CYBER NEWS

Foxconn Firmware in Android Devices May Allow Backdoor Access

backdoor-access-stforum

Android may also be prone to backdoor access – through a debugging feature in the OS bootloader. However, only devices that have firmware developed by Foxconn appear to be inclined to this vulnerability. The OS bootloader can act as a backdoor and can bypass authentication procedures for an unauthorized third party with USB access to a vulnerable device. The issues has been disclosed by security researcher Jon Sawyer, who named the backdoor… Pork Explosion.


More about Foxconn

Pay close attention:

Hon Hai Precision Industry Co., Ltd., trading as Foxconn Technology Group, is a Taiwanese multinational electronics contract manufacturing company headquartered in New Taipei City, Taiwan. Foxconn is the world’s largest contract electronics manufacturer,[3] and the third-largest information technology company by revenue.

The researcher explains that the backdoor may be found in many devices because “Foxconn assembles phones for many many vendors”. Plus, some of the vendors may choose to allow Foxconn to build many low level pieces of firmware.

Related: Firmware Malware Scan Added to VirusTotal’s Set of Tools

The researcher has identified at least two vendors with vulnerable devices, InFocus (M810) and Nextbit (Robin), but he believes the list can be quite longer. Pork Explosion allows an attack with physical access to a device to gain a root shell.


Pork Explosion Attack Explained

According to the researcher, the attack can be made via fastboot and the apps bootloader, or via adb if access is available. Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be valuable for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data.

The worst thing is that phone vendors were unaware this backdoor has been placed into their products.

According to Sawyer, this is how one can detect Android devices affected by Pork Explosion:

For those looking to detect vulnerable devices, you can check for the partitions “ftmboot” and “ftmdata”. The “ftmboot” partition contacts a traditional Android kernel/ramdisk image. This one has SELinux disabled, and adb running as root. The “ftmdata” partition is mounted on /data during ftm bootmode. These partitions are only a sign that the device is vulnerable.

For full technical disclosure, visit the researcher’s page.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...