back to article 'Pork Explosion' flaw splatters Foxconn's Android phones

Security researcher Jon Sawyer says a limited backdoor has been found in some Foxconn-manufactured Android phones, allowing attackers to root phones they have in hand. The backdoor is the result if a debugging function left over in Foxconn apps bootloader code which can be exploited by attackers wielding appropriate software …

  1. a_yank_lurker Silver badge

    Physical Access

    Any flaw that requires physical access to exploit is important to fix but for most situations a yawner. This will only become critical when the phone is lost, stolen, or in the hands of the your local Stasi.

    1. Anonymous Coward
      Alien

      Re: Physical Access

      Quite. Rather depends how you look at it too. Is accidentally not being locked-out of controlling "your" phone really "a bug"? Or is it a feature???

      In lieu of the CM logo ---->

      1. RAMChYLD
        Thumb Up

        Re: Physical Access

        Indeed. It's a service to have that feature in there. A lot of people want to root their phone for various reasons (most common one I've heard is to get rid of all the shovelware in there). Granted, I've been lucky with Android devices so far in that none of them don't have the duff in there, but several people I know bought cheap Android phones (as well as not so cheap ones- I'm looking at you, Samsung and Lenovo!) that are chock full of those, and the only way to remove them is to root the device and then remove the junk APKs from the system image.

        1. Planty Bronze badge

          Re: Physical Access

          Not the only way. You can disable most cruft

    2. Anonymous Coward
      Anonymous Coward

      Re: Physical Access

      I agree. Concentrate on making the encryption secure, then you won't have to worry about the phone being rooted. There will always be another security hole as soon as you close one up, so you have to make it so breaking the security gains you nothing.

      1. Christian Berger

        Re: Physical Access

        "Concentrate on making the encryption secure"

        Actually secure encryption on a mobile device is mostly an illusion. Encryption always requires you to have a secret which is ungessable. However entering a secret is virtually impossible on a touchscreen. Even if you could use a strong passphrase, since your device will be always on, you can often just fish the secret out of RAM.

        Storing a secret un a security chip doesn't solve the problem, as there are multiple attacks against chips theese days. Pay-TV companies use the most secure chipcards you can have on a budget, and yet they have in the past regularly broken their competitor systems.

        So actually your chances of security are best if you root your device and install some propper Linux OS. Once you have iptables you can enforce actual security by only allowing your device to talk to your server. (big security benefit!) Then use ssh with public key authentication and make the server erase you key regularly so you are forced to rekey.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical Access

          Linux? Please, I've been running Linux on my desktop since the turn of the century but I'm not dumb enough to believe that Linux adds some magic invulnerability to security issues. IPtables and SSH do fuck all to help you against an attacker with physical access.

          A security chip may not be 100% unbreakable, but if used properly the phone is WAY more secure than it would be if you rooted it and installed Linux. I don't know what pay TV companies you're talking about, but in the US Directv's system hasn't been broken since they were hacked in the early 2000s and revamped their security. And given they have stuff like the NFL Sunday Ticket exclusive, I'm sure many have tried to hack it.

          1. Christian Berger

            Re: Physical Access

            " if used properly the phone is WAY more secure than it would be if you rooted it and installed Linux."

            I'm sorry, but unless you root your phone you cannot even prevent your vendor from installing new malware via the update feature, or your browser from exposing its security bugs to the web.

            1. MR J

              Re: Physical Access

              Cant say I have ever had a vendor install "Malware" before.

              But those of you who ROOT the phone so you can install 3rd party stores and get "free" apps... I am sure your much safer.

    3. Planty Bronze badge
      FAIL

      Re: Physical Access

      Quite, the clickbait headline also implies it's an Android issue, rather than a bootloader issue that affects a very small number of models.

      The Register are getting laughably desperate these days

  2. Anonymous Coward
    Headmaster

    We were just gonna fix it, honest!

    "Sawyer badges the vulnerability a result of "great neglect" by Foxconn."

    There is an ancient proverb: With great neglect comes great responsibility.

  3. Mage Silver badge

    Plus and Minus

    Minus: If someone takes your phone then it's bad, but traditionally most laptops & PCs if seized, will give up your data.

    Plus: There ought to me a mechanism to load an alternate or newer or older OS, even if it wipes all data.

  4. TeeCee Gold badge
    Black Helicopters

    <tinfoil hat>

    Hmm. Foxconn. Don't they also make Apple phones? You know, those things that turned out to be rather easier than expected to crack open once the authorities ran out of legal options to force Apple to do it?

    </tinfoil hat>

    1. Anonymous Coward
      Anonymous Coward

      They assemble exactly as Apple tells them, using parts that Apple provides or specifies. So if there is anyone to blame for whatever method the FBI used to access that outdated (pre Secure Enclave) iPhone 5c the terrorist was using, it is Apple not Foxconn.

  5. Gene Cash Silver badge

    ADP?

    You probably mean "adb" which is the Android debugging utility which runs on PCs.

    Yes, I've noticed several phones that let you ask for a root shell from adb, and production phones aren't supposed to do that. It's even documented:

    "adb root - restarts the adbd daemon with root permissions"

    You're SUPPOSED to get "adbd cannot run as root in production builds" however.

  6. breakfast

    Reminded of a monologue

    "As we talked of salty meat and Turkish Bob, I began to sweat and dribble, the shop became a giddy plughole of plastic, price cards and a father and child asking if I had finished with the lap top, I opened my mouth to answer but words don’t really form in a boiling geyser of pork..."

    I suspect I'm not alone in being reminded of this.

  7. Crazy Operations Guy

    Bad coding practices

    If they aren't able to reliably remove debugging, how abysmal is the rest of the code?

    Every proper bit of source code I've seen has all the debugging functions in an #ifdef block right at the top that contains all debug definitions. The Linux Kernel does it, MySQL does it, KDE does it, even Windows does it, so if software of that scale can do it, why the hell isn't FoxConn doing it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021