:12 · Score: 3, Insightful
  
  No, you're not the only one. This so-called "chain of trust" is ridiculous. People are forced to trust binary blobs of various nebulous business entities with a long history of nefarious business practices, bad security, and unnecessary collusion with sometimes shady government entities. That's pretty much the opposite of trustworthiness.
5. Re:Free the Bootloaders by Anonymous Coward · 2017-09-04 22:32 · Score: 0
  
  A criminal will only steal from you once and might get caught. But a company will steal from you every month forever.
6. Re:Free the Bootloaders by Opportunist · 2017-09-05 00:08 · Score: 1
  
  And it's legal to do so.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re:Free the Bootloaders by Anonymous Coward · 2017-09-05 00:44 · Score: 1
  
  What could be stolen that has already been stolen?
  Assuming that it does what is advertised, i.e. allows root or flashing of an unsigned custom rom, nothing. It gives back control of the device to the device's owner.
  
  The sad realization is that the "black market" has in general lower and less harmful impact on your security and privacy than the device maker.
  It's an even sadder realization that the person who bought the device is NOT considered to be trusted by default, and that said person must hack the device they own to get that trust back.
  (Cue the "In my day, we had the final say on everything in that thing" rant.)
8. Re:Free the Bootloaders by Anonymous Coward · 2017-09-05 01:46 · Score: 0
  
  By "rootkits", I certainly hope you meant "jailbreaks", unless that term is used differently for mobile devices (i.e. not referring to a means of making malware undetectable to security tools)...
9. Re:Free the Bootloaders by Anonymous Coward · 2017-09-05 01:53 · Score: 0
  
  I think you need a walled garden.
10. Re:Free the Bootloaders by alexgieg · 2017-09-05 01:56 · Score: 1
  
  I think we're seeing a failure of the maxim "market forces for the benefit of all" dogma here.
  Maybe, but it's difficult to say for sure when the whole thing is wrapped under State-sanctioned anti-free-market monopoly-inducing violence-enforced system of intellectual "property" laws: copyrights, patents and trademarks. Plus the selling of monopolies over radio-frequency bands, tons of incumbent-protecting regulatory laws in all markets, Customs-protection of systemic internal inefficiencies, legal impediments for individuals to use for their own benefit the same tactics corporations use etc. etc. etc.
  If those were removed we'd get to see what market forces actually produce on their own under different cultural frameworks. It might be better, it might be even more nightmarish, it might be something equivalent to what we have but different on a few points, and it might even be all of those under different conditions.
  Alas, we don't know. What we do know is that market forces operating within the above restrictions have strong incentives to use those restriction in their own favor, so that the whole package is broken. But which part of the whole is providing most of that breakage is difficult to gauge.
  
  --
  Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
11. Re:Free the Bootloaders by Opportunist · 2017-09-05 02:20 · Score: 3, Insightful
  
  The ultimate sad realization is that the person who bought the device isn't the one who gets to decide who to trust. I trust myself by default. But I am not the one who gets to trust. The manufacturer of the device I pay for gets to say who the device that (again) I PAID FOR trusts.
  THAT is what's ultimately wrong here. The fundamental aspect of ownership is to have total control over something. I own my living room table. I can, if I so please, turn it into firewood. Or sell it. I may put a different coat of paint on it or convert it into a workbench. And nobody, not the government or the carpenter that made it has any right to keep me from doing so.
  Why the FUCK is this different as soon as "on a computer" is added to the mix?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
12. Re:Free the Bootloaders by Sloppy · 2017-09-05 03:24 · Score: 3, Insightful
  
  It's an even sadder realization that the person who bought the device is NOT considered to be trusted by default, and that said person must hack the device they own to get that trust back.
  Never buy any hardware until after you have at least asked who is its master. Whose interests does that computer serve?
  And if the master isn't you, then instead of asking how much you pay for it, ask how much you're being paid to use it.
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
13. Re:Free the Bootloaders by aitikin · 2017-09-05 03:34 · Score: 1
  
  So...curious...what hardware do you use?
  
  --
  "Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
14. Re: Free the Bootloaders by Anonymous Coward · 2017-09-05 04:50 · Score: 0
  
  Sounds like communism. It would have been better if this and that and this.
15. Re: Free the Bootloaders by alexgieg · 2017-09-05 05:14 · Score: 1
  
  Sounds like communism.
  Oh? So communism is all about expressing doubt, listing uncertainties, hypothesizing possible explanations, and suggesting careful testing so as to discover what works and what doesn't? Glad to know! LOL! :-D
  
  --
  Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
16. Re: Free the Bootloaders by Anonymous Coward · 2017-09-05 09:58 · Score: 0
  
  Nazi scum!!!!
17. Re:Free the Bootloaders by GuB-42 · 2017-09-05 10:28 · Score: 1
  
  Hacking bootloaders is not the solution.
  While it does help taking control of devices it also makes you vulnerable from hackers, police, etc...
  What you want is user override. It means the ability to create your own root of trust so that you can decide what to allow. The next best thing is allow you to enable or disable security at will. The procedure should not be too easy and most importantly, require physical access. For example : connect the phone via USB to a computer, run a command or special software on the computer and confirm on the device.
  And instead of trying to hack locked phones, a better idea would be to not buy locked phones in the first place. On Android, there is plenty of phones with unlockable bootloaders. Truly free phones are much harder to come by though. And they tend to be overpriced crap.
18. Re: Free the Bootloaders by brunes69 · 2017-09-05 10:40 · Score: 2
  
  Do you even know what a bootloader exploit is?
  Someone has to PHYSICALLY have your phone in their hands for 15 - 30 minutes to do anything at all with this.
  There are no real security issues with this at all. The only "security" at play here is the security of the vendor having control over what you can do with your own devices after you pay for it.
19. Re: Free the Bootloaders by alexgieg · 2017-09-05 15:13 · Score: 1
  
  LOL! :-D
  
  --
  Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
iOS really is more secure. by Anonymous Coward · 2017-09-04 18:29 · Score: 0, Troll

Never thought I'd be a switcher.
1. Re: iOS really is more secure. by Anonymous Coward · 2017-09-04 18:44 · Score: 1, Insightful
  
  Hey, remember that Ma c virus tbat remained undetected for 2 years?
  Nobody reports anything to APL anymore because why would they?
  Time and again, it's blacklisted researchers demonstrating their apps... Plus they can make more money selling too the black market (sadly).
2. Re: iOS really is more secure. by that+this+is+not+und · 2017-09-04 23:34 · Score: 1
  
  iOS is a richer niche of users (as we are constantly reminded) for criminals and tla agents to tap into. Obviously iOS exploits are more valuable and will be exploited at a higher level & to a higher degree than exploits for the gear the proles use.
3. Re:iOS really is more secure. by Anonymous Coward · 2017-09-05 01:56 · Score: 0
  
  Keep chanting that. "Living in this minefield is way better than that comfy walled garden over there. I've heard that sometimes snakes get in there!"
4. Re:iOS really is more secure. by ArchieBunker · 2017-09-05 02:44 · Score: 2
  
  I think a jailbroken iPhone is the best of both worlds. Apple has the best hardware but locks it down unreasonably. My aging iPhone 5C (circa 2013) was still getting OS updates until iOS 11 was released. Show me an Android phone getting updates four years later.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
overheard in the northern virginia suburbs of d.c. by Anonymous Coward · 2017-09-04 18:30 · Score: 0

"damn it"
For the next few weeks.... by BeCre8iv · 2017-09-04 18:54 · Score: 1

We get to root our phones.

--
This perpetual motion machine Lisa made is a joke, it just keeps getting faster and faster. - Homer
1. Re:For the next few weeks.... by drinkypoo · 2017-09-04 22:44 · Score: 4, Insightful
  
  Most devices won't receive any updates even if they are totally compromised, because that's how much of a shit the vendors give about their customers. Only devices getting updates anyway will get locked back down.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:For the next few weeks.... by Voyager529 · 2017-09-05 00:50 · Score: 1
  
  Most devices won't receive any updates even if they are totally compromised, because that's how much of a shit the vendors give about their customers. Only devices getting updates anyway will get locked back down.
  Ordinarily, yes. But these vulnerabilities have the potential of removing the vendor's ability to retain control over the devices and allowing users to obtain root access on phones that previously did not have that capability..so I have a gut feeling the vendors will be coming out of the woodwork on this.
3. Re:For the next few weeks.... by drinkypoo · 2017-09-05 15:32 · Score: 1
  
  Ordinarily, yes. But these vulnerabilities have the potential of removing the vendor's ability to retain control over the devices and allowing users to obtain root access on phones that previously did not have that capability..so I have a gut feeling the vendors will be coming out of the woodwork on this.
  Once those phones have dropped out of support they are no longer on the manufacturers' radar. Most people won't mess around with a phone with a weird OS on it, they just buy the new shiny shiny. This is unsustainable and I think we can all agree that it is at least stupid but it's the economic reality of phones today.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
My question was: Where is the source code? by Anonymous Coward · 2017-09-04 19:05 · Score: 1

I have a lot of older devices that I want this for.
Furthermore it just proves the NSA/FBI/your local spooks and kooks, probably have had this shit for years, or had agents ensure the same field of exploits were inserted into each company's bootloaders.
This is why they want keys THEY control in place, and why they don't want end users able to program the devices in a way that makes it difficult or impossible for them to compromise.
captcha was 'travesty'. Indeed, indeed it is.
AnyvAttack by aglider · 2017-09-04 19:49 · Score: 2

Once you break into the boot process you can launch any type of attack and perform any type of action.
From replacing firmware and recovery code to whatever else you can imagine.
Even install a better custom ROM.

--
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
From what manufacturers do to your phones by lwmv · 2017-09-04 19:52 · Score: 5, Insightful

you can see the future of IoT. Tons of phones will never get any security updates. I don't think IoT manufacturers will do better than that. Internet of Things = Internet of Vulnerabilities.
1. Re:From what manufacturers do to your phones by Opportunist · 2017-09-04 21:01 · Score: 3, Funny
  
  The Intelligently Designed Internet Of Things Systems are made for their acronym.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re: From what manufacturers do to your phones by that+this+is+not+und · 2017-09-04 23:47 · Score: 1
  
  The future of IoT is the NAT servers (or equivalent replacement) with aggressive filtering that will be installed at every access point that IoT devices connect to the internet through. The security will NOT be maintained at the endpoints much longer. Local device of security is the responsibility of the end user, anywhere the user determines that it matter . Smart lightbulbs will have very little autonomy unless somebody explicitly punches through the security layer. Without augmented security added, cheapo IoT stuff will soon be dumb landlocked junk.
3. Re:From what manufacturers do to your phones by Anonymous Coward · 2017-09-05 03:27 · Score: 0
  
  You can make your own IoT stuff. Are you saying Raspbian has lots of vulnerabilities?
4. Re:From what manufacturers do to your phones by cant_get_a_good_nick · 2017-09-05 04:23 · Score: 1
  
  Internet of Neverupdated Easily Pwn3d Things. Or I.N.E.P.T. for short
5. Re: From what manufacturers do to your phones by Anonymous Coward · 2017-09-05 10:02 · Score: 0
  
  What? You sound clueless as hell. Just spouting words you've heard before.
6. Re: From what manufacturers do to your phones by Anonymous Coward · 2017-09-05 10:04 · Score: 0
  
  Yes.
I used to write bootloaders for a living by Anonymous Coward · 2017-09-04 19:54 · Score: 0

How does one gain access to bootloader code without an ICE? And if you have that access, what difference do security holes make?
Eg., I would used memcpy to move the OS and application from ROM to RAM, then jump to the RAM start address. How would you attack this?
1. Re:I used to write bootloaders for a living by Anonymous Coward · 2017-09-04 23:32 · Score: 0
  
  First, if I were going to attack a bootloader, I wouldn't start with an Internal Combustion Engine. That's just me; but it seems like a bit of an elephant gun against a gnat.
2. Re:I used to write bootloaders for a living by that+this+is+not+und · 2017-09-05 00:48 · Score: 1
  
  Go hang out at the 9600 website. You can come back when you've memorized the resistor color code.
In a word, no: You're not the only one. by Anonymous Coward · 2017-09-04 20:11 · Score: 0

The source of this evil is simple: That "chain of trust" isn't about security, but it's about control. Whether the control buys you security is something else again. But it is clear that the signed boot rigmarole puts the control firmly in the hands of the vendor, and not of the customer. For the customer is a consumer and therefore not to be trusted. See how this works?
Let me spell it out: Because the consumer is not to be trusted he cannot have control, therefore the signing is control over the device in the hands of the vendor and thereby security against the consumer. It's entirely logical. It's also literally the reason all those things talk about "trust": It means the vendor can "trust" you haven't installed your own firmware. It does not mean the firmware is fault-free nor does it mean other actors, like certain state actors well-known for this trick, haven't injected code of their own into the signed code chain.
More like... by Anonymous Coward · 2017-09-04 20:23 · Score: 1

More like Chain of No Trust! Am I right, guys?!
Re:Well... by Opportunist · 2017-09-04 21:00 · Score: 0

Oh c'mon, it was hardly worse than the ladyboy we have now.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Chain of Trust? by Opportunist · 2017-09-04 21:03 · Score: 2

I have this mental image of a noose around my neck and someone yanking the attached chain. I think they mean that chain of trust? Trusting the chain to keep the user in reign?
It's a chain of treachery. If anything, this is GOOD news. It may allow people to actually own their devices, at least for a while.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Chain of Trust? by Anonymous Coward · 2017-09-04 21:07 · Score: 0
  
  It's the chain I go and beat you with til you understand who to trust here. --Jayne
2. Re:Chain of Trust? by Opportunist · 2017-09-04 22:24 · Score: 1
  
  I thought that was the chain of command?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:Chain of Trust? by Anonymous Coward · 2017-09-04 23:34 · Score: 0
  
  So there is, of course, the benefit that this allows users to own their devices. The harsh reality is that is something desired by handfuls of people. The problem is that it allows ANYONE to own your device (at least in the case of the application level attack mentioned in TFS). That's dangerous.
4. Re:Chain of Trust? by Opportunist · 2017-09-05 00:10 · Score: 2
  
  Yes, this MAY allow someone to own your device, but it MAY also allow you to own it.
  Without, you MAY NOT own your own device, but someone else DOES own it with absolute certainty.
  You see the difference, I guess?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Chain of Trust? by that+this+is+not+und · 2017-09-05 00:49 · Score: 0
  
  The GP A.C. probably has an Apple gadget and wouldn't understand.
6. Re:Chain of Trust? by thegarbz · 2017-09-05 02:43 · Score: 1
  
  It may allow people to actually own their devices
  The problem is it also allows people to own *other's* devices.
  The fundamental problem with this is by owning your device you are leaving a security vulnerability exposed. In many cases a cure worse than the disease.
7. Re:Chain of Trust? by Anonymous Coward · 2017-09-05 10:47 · Score: 0
  
  The fundamental problem with this is by owning your device you are leaving a security vulnerability exposed for others. In many cases a cure worse than the disease.
  Emphasis mine. This wouldn't be a problem if the device manufacturer didn't demand that only they could decide what was trustworthy and what wasn't. That's the fundamental problem here. Not that there's a security vulnerability, there always will be, but that there is a design defect in the product that requires a security vulnerability to correct.
  Most people would condemn this if the devices in question respected the authority of their owners, the fact that you see so much opposition to the idea of helping the device manufacturers fix their bugs, should be a huge indicator of just how little trust the device manufactures are deemed to be worth.
More links by eulernet · 2017-09-04 21:25 · Score: 5, Informative

BootStomp's code:
https://github.com/ucsb-seclab...
UCSB's team site:
https://seclab.cs.ucsb.edu/aca...
solution? by Anonymous Coward · 2017-09-04 22:40 · Score: 1

Don't ever reboot your phone?
Re:Hey they all come from China by Zero__Kelvin · 2017-09-04 23:09 · Score: 1

3 of the 4 don't come from China. NVIDIA and Qualcomm are US companies and Mediatek is based in Taiwan.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re: Well... by that+this+is+not+und · 2017-09-04 23:36 · Score: 1

Was there a divorce and wedding I missed hearing about? Reggie changed his name to Michael?
Re:Hey they all come from China by Anonymous Coward · 2017-09-04 23:36 · Score: 0

Technically NVIDIA is run by a Taiwanese guy, who does his manufacturing in Taiwan and China but lives and went to school in the US. Plus, half of this is probably just the Chinese government being involved over the vendor; mandatory backdoors and all that.
Does this mean... by Anonymous Coward · 2017-09-05 00:58 · Score: 0

we can finally install Windows on our locked down android phones?
Boot verification by tepples · 2017-09-05 01:40 · Score: 1

You think the boot process is as follows:
1. Use memcpy to move the OS and application from ROM to RAM
2. Jump to the RAM start address
This is not the case. In fact, the boot process is more similar to the following:
1. Use memcpy to move the OS and application from ROM to RAM
2. Calculate the hash value of the OS and application
3. Decrypt the previously stored hash value of the OS and application using the OS publisher's hardcoded public key
4. If the hash values differ, hang
5. Jump to the RAM start address
The attacks are on steps 2 through 4. The summary mentions a "chain of trust"; this is so-called because the bootloader verifies the kernel in this manner, the kernel the userspace, and the userspace the apps.
1. Re:Boot verification by Anonymous Coward · 2017-09-05 02:21 · Score: 0
  
  No, he thinks that "attack" means "take control of the device away from the user".
  What he missed is that the whole chain of trust is there to prevent the user from controlling the device in the first place, and thus "attack" means "give control of the device to the user".
2. Re:Boot verification by Anonymous Coward · 2017-09-05 04:38 · Score: 0
  
  Yes, I know and there's even more than that (sizing/checking memory, turning on/off interrupts, put peripherals into a quiet (quiescent) state, set up memory paging and control. Probably more, but it was a very long time ago.
  My point is that once you have access to the machine at this state, you can do anything. The relevant quote fta is
  
  the (mis)use of attacker-controlled non-volatile memory
  . If you have this, everything after it is moot
Taiwan vs. Hong Kong by tepples · 2017-09-05 01:42 · Score: 1

3 of the 4 don't come from China. NVIDIA and Qualcomm are US companies and Mediatek is based in Taiwan.
To what extent does Taiwan, Republic of China, have more practical autonomy from the PRC than, say, Hong Kong SAR?
1. Re:Taiwan vs. Hong Kong by slew · 2017-09-05 05:41 · Score: 1
  
  3 of the 4 don't come from China. NVIDIA and Qualcomm are US companies and Mediatek is based in Taiwan.
  To what extent does Taiwan, Republic of China, have more practical autonomy from the PRC than, say, Hong Kong SAR?
  Hong Kong is again part of PRC (as of 1997). According to the PRC, Taiwan is a renegade province. In fact the PRC is pretty pissed off that Tsai Ing-wen of the pan-green coalition (not to be confused with the green party), was elected in 2016. . The Pan-green coalition favors declaring Taiwan independence from the PRC, replacing the Kuomintang (part of the pan-blue which favor closer relations with the PRC). Although Tsai was somewhat careful not to anger the PRC too much on this matter, the PRC decided to unilaterally suspend communications and exchange programs with Taiwan.
  You are free to judge for yourself if this results in Taiwan having more or less practical autonomy from the PRC...
2. Re:Taiwan vs. Hong Kong by Zero__Kelvin · 2017-09-05 08:18 · Score: 1
  
  If Taiwan was China then that is what it would be called ... China.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
3. Re:Taiwan vs. Hong Kong by Anonymous Coward · 2017-09-06 16:13 · Score: 0
  
  China.
Don't you mean? by BradleyUffner · 2017-09-05 03:24 · Score: 1

"Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said (PDF)"
I think they actually mean:
Some of these vulnerabilities would allow a user to execute arbitrary code as part of the bootloader (thus allowing users to have some control over their devices), or to perform installations of custom Android versions with better security than the one that the vendor still hasn't updated after 4 years," the research team said (PDF)
THANK YOU! by Anonymous Coward · 2017-09-05 03:27 · Score: 0

This was the most useful information that most people were looking for after skimming this article :)