Jump to content


Photo

Qualcomm SOC Vulnerability Found, Affects Many Android Devices


  • Please log in to reply
9 replies to this topic

#1 mjs27541

mjs27541

    I have no idea what's going on...

  • News Writer
  • PipPipPipPip
  • 1,276 posts
  • LocationSouthern MD
  • Current Device(s):LG G2

Posted 07 August 2014 - 02:30 PM

UPDATE: Dan has gone on record and stated that neither LG nor Samsung devices can be bootloader unlocked with this method.  Period, dot, the end.

 

UPDATE 2: Qualcomm has now issued a statement that they are aware of this vulnerability, and that they have released a patch to device manufacturers.  

 

     Beware, major geek speak lies ahead.  Security research extraordinaire Dan Rosenberg, aka djrbliss, made a presentation at the Black Hat security convention yesterday that, to put it mildly, is kind of a huge deal.  He showed that it is possible to exploit a vulnerability within the TrustZone of a device running a Qualcomm SOC to either unlock or circumvent a secure bootloader.  Then he proved the concept by unlocking the bootloader of a consumer version Moto X.  I'll let that sink in for a second...      

 

     Still with me?  Okay, I'm not going to get into a serious discussion of how this works, because frankly I don't completely understand it. But I'll attempt to break it down as simply as I can.  Any device that is powered by a Qualcomm SOC, including most every flagship Android device produced within the past year, utilizes what is referred to as the TrustZone, which acts as an intermediary between the kernel and hardware and regulates what are trusted apps and commands, and what are not.  Things are broken down even further into what is considered the secure and non-secure sides of the device.  The non-secure side includes the Linux kernel, the Android operating system, and most every app on your device.  On the secure side, you have what is called the Trusted Execution Environment, which in Qualcomm land is called the Qualcomm Secure Execution Environment.  This secure side of the house has access to absolutely everything on your device, both in terms of hardware and software, such as the Qfuses that dictate whether some of your devices' bootloaders are locked or unlocked.  What Dan was able to do was find a vulnerability that allows code to be executed from within that secure side, allowing him to bypass or unlock a secure bootloader.  What devices does this affect? The Moto X, HTC One, Samsung Galaxy S4, and LG G2 to name a few.          

     Now comes the part where I dash everyone's hopes for a Utopian land where locked bootloaders are a thing of the past.  First of all, Dan was able to exploit this onstage at Black Hat, but he has not released the details of exactly how he did it.  So there is currently no exploit in the wild to allow anyone to do this.  Secondly, if an exploit is ever released, there's a good chance it will be patched very, very soon.  So if you have a current Android phone running a Snapdragon SOC and are hoping to profit from this, avoid any OTA updates like the plague.  Finally, the Galaxy S5 and HTC One M8 have already had this vulnerability patched, so no love for owners of those devices.  Dan's paper explaining the details of the vulnerability can be found below.  

 

Source: XDA, (thanks SamuriHL, shane1, and cmh714!)

Attached Files


  • SamuriHL, dautley, chrisp6825 and 3 others like this

#2 dautley

dautley

    Member

  • Dedicated Supporter
  • PipPip
  • 66 posts
  • LocationTN.
  • Current Device(s):HTC One (M8) , Nexus 7 (2012), Nexus 10

Posted 08 August 2014 - 04:00 PM

More info on what variants of the M8 may have already been patched would be appreciated!

 

Edit Never mind, just looked at the PDF, the way I'm reading it is the HTC One M8 already has been patched and as far as I know Sunshine is still able to S-off, and boot loader unlock all variants so I'm assuming us M8 owners are still good to go for now.......



#3 mjs27541

mjs27541

    I have no idea what's going on...

  • News Writer
  • PipPipPipPip
  • 1,276 posts
  • LocationSouthern MD
  • Current Device(s):LG G2

Posted 08 August 2014 - 04:15 PM

Yeah I haven't seen anything that specifically relates to any of the variants of the M8. My guess is that if Dan is making a statement that this vulnerability has been patched on the M8 and S5, he's referring to all of their variants as well.

#4 KaChow

KaChow

    If Only...

  • Superuser
  • 364 posts
  • LocationPhiladelphia
  • Current Device(s):S6 (sm-g920f), Moto XT1575(waiting)

Posted 13 August 2014 - 08:38 AM

This is pretty interesting because Samsung just recently went ahead and confirmed that they will be using the Snapdragon 805 on all US models of the Note 4. There had been discussion that they would run it on the Exynos CPU which is rumored to be heading to the EURO/International market. Here's the confirmation from Sammobile

Please Login or Register to see this Hidden Content

 

Which I suppose based on any US Carrier where the Snapdragon is used there is no hope for Unlock, and certainly there is no hope for Safestrap either. Which if this is the case or direction that Samsung moves going forward with their devices, the only Devices that would be meant for unlocking purposes are the devices available

Please Login or Register to see this Hidden Content


If you like this signature click on the Marvel logo this one is from Thor: The Dark World-> copy the html link to your signature in my settings-> Enjoy!


#5 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 43,371 posts
  • Current Device(s):S21 Ultra, Pixel 6

Posted 13 August 2014 - 09:15 AM

The number of unlockable phones is dwindling.  The number of useful unlockable phones is also pretty sad.  What do I mean?

 

Samsung:

 

o) Dev Edition unlockable devices.....not updated

o) GPE devices....no longer available

 

Motorola:

 

o) Dev Edition unlockable devices....not downgradable without risk of bricking.....on....an unlocked bootloader.  I'll just let that sink in for a minute

 

There's Nexus phones, but, if the Shamu rumor of 5.9" is true, that's a tablet not a phone.  Vulnerabilities like this in the TZ are going to be harder and harder to find and exploit.  It's really not a good time for the unlocked community IMO.


Non potest esse nisi unus


#6 KaChow

KaChow

    If Only...

  • Superuser
  • 364 posts
  • LocationPhiladelphia
  • Current Device(s):S6 (sm-g920f), Moto XT1575(waiting)

Posted 13 August 2014 - 01:34 PM

The number of unlockable phones is dwindling. The number of useful unlockable phones is also pretty sad. What do I mean?

Samsung:

o) Dev Edition unlockable devices.....not updated
o) GPE devices....no longer available

Motorola:

o) Dev Edition unlockable devices....not downgradable without risk of bricking.....on....an unlocked bootloader. I'll just let that sink in for a minute

There's Nexus phones, but, if the Shamu rumor of 5.9" is true, that's a tablet not a phone. Vulnerabilities like this in the TZ are going to be harder and harder to find and exploit. It's really not a good time for the unlocked community IMO.


Speaking of the Shamu rumor, I'm reading that is not a 5.9", but instead it is a QHD 5.2" with a 2.6ghz Snapdragon 805, details can be found here;

Please Login or Register to see this Hidden Content



Sent from my LG-F400S using Tapatalk


If you like this signature click on the Marvel logo this one is from Thor: The Dark World-> copy the html link to your signature in my settings-> Enjoy!


#7 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 43,371 posts
  • Current Device(s):S21 Ultra, Pixel 6

Posted 13 August 2014 - 01:43 PM

I reported that earlier, but, I have some suspicions about the reliability of the info.


Non potest esse nisi unus


#8 KaChow

KaChow

    If Only...

  • Superuser
  • 364 posts
  • LocationPhiladelphia
  • Current Device(s):S6 (sm-g920f), Moto XT1575(waiting)

Posted 13 August 2014 - 04:05 PM

I reported that earlier, but, I have some suspicions about the reliability of the info.

I have to admit that I'm suspicious as well. 

 

On a lighter note and maybe this could be viewed as more of positive for us, there is a mention that LG is working on a Unlocking Server solution for the G3, certainly would be better to have something more official than this, followed with a timeframe, but anyhow this is worth mentioning...

Please Login or Register to see this Hidden Content


  • SamuriHL likes this

If you like this signature click on the Marvel logo this one is from Thor: The Dark World-> copy the html link to your signature in my settings-> Enjoy!


#9 livinginkaos

livinginkaos

    I don't know what I'm doing anymore.....

  • Administrator
  • 15,282 posts
  • Google+:Hangouts - livinginkaos@gmail.com
  • LocationOregon
  • Current Device(s):Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7

Posted 13 August 2014 - 04:36 PM

That news on LG is not news. They've said exactly the same thing two years ago.

sent from my G3


b2wvCBn.png

Sig by livinginkaos
Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7


#10 KaChow

KaChow

    If Only...

  • Superuser
  • 364 posts
  • LocationPhiladelphia
  • Current Device(s):S6 (sm-g920f), Moto XT1575(waiting)

Posted 14 August 2014 - 07:50 AM

That news on LG is not news. They've said exactly the same thing two years ago.

sent from my G3

I'm crossing my fingers hoping that this is not smoke. While in the past LG has only unlocked specific devices as part of their Developer Program or the devices that were simply factory unlocked, the G3 really does require a bit more than Root to accomplish Development on the device. Considering that it is the first device to market with a QuadHD display and there simply are no apps that are capable of performing at that high of a resolution or pixel count, what is the value of having a QHD display if there is nothing that can perform at that level. I mean sure just recently youtube was adjusted to play at 1440, but that doesn't always favor incredible images. Perhaps unlocking the bootloader the would give greater User access and control over the device, to improve performance that is needed in order to operate and function to design and create apps, themes, and high resolution graphics that require a greater demand internal control.


If you like this signature click on the Marvel logo this one is from Thor: The Dark World-> copy the html link to your signature in my settings-> Enjoy!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users