The beveiligingsonderzoeker (and BBQ fan) has the back door the name “Pork Explosion” and explains on its site BBQ and 0days out how the backdoor works.
Attackers can a malicious fastboot command to send to devices with the firmware and this ensures that all authenticatieprotocollen and security measures to be circumvented. The unit will restart in the fabriekstest-mode.
Saywer explains that attackers in this way, full access to a device and the bootloader can be unlock without the user data to manipulate. “This is likely a debugging feature, but can be used as a back door.”
In principle, each device that the firmware Foxconn turns vulnerable and Sawyer reports that there are currently two models sure know are vulnerable. The Nextbit Robin and the InFocus M810.
On the following page: make sure your device is vulnerable
No comments:
Post a Comment