from the there's-more-where-that-came-from dept.
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks.
The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara.
The research team looked into the shadowy world of Android bootloaders, components that are hard to analyze because they are closed-source and tend to lack typical metadata (such as program headers or debugging symbols) that are usually found in normal programs and help reverse engineering and security audits.
Most of the team's work focused on developing a new tool named BootStomp specialized in helping test and analyze bootloaders.
The goal of BootStomp is to automatically identify security vulnerabilities that are related to the (mis)use of attacker-controlled non-volatile memory, trusted by the bootloader's code. In particular, we envision using our system as an automatic system that, given a bootloader as input, outputs a number of alerts that could signal the presence of security vulnerabilities. Then, human analysts can analyze these alerts and quickly determine whether the highlighted functionality indeed constitute a security threat.
By using BootStomp to find problematic areas of the previously obscure bootloader code, and then having the research team look over the findings, experts said they identified seven security flaws, six new and one previously known (CVE-2014-9798). Of the six new flaws, bootloader vendors already acknowledged and confirmed five.
(Score: -1, Offtopic) by Anonymous Coward on Wednesday September 06 2017, @11:07AM (1 child)
fruit loops within!
(Score: -1, Offtopic) by Anonymous Coward on Wednesday September 06 2017, @11:14AM
bet you can't rub one off shooting through the air and landing in my mouth
(Score: 5, Informative) by crafoo on Wednesday September 06 2017, @12:21PM (2 children)
Stuff I wished was in the summary -
They looked at 5 bootloaders:
- Huawei / HiSilicon chipset [Huawei P8 ALE-L23]
- NVIDIA Tegra chipset [Nexus 9]
- MediaTek chipset [Sony Xperia XA]
- Qualcomm's new LK bootloader
- Qualcomm's old LK bootloader
Their tool identified bugs/exploits in all except the new Qualcomm LK bootloader.
Link to the actual paper: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-redini.pdf [usenix.org]
(Score: 2) by Hyperturtle on Wednesday September 06 2017, @08:16PM (1 child)
I wish someone referred to this post in the "No going back after Oreo" post.
Awfully convenient to have a new OS upgrade coming out with lots of desirable feautres... that also will fix this problem and prevent other OSes from getting loaded.
Seems really nice for them that this security issue is getting news coverage around the time the hype machine has started for the new OS.
(Score: 2) by bob_super on Wednesday September 06 2017, @08:21PM
"Hey did you see these people have non-secure phones? Do you remember we kept even the US government from getting into a locked phone? Do you know we're about the announce a new shiny expensive device?" - Apple PR.
(Score: 0) by Anonymous Coward on Wednesday September 06 2017, @12:22PM (1 child)
Mitigation I like that their first recommended mitigation is essentially write more secure boot loaders, if anyone at this point believe that android isn't insecure by design and won of the main reasons google is allowed so much monopoly by governments your not paying attention
(Score: 2, Informative) by Anonymous Coward on Wednesday September 06 2017, @01:15PM
Note holes in question is in the kind of security designed to prevent users from rooting their own devices. And allowing users to own their own devices is one of the major selling points of Android.
(Score: 3, Insightful) by Revek on Wednesday September 06 2017, @12:49PM
Maybe I can room my AT and Fee phone. So I can remove all the crap on it I don't want.
This page was generated by a Swarm of Roaming Elephants