Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[NEWS] Snapdragon vulnerability - Will it open doors for unlock locked bootloaders?

OP syntesys

9th August 2014, 12:43 AM   |  #1  
syntesys's Avatar
OP Senior Member
Flag Sassari
Thanks Meter: 30
 
224 posts
Join Date:Joined: Oct 2011
More
At the Black Hat conference in Las Vegas this week, computer security researcher Dan Rosenberg unveiled a previously unpublished security flaw that could be used to permanently unlock the bootloader on Android phones. Demonstrated on a Motorola Moto X on Wednesday, the exploit affects almost any device using a modern Qualcomm Snapdragon chip.

The flaw is in ARM’s TrustZone technology, which basically allows a device to have two separate operating systems or “worlds,” one with privileged access, and one for normal apps and operation. By segregating access to hardware and sensitive information from the main OS, it’s possible to improve device security. But the flaw Rosenberg found is in TrustZone itself, or more specifically, Qualcomm’s implementation.

Qualcomm is aware of the security issue, and according to a spokesperson, has taken actions to patch the vulnerability: “We’re aware of this issue and have already made available software updates for our impacted customers to address the reported vulnerabilities.”

Rosenberg warns that this vulnerability affects all known Android devices with a Qualcomm Snapdragon SoC, including popular phones like the Nexus 5, the HTC One, and Samsung’s Galaxy Note 3, as well as the Moto X. The Samsung Galaxy S5 and the HTC One M8 have already been patched — although the exploit was only recently publicized, it was discovered at the start of July.

There are two ways of looking at this: First, it’s probably not good that a presumably trusted environment would allow anyone to execute arbitrary code — especially if that environment is underpinning a lot of security software, like Samsung Knox. But on the other hand, the unpatched exploit could lead to new devices getting bootloader unlocking methods, which would please people who like to tinker with their phone. Keep in mind, the full details of the exploit haven’t been published and it’s likely that device manufacturers are already working on patches.

Original: GigaOM
Last edited by syntesys; 9th August 2014 at 12:45 AM.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes