A Security Expert Stated That Android Devices That Have Foxconn Firmware May Hold a Secret Backdoor.
Foxconn Firmware may Expose Android Devices
The security specialist Jon Sawyer discovered at the end of August that Foxconn firmware on certain Android devices allows malicious users to access them via a built-in vulnerability. The code contains a “test” feature that boots the device without going through the proper authentication procedure.
A criminal with physical access to the vulnerable device can connect it to a computer and interact with it during booting. The expert has crafted his own client and was able to run various commands to enter into the mode.
The backdoor can be accessed via Fastboot, the protocol used when booting up the device. Sawyer said that when this mode is engaged he has superuser privileges (the “root” account) and it disables SELinux, the standard security implementation.
In practice this allows attackers to gain privileged access to the targets even when password protection and encryption is enabled.
The backdoor has been named Pork Explosion by the researcher and it affects an unknown number of devices.
You can check if your device is vulnerable if you have the “ftmboot” and “ftmdata” partitions. They are a sign that the device is affected by Pork Explosion. One of the manufacturers has already amended the issue by zeroing out these two partitions.
For more information you can check out the detailed blog post.