No matter how much you try to secure a normal smartphone, it will still remain a normal smartphone. This was proved yet again by security researcher Jon Sawyer, who's discovered a backdoor in Android firmware provided by manufacturer Foxconn. The vulnerability allows attackers to root devices to which they have physical access. In other words, to take full control over the device.
The newly found backdoor in Android is dubbed Pork Explosion, and it's very dangerous
The backdoor, dubbed Pork Explosion in tune with Jon Sawyer's love for barbecue, allows attackers that have physical access to an affected device to gain a root shell. This way, attackers can completely compromise an affected device over a USB connection. The hack provides full access to the device’s data and also offers a way to unlock the bootloader without modifying user data.
The bootloader kicks off before any other piece of software on a smartphone. Every Android phone has one. It tells the OS kernel to launch normally, checks a few things and confirms the software you are trying to start is genuine.
According to the researcher, Pork Explosion is caused by a rogue fastboot command. It bypasses every authentication and security measure present and reboots the phone into a factory test mode.
“In short, this is a full compromise over USB, which requires no logon access to the device. This vulnerability completely bypasses authentication and authorization controls on the device. It is a prime target for forensic data extraction. While it is obviously a debugging feature, it is a backdoor, it isn’t something we should see in modern devices, and it is a sign of great neglect on Foxconn’s part,” Sawyer said on his blog.
You're safe with Secure Phone
The newly discovered backdoor in Android appears only on devices that use Foxconn’s own firmware. The researcher stated that vendors InFocus and Nextbit are definitely affected, as well as "many more”.
Our Secure Phone product line is not affected by the vulnerability, although it also uses Android as an operating system. Here are the whys and hows.
We base Secure Phone on existing, thoroughly tested and carefully selected Android smartphones. Currently, these are HTC M8 and LG Nexus 5. Why did we choose exactly those two? Two words: customizable and reliable.
Secure Phone's bootloader hides a trap
HTC M8 and LG Nexus 5 both have the Snapdragon 801 chipset, which allowed us to securely lock the bootloader. This way we made sure that no unneeded software can be installed on boot level. Also, we examined their firmware, which also met our security requirements.
We know that unlocking the bootloader isn’t usually recommendable, but we're experts and this is what we needed to push our custom, Android-based operating system, Secure OS.
So in order to ensure our users' full protection, we had to open the bootloader of HTC M8 and LG Nexus 5 in order to install our Secure OS and then locked it back again.
However, when we turned the key, we tweaked it so that the next person who tries to open it wipes the device.
So there you have it. In order to exploit the Pork Explosion backdoor in Android, you must first access the phone's bootloader through USB, but don't forget that you can disable your Secure Phone's USB through the Secure Phone Administration System (SAS), adding yet another layer of security. Even if you choose to keep the port enabled you are still safe because of the protection we added. Anyone who somehow manages to unlock the bootloader on Secure Phone will instantly wipe the device.