Android Smartphones from Foxconn Manufacturer Plagued with Dangerous Security Flaw known as Pork Explosion.
Android operating system has become quite vulnerable to hacking issues and Google has continuously been trying to fix the security flaws and make the system reliable enough for users around the world. However, despite all these efforts to patch up the identified flaws, a new vulnerability pops up every now and then.
Recently, another serious flaw has been discovered by a security expert Jon Sawyer aka Justin Case or jCase, which affects Android smartphones. This new flaw is so dangerous that it sabotages all the security measures of the operating system to such an extent that the device becomes vulnerable to all kinds of attacks. Sawyer has dubbed this vulnerability as Pork Explosion and it was mainly identified in the apps bootloader from hardware developer Foxconn Technologies.
Sawyer claims that this is not an Android-specific flaw and most importantly, he thinks that the hardware developer firm has intentionally introduced it but the company is yet unaware of the presence of this backdoor in their manufactured devices.
For your information, Foxconn is a well-known and one of the biggest hardware developer firms in the market. This firm is largely known for its partnership with Apple in the manufacturing of iPhones but it also manufactures a majority of Android OEMs such as Samsung, Sony and LG.
The problem arises from the need to create low-level firmware for these devices, which a few of these manufacturers allow Foxconn to do. Sawyer believes that a backdoor has been planted in the bootloader app and this backdoor can be used by the exploiter to access the Android device. When the backdoor manages to gain substantial privileges and compromises the security, it becomes easier to extract forensic data, brute force encryption keys and even unlocks any device’s bootloader without needing to reset user data.
When an attacker encrypts the device and obtains access to the root shell then using the compromised bootloader, the attacker can execute two types of commands, normal (such as getvar or reboot)and OEM. OEM commands are basically non-standard commands, which are usually implemented by the developers of the device whereas normal commands can be sent via USB after being hard-coded into the fastboot client.
However, the command that startled Swayer the most was ‘reboot-ftm,’ which is not a normal or OEM command and this command couldn’t be sent to the fastboot client and to access it one needs to build a custom client that creates a link to the device and send this command to the bootloader. Then another command is issued for rebooting the phone into factory test mode. This mode compromises the USB. If the ‘adb daemon’ feature isn’t running as root then the attacker won’t need to bypass the device while being connected to an unidentified computer. In such a scenario, SELinux isn’t permissive and stays in disable mode.
Two devices Nextbit Robin and Infocus manufactured by Foxconn were identified to be vulnerable to this security flaw. Swayer has informed the companies involved in the manufacturing of these smartphones including Foxconn. He also speculated that Foxconn might have added this debugging feature while manufacturing the devices and it can serve as a backdoor for hackers in future devices. Therefore, it is important that the company fixes this vulnerability soon.