Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net

ID MYHACK58:62201789143
Type myhack58
Reporter 佚名
Modified 2017-09-07T00:00:00


California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported by the ping disadvantage. ! In 2017 USENIX Conference on an article BootStomp: On the Security of Bootloaders in Mobile Devices, the experts revealed these security titles will influence manufacturers to supply confidence chain Chain of Trust of Trusted Boot with Verified Boot mechanism. The process of the current may perhaps effectively resist the attackers made gripping the trivial all the corrections right, but delving into those building when the bootloader to suffer from the perpetrators of the muffle into a letter of input, a lot of the confidence chain of the textual order is effective. These flaws in the existing grant impact as the bootloader of the one part fulfilment of the binary code, The incursions of persons or to the poeple of the DOS invasion. Research staff reclamation equipment BootStomp can identify the two bootloader flaws, the intruder may perhaps at the root permissions using these two slits unlock with and to break the confidence chain. As usual terms, the bootloader is not open source, so parsing control of the hard, it is is the target platform outside of the message the appreciation of it. Therefore, the researchers develop their appreciation of the instrument BootStomp, the BootStomp draw over a static appreciation of martial arts and limit the symbolic execution to create a multi-tag identification table banner research to identify the bootloader of the bag. Research staff analysis of the bootloader Huawei P8 ALE-L23 (hisilicon chip), Sony Xperia XA (MediaTek chip), Nexus 9 (NVIDIA chip), and two models based on the LK bootloader (Qualcomm chip)platform operating conditions. Workshop personnel in Huawei P8 Android bootloader invention 5 The need of cracks, parting is any memory write and a comprehensive stay with the boot partition of the Linux equipment tree DTB)bug, read root can write oem_info partition when a stack overflow give himself away, the root user can write nve and oem_info partition cracks, and perhaps incur never of the rootkit installed memory fallacy himself away, and agreed to attack the person like a bootloader strange running arbitrary code arbitrary memory write gap. BootStomp also invented NVIDIA hboot and high-pass aboot the flaws. NVIDIA hboot flaws running in the EL1 layer, in hardware relative is known to the Linux kernel permission. The high-pass aboot the bug(CVE-2014-9798)previously been reported, the synopsis is the use of development of the DOS attack. These cracks using delegate violators in the non-volatile memory non-volatile memory. write to spoof the skills, tricks, bootloader from non-volatile memory in the Read of the grip, is to delve into the proposed use of the new device's hardware feature to stop the attackers write gripping way to remediation these bag the use of the title.