Published in Mobiles

Foxconn installs Pork Explosion backdoor into Android gear

by on14 October 2016


Porca misera

Android devices containing Foxconn firmware might have a backdoor thanks to a debugging feature left inside the OS bootloader.

According to Softpedia the feature acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone.

Jon Sawyer, a US security expert, discovered at the end of August that this firmware included support for booting up Android devices without having to go through the proper authentication procedure.

The researcher says that someone with physical access to the device, could connect it via USB to a computer, and use specific software to interact with the device during its boot-up procedure.

Sawyer that this is not something which should be seen in modern devices, and it is a sign of great neglect on Foxconn’s part.

When entering this factory test mode, Sawyer says the user is "root," with total control over the phone, and that SELinux, a major Android security component, is completely disabled.

He has dubbed the backdoor Pork Explosion http://bbqand0days.com/Pork-Explosion-Unleashed/ , for no particular reason. He said that it affects a large number of devices.

Last modified on 14 October 2016
Rate this item
(6 votes)

Read more about: