Mobile Bootloaders From Major Hardware OEMs Reportedly Overrun With Security Holes
There is a good chance that your Android device is insecure from the get-go. In examining smartphone bootloader firmware, security researchers from the University of California, Santa Barbara found vulnerabilities in bootloader components from five major chipset vendors. In each case, these flaws break what is called the CoT (Chain of Trust) during the boot-up process, ultimately leaving devices susceptible to attack.
The researchers built a tool called BootStomp to automatically sniff out security vulnerabilities that are related the misuse of compromised non-volatile memory, trusted by the bootloader's code. In using BootStomp to look over previously obscure bootloader code and then examining its findings, researchers found a total of seven security flaws, six of them new and one that was previously discovered. Of the half a dozen newly found flaws, bootloader vendors have acknowledged and confirmed five of them.
"Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the researchers warn. "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."
The five bootloaders were from devices using three different chipset families. They include:
The researchers concluded in a related paper (PDF) that current standards and guidelines are not sufficient to guide developers toward creating security solutions.
Thumbnail Image Source: Flickr (brownpau)
The researchers built a tool called BootStomp to automatically sniff out security vulnerabilities that are related the misuse of compromised non-volatile memory, trusted by the bootloader's code. In using BootStomp to look over previously obscure bootloader code and then examining its findings, researchers found a total of seven security flaws, six of them new and one that was previously discovered. Of the half a dozen newly found flaws, bootloader vendors have acknowledged and confirmed five of them.
"Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the researchers warn. "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."
The five bootloaders were from devices using three different chipset families. They include:
- Huawei P8 ALE-L23 (HiSilicon chipset)
- Nexus 9 (NVIDIA Tegra chipset)
- Sony Xperia XA (MediaTek chipset)
The researchers concluded in a related paper (PDF) that current standards and guidelines are not sufficient to guide developers toward creating security solutions.
Thumbnail Image Source: Flickr (brownpau)
