Foxconn Firmware Flaw Leaves Android Devices Vulnerable To USB Hack

Android devices that contain firmware created by Taiwanese manufacturing behemoth Foxconn may be vulnerable to a debugging feature left inside the operating system bootloader.

The backdoor was discovered by US security expert Jon Sawyer, who dubbed it Pork Explosion, and noted that the flaw can be exploited by connecting an Android smartphone via USB to a computer with appropriate software for interacting with the phone during its boot-up procedure.

While the feature appears to be a debugger function left over by Foxconn, savvy hackers can exploit it to put a connected Android device into its factory test mode.

Form here hackers can gain complete control over the device as the factory test mode bypasses the SELinux Android security control giving people access without any need for authentication.

WHITEPAPER: Mobile Security and Risk Review

Foxconn firmware vulnerability

“Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products,” said Sawyer.

“In short, this is a full compromise over USB, which requires no logon access to the device. This vulnerability completely bypasses authentication and authorization controls on the device. It is a prime target for forensic data extraction.

“While it is obviously a debugging feature, it is a backdoor, it isn’t something we should see in modern devices, and it is a sign of great neglect on Foxconn’s part.”

The vulnerability appeared to affect the Nextbit Robin smartphone, but has since been patched, However, Foxconn provides manufacturing services to a huge number of Android devices so many more could be vulnerable to the exploit.

While hackers would need physical access to the phone, the exploit means stolen Android smartphones could be accessed even if the legitimate owner has security measures in place.

For more technical readers, Sawyer recommends taking the following action: “For those looking to detect vulnerable devices, you can check for the partitions “ftmboot” and “ftmdata”. The “ftmboot” partition contacts a traditional Android kernel/ramdisk image. This one has SELinux disabled, and adb running as root. The “ftmdata” partition is mounted on /data during ftm bootmode. These partitions are only a sign that the device is vulnerable.”

Flaws in Android devices and software are sadly not uncommon, with it recently being revealed that 900 million of them could be vulnerable to attack and work arounds of its security being harnessed by malware exploits.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 days ago