September 7, 2017
By Shane Schick 2 min read

Researchers at the University of California have discovered half a dozen mobile vulnerabilities in firmware used by several leading chipset manufacturers that could allow an attacker to execute arbitrary code and even permanently brick an Android smartphone.

Mobile Vulnerabilities Found in Boot-Up Sequences

In a scholarly paper titled “BootStomp: On the Security of Bootloaders in Mobile Devices,” the USENIX computer scientists said the flaws are associated with the phones’ bootloaders, which validate each stage of the boot-up sequence known as a chain of trust (CoT). Cybercriminals who take advantage of them could gain access to code and perform a range of malicious activities, according to the report. Qualcomm, NVIDIA, MediaTek and Huawei all use chipsets that contain the six flaws.

On the plus side, would-be attackers would need to already have root access on an Android phone to make use of the mobile vulnerabilities, Threatpost reported. However, if anyone obtained such privileges, the bootloader issues mean they could break into areas of a device previously deemed impregnable. This includes TrustZone, the area that helps encrypt data on a smartphone and is separated from the CPU and OS.

Bootloaders as a Valid Threat

Depending on how bootloaders are designed within the chipset, some of the mobile vulnerabilities could pose a greater or lesser risk. For instance, Huawei’s implementation could make it almost impossible to know when an attacker has broken the CoT, according to ZDNet.

Normally, bootloaders don’t get a lot of attention in security circles due to the lack of available metadata and the closed-source nature of their design, Bleeping Computer pointed out. But in this case, the researchers created their own application, dubbed “BootStomp,” that analyzed the code in order to discover the mobile vulnerabilities.

However, Naked Security said there probably isn’t any reason to panic over the mobile vulnerabilities. For one thing, the chipset vendors in question have already been notified, and patches are already available.

Of course, malware authors could study these exploits to create more powerful and sophisticated attacks, but that would take time and resources beyond the average threat actor. For the most part, the research just offers further proof that even the areas that sometimes seem off-limits to attackers can have unexpected holes.

Shane Schick

Shane Schick tells stories that help people create value with information technology. He is an editor-at-large with IT World Canada, the editor of Allstr...

More from

Risk Management   March 24, 2023

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Threat Research   March 23, 2023

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Data Protection   March 23, 2023

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Data Protection   March 23, 2023

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature