Some Android devices that contain firmware created by Foxconn, a Taiwanese company that assembles the electronic parts of several Android smartphone manufacturers, may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone.
Jon Sawyer, a US security expert, discovered at the end of August that this firmware included support for booting up Android devices without having to go through the proper authentication procedure.
By sending the “reboot-ftm” command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled.
Mr Sawyer also provides instructions on how to detect if a phone is affected.
“Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products,” Sawyer says.
