Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.
Computer scientists recently discussed several vulnerabilities that were discovered in Android bootloaders using...
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Step 2 of 2:
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
the BootStomp tool. How do Android bootloaders work, and what are the risks of the vulnerabilities?
Android bootloaders work similar to a BIOS on a PC, as they enable the phone to look for a boot device and start up from it. Bootloaders also enable users to reset their device, unlock the bootloader and put the bootloader in fastboot mode to enable files to be sent from a computer -- typically to flash different official firmware or recoveries.
Vulnerabilities are typically caused when the device's bootloader is unlocked, as an unlocked bootloader enables the user to make many different changes to the device that the OEM would not typically allow. This can include flashing custom ROMs, sideloading programs, flashing recoveries and modifying system elements.
Most OEMs won't honor devices with problems if their bootloaders are unlocked, since a locked bootloader usually provides better protection against vulnerabilities. These vulnerabilities can prevent the device from booting up, programs from operating properly, and it can also alter the device's actions.
However, the standard user wouldn't have an unlocked bootloader, and even fewer people have root access, which some of these vulnerabilities require. These exploits would somehow need to gain root access to the Android device to make changes, and they could be devastating if that access is obtained.
An unlocked bootloader enables the user to make many different changes to the device that the OEM would not typically allow.
There could be some cases of consumers buying used devices that come with an unlocked bootloader or that have been rooted, but those instances are rare. These exploits could possibly unlock the bootloader themselves, but this action would most likely require a reboot to do so.
The best way to stay safe from these vulnerabilities is to only install apps that you trust and to make sure that you know what apps you're giving administrative access to on an Android.
Ask the expert: Want to ask Kevin Beaver a question about security? Submit your question nowvia email. (All questions are anonymous.)
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can...continue reading
Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across...continue reading
An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Start the conversation
0 comments