The four mainstream Android phone manufacturers the BootLoader in the presence of multiple flaws vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201789055
Type myhack58
Reporter 佚名
Modified 2017-09-04T00:00:00


University of California, Santa Barbara 9 the researchers found that the four mainstream chip manufacturers of the Android bootloader component the presence of multiple vulnerabilities. These vulnerabilities can lead to the phone chain of trust during the boot process is compromised, so that the device under attack. The researchers developed a BootStomp to the analysis of bootloader The research team found that the Android bootloader components of the closed-source development and the lack of General metadata such as program head or the debugging symbols of characteristics, making it difficult to be reverse analysis to carry out a Safety Audit, not to mention analysis. Their research work is mainly focused on the development of a named BootStomp of the new tool, designed for test and analysis bootloder it. BootStomp goal is to automatically identify with the abuse/use controlled by the attacker and by the bootlaoder code TRUST the non-volatile memory related security vulnerabilities. Specifically, the researchers will use their own system as an automatic system, the bootloader as input, thereby outputting a lot may prompt a security vulnerability exists in the warning message. After manual analysis of these warning information and quickly determine whether the highlighted features would constitute a security threat. Experts found that six of the new flaws By BootStomp found before the bootloader code present in the problem areas and view the results the way, the security experts stated that they found seven security flaws, six of which are new issues, one is a previously known issue (CVE-2014-9798)。 In the six new defects, bootloader the manufacturer has been proven and confirmed five. The research team noted that some vulnerability will allow the attacker to execute arbitrary code and thus captured the entire chain of trust, or perform a DoS attack. The tool also found that the two bootloader vulnerability can lead an attacker to obtain theoperating systemsroot permission to unlock the device and break the chain of trust. Researchers from four different vendors have found five different bootloader: the Huawei/hisilicon chip set [Huawei P8 ALE-L23] NVIDIA figure core chip set [Nexus 9] MediaTek chip set [Sony Xperia XA] Qualcomm's new LK bootloader The High Pass of the old LK bootloader Researchers previously knew that the high-pass old LK bootloader is affected by CVE-2014-9798 vulnerability. When BootStomp again recognize this old security vulnerabilities, they confirm that the tools run good. They are also in the NVIDIA chip set found a vulnerability in hisilicon bootloader found five vulnerabilities. Complete results are as follows: ! More details as well as the proposed mitigation measures, in the title to the BootStomp: on mobile devices the bootloader security of the papers found. Researchers at the beginning of the month Vancouver, Canada, USENIX Security Conference on the show their research results.