back to article Boffins hijack bootloaders for fun and games on Android

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they …

  1. Anonymous South African Coward Silver badge
    Trollface

    cue iThing fanboys cheering...

  2. Anonymous Coward
    Anonymous Coward

    Am I missing something

    If you've got root privileges isn't the game over anyway?

    1. Chewi

      Re: Am I missing something

      In the case of malware, yes, but if you're trying to install a newer version of Android, no. You usually can't replace the kernel without unlocking the bootloader so while you may be able to get root and even load a custom ROM, you'll be effectively stuck on the same version of Android.

  3. Duncan Macdonald

    Is this a problem ?

    If I read this correctly, the attacker needs physical access to the target device to exploit any of these vulnerabilities. If that is true then this is only a problem for a person that gets a pre-infected phone (eg a NSA target) or a person that lets a malicious person (say in a phone repair shop) have control of his/her phone.

    1. phuzz Silver badge

      Re: Is this a problem ?

      What about a malicious charger? (ie something which purports to just provide power, but is actually doing naughty things via USB)

      1. John H Woods

        Re: Is this a problem ?

        Always use a USB condom

  4. Nimby
    Coat

    And?

    We design phones around the same concepts as we do computers, then act surprised when they exhibit similar vulnerabilities?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022